Cryptojacking Hits Over 4,000 Websites Including Government Pages

Discussion in '[H]ard|OCP Front Page News' started by rgMekanic, Feb 12, 2018.

  1. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    4,823
    Joined:
    May 13, 2013
    Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was comprimised, and one of their hosted script files changed, spreading the malware to all websites using it.

    The crypto-jacking stuff is getting a little too common for my liking. Perhaps now that government websites have been attacked we will see some regulation. I won't hold my breath though.

    This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.
     
  2. Cyraxx

    Cyraxx [H]ardness Supreme

    Messages:
    4,373
    Joined:
    Feb 21, 2005
    Government is reactive, not proactive - Everyone knows this.

    Perfect example is TSA security.
     
  3. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    4,823
    Joined:
    May 13, 2013
    Agreed completely, here's to hoping they react ;)
     
  4. griff30

    griff30 I Lower the Boom!

    Messages:
    8,540
    Joined:
    Jul 15, 2000
    And all I keep hearing is how this is the secure Fiat of the future..
    ;)
     
  5. triwolf

    triwolf Limp Gawd

    Messages:
    480
    Joined:
    Dec 19, 2015
    A good analogy would be as far back as you can imagine thieves have been doing evil along the roadways, digital or real. I hope it can be at least minimized soon, it's not bothered me yet, I would not want it mining on my dime!
     
    griff30 likes this.