In light of the discovery of “cryptojacking” malware affecting thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system, Nick Bilogorskiy commented below.
Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:
The newest of these crypto coin monetization methods is mining bitcoin surreptitiously.
The CoinHive library allows hijacking websites to mine Monero right in the victims’ browsers, tapping the processing power of their computers. Another example is the Loapi Trojan that runs on Android phones and mines Monero to the point that it melts the phone’s battery.
Coinhive launched in September 2017 as an alternative to classic website advertising and is rapidly becoming a favorite tool in the cybercriminal arsenal.
The technique of hijacking users’ browsers for cryptocurrency mining is also known as “cryptojacking.” There a several extensions and ad blockers that prevent Coinhive from running – AdBlock Plus, AdGuard, NoCoin and MinerBlock, to name a few.
This weekend government websites in the US, UK and Australia were used for cryptojacking. As is often the case with breaches, attackers used a “third party” method, injecting CoinHive into Browsealoud, a third-party plugin for visually impaired visitors that reads aloud the text on these government web pages.
Third party systems are often the weakest link in the chain, the area of the highest breach risk. Still most websites do not have a process of assessing security third-party plugins before they embed them, so we can expect such security incidents to continue.”