It has been reported that the Make-A-Wish foundation’s international website has been loaded with cryptomining malware scripts. Researchers with Trustwave say the WorldWish.org site was compromised via a Drupal exploit and seeded with malicious JavaScript that enlisted the CPU cycles of visitor’s machines to covertly generate cryptocurrency.
Gavin Millard, VP of intelligence at Tenable:
“This appears to be an opportunistic hack rather than targeted at the Make-A-Wish foundation itself. In all probability, the threat actors were using an automated script to hunt for vulnerable servers, automatically install the malware and didn’t care or even notice what or who they’d compromised. This is criminal activity and the harsh reality is that scripts don’t care about morals, location, vocation, or even the organisation running the site. They just look to exploit poor cyber hygiene to monetise no matter the impact.
“When it comes to charitable organisations who want to spend all the money realising their mission, it’s hard to justify budget on employing a significant IT Security team. In these situations, outsourcing the responsibility of keeping external assets secure and up to date is not only economical but also logical.
“Unfortunately with content management systems [CMS], like Drupal and WordPress, flaws are frequently discovered in third-party plugins that help them function. The lesson is that it’s far better to use a hosted and managed CMS, than spin up a server yourself.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.