Hidden Crypto-Mining Malware Discovered on Over 4000 Websites
Security Breach on UK and US Government Websites
Over the weekend, security researcher Scott Helme uncovered a major security breach on over 4000 websites, including several belonging to UK and US government agencies. The breach involved hidden crypto-mining malware that was installed through a compromised JavaScript file.
Initial Investigation
Helme first began his investigation after receiving a tip-off that AV filters were flagging the website of the Information Commissioner’s Office (ICO). Upon closer inspection, he discovered that the malicious script was not hosted by the ICO itself, but rather included by a third-party library they loaded.
It was later revealed that the compromised JavaScript file belonged to Texthelp, an assistive technology provider, specifically their Browsealoud product. Attackers had added malicious code to the script, effectively installing the CoinHive miner on the affected websites.
Impact on Government Websites
Some of the websites affected by the CoinHive malware included United States Courts, the General Medical Council, the UK’s Student Loans Company, and NHS Inform, among others. The incident raised concerns about the security of government websites and the potential risks posed by such attacks.
Mitigating the Attack
Helme suggested a simple solution to mitigate similar attacks in the future. By adding the SRI Integrity Attribute to the Browsealoud script, browsers can determine if the file has been modified and reject it if necessary. This small code change can prevent unauthorized scripts from being loaded onto the page.
For added protection, Helme recommended using Content Security Policy and the require-sri-for directive to ensure that all scripts on the page have an SRI integrity attribute. This extra layer of security can help prevent crypto-mining malware attacks from occurring.
Response and Prevention
Fortunately, the attack was detected on Sunday morning, and Texthelp promptly took their service offline to address the issue. By taking quick action, they were able to prevent further damage and protect their clients from potential security threats.
Crypto-mining malware is becoming increasingly popular among cyber-criminals as a way to generate revenue. With a rise in such attacks, it is essential for website owners to implement strong security measures to safeguard against unauthorized access and malicious activities.
As the threat of crypto-mining malware continues to grow, organizations must remain vigilant and proactive in their efforts to protect their websites and data from potential breaches.