UK Government Websites Hit By Cryptocurrency Mining Malware


Most recently, more than 4,200 websites secretly hijacked browsers to mine the cryptocurrency Monero due to a compromised accessibility plugin.

Helme was made aware of the hack by fellow security specialist Ian Thornton-Trump, who discovered that the ICO's website was hosting the malware.

Thousands of websites around the world, including many operated by governments, have been affected by the breach, security researchers have said.

The good news is the attack took place on Sunday morning and Texthelp has been quick to recognise the issue and take its service temporarily offline to fix it. "Someone just messaged me to say their local government website in Australia is using the software as well". The malware was inserted through websites codes to BrowseAloud, which is a plugin that helps the blind and partially-sighted people to use the internet. Cryptojacking involves a computer being taken over to mine cryptocurrency, such as Bitcoin, which in turn dramatically slows the affected computer and earns far-flung hackers pennies per minute.

The United Kingdom's Information Commissioner's Officer (ICO) - a crown appointed commission for handling data privacy - and Student Loans Company were the main victims of the attack in Europe.

Cryptocurrency mining software is not illegal and some websites have begun tinkering with plugins that borrow visitor CPU power to mine virtual currency, potentially as an alternative for advertising.

Helme said that the scripts appeared to have been placed using a third-party compromise and pointed to the script that had been used to effect the compromise.

More news: Democrats see partisanship in GOP Pennsylvania district map

Hackers often seek to infect others' computers with cryptominers because the mining process requires vast amounts of computational power, which often dramatically slows the device.

At the time of publication on Monday, the Queensland legislation website had taken the further step of removing the Browsealoud script entirely, but it remained on the sites of the Victorian parliament, QCAT and the Queensland ombudsman. According to Helme's blog post, a third party managed to modify BrowseAloud and stuff CoinHive mining software.

He added that the attack did not target personal data: 'Texthelp can report that no customer data has been accessed or lost.

The National Cyber Security Centre said that they were investigating the incident.

It said that there are no indications at this stage that members of the public are at risk.

Unfortunately, security teams lack visibility into all of the ways that they can be attacked externally, and struggle to understand what belongs to their organisation, how it's connected to the rest of their asset inventory, and what potential vulnerabilities are exposed to compromise.