World Governments Victims of Global Cryptocurrency Mining Wave

This week we discussed illicit cryptocurrency mining, often called cryptomining or cryptojacking, with Bryan York of CrowdStrike. The interview has proved distressingly relevant over the past few days, as governments around the world discovered their websites had fallen victim to a cryptocurrency mining epidemic.

Occurring mostly on February 11, 4,200 websites were infected with a malicious version of Browsealoud—a plug-in meant to assist people with visual impairments listen to the text on the screen—to mine digital currency. Among the websites infected were the Irish Health Service Executive (HSE), the Irish Department of Agriculture, the Australian Victorian Parliament, the Scottish NHS helpline, the U.K. Student Loans Company, the U.S. court system, and the Queensland Government’s legislation website.

Security researcher Scott Helme discovered the wave of cryptocurrency mining after being alerted to the problem by a friend who had visited an infected site. In a statement to Newsweek he said “[the hackers] could have extracted personal data, stolen information or installed malware. It was only limited by the hackers’ imaginations.” In a separate blog post, he added that cybercriminals could use the malicious program to infect the thousands of visitors to government websites and steal their processing power as well: “if you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from.”

As we discussed with Bryan York, the focus of this cryptomining wave was for Monero—a much more anonymous counterpart to Bitcoin, which will make detecting the threat actors that much harder. The cryptocurrency mining wave has stunned many security experts and should serve as a wake-up call to enterprises around the world; this attack not only infected individual servers but spread to consumers’ systems who had visited the websites. Protecting against a hack is not just about keeping you safe, but your customers as well. Without taking the necessary steps, you risk losing their trust…and a subsequent loss in your bottom line.    

The identities of the hackers have not been determined.