Fabian Libeau, vice president of security firm RiskIQ, says: The spate of compromises is seen as an important reminder about security. This compromise has only impacted Browsealoud, no other Texthelp products have been affected. This is to allow time for Texthelp customers to learn about the issue and the company’s response plan. The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12:00 GMT. The exploit was active for a period of four hours on Sunday. The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency. Texthelp can report that no customer data has been accessed or lost. In a statement on its website, Texthelp says: This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action." Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline. A full investigation is currently underway, and Martin McKay, CTO and Data Security Officer at the company said: "In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away. TextHelp withdrew the plugin as a security measure, and a number of the affected websites were also taken offline. Someone just messaged me to say their local government website in Australia is using the software as well. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. This type of attack isn't new - but this is the biggest I've seen. Speaking about the scale of the attack to Sky News, Helme said: It seems like the script file was modified between Sun, 02:58:04 GMT and Sun, 13:21:56 GMT according to the As Helme notes, it seems that the script was hacked at some point on Sunday: The code for Browsealoud was found to have been hijacked to inject the Coinhive miner into a raft of websites, making a profit by using other people's computers to mine for cryptocurrency. The alteration introduced a crypto mining script that was then subsequently included on over 4,000 websites that I know of, many of which were Government websites. We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. I just had point out that has a cryptominer installed on their site. And this is precisely what happened this weekend. He notes that rather than attacking a large number of individual sites, a far more efficient way to target a lot of sites at the same time was to hijack a site that others all pull content from. This particular wave of incidents was reported over the weekend by security researcher Scott Helme. This is far from being the first time major sites have been used to covertly mine for cryptocurrency using visitors' CPU time. TVAddons: Streaming through Kodi addons protects you from malware and cryptocurrency miners.BlackBerry Mobile site hacked to run Monero cryptocurrency miner.Hackers hijack YouTube ads with Coinhive to mine Monero cryptocurrency.What all of the sites had in common was the fact that they included the text-to-speech accessibility script Browsealoud from Texthelp. In the UK, websites for the NHS and Information Commissioner's Office were affected in the US, the United States Courts' site was hit in Australia, government sites including that of the Victorian parliament were hit by the cryptojacking code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |