World Governments Victims of Global Cryptocurrency Mining Wave

cryptocurrency mining

This week we discussed illicit cryptocurrency mining, often called cryptomining or cryptojacking, with Bryan York of CrowdStrike. The interview has proved distressingly relevant over the past few days, as governments around the world discovered their websites had fallen victim to a cryptocurrency mining epidemic.

Occurring mostly on February 11, 4,200 websites were infected with a malicious version of Browsealoud—a plug-in meant to assist people with visual impairments listen to the text on the screen—to mine digital currency. Among the websites infected were the Irish Health Service Executive (HSE), the Irish Department of Agriculture, the Australian Victorian Parliament, the Scottish NHS helpline, the U.K. Student Loans Company, the U.S. court system, and the Queensland Government’s legislation website.

Security researcher Scott Helme discovered the wave of cryptocurrency mining after being alerted to the problem by a friend who had visited an infected site. In a statement to Newsweek he said “[the hackers] could have extracted personal data, stolen information or installed malware. It was only limited by the hackers’ imaginations.” In a separate blog post, he added that cybercriminals could use the malicious program to infect the thousands of visitors to government websites and steal their processing power as well: “if you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from.”

As we discussed with Bryan York, the focus of this cryptomining wave was for Monero—a much more anonymous counterpart to Bitcoin, which will make detecting the threat actors that much harder. The cryptocurrency mining wave has stunned many security experts and should serve as a wake-up call to enterprises around the world; this attack not only infected individual servers but spread to consumers’ systems who had visited the websites. Protecting against a hack is not just about keeping you safe, but your customers as well. Without taking the necessary steps, you risk losing their trust…and a subsequent loss in your bottom line.    

The identities of the hackers have not been determined.   

Ben Canner
Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *