Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected. He said the affected code had now been disabled and visitors were no longer at risk.
The ICO said We are aware of the problem and we are working to solve it. Helme said that he was alerted by a friend that he had received a malware warning when he visited the ICO website. He traced the problem to a website plug-in called Browsealoud, which is used to help blind and partially sighted people access the web. Texthelp the company that makes the plugin confirmed four hours by malicious code designed to generate cryptocurrencies.
The cryptocurrency involved was Monero, a rival to Bitcoin that is designed to make transactions on it “untraceable” down to the senders and recipients involved. The plugin had been rigged to add a program Coinhive that “undermines” Monero by running processor-intensive calculations on visitors’ computers. Mining, the process in which new digital currencies are created by solving complex mathematical
Once the plugin got infected, it affected thousands of other websites besides ICOs, who were using it. The rise in value of Bitcoin and other cryptocurrencies has not escaped the attention of hackers looking to make a quick buck. problems, uses ever-increasing amounts of computer processing power and that means huge electricity bills. So much the better if you can get other people’s computers to do the work.
It appears that the Information Commissioner’s site along with others run by the government were infected by a crypto mining code injected into some accessibility software that everyone uses. Hackers do this by embedding software on websites, which means that unbeknownst to them, visitors’ computers go to work mining cryptocurrencies. This type of attack is becoming increasingly common.
while it doesn’t appear to cause data loss or damage to systems, it does mean that computers can run much slower. Helme said: “It’s a very lucrative proposition. They infect one website and infect about 5,000. This was a very serious breach. They could have extracted personal data, stolen information or installed malware. It was only limited by the imagination of the hackers.
In addition to the ICO website, the hacked script was found to be running on the Student Loans Company site, Barnsley Hospital and other websites in the UK and around the world. Martin McKay Technical Director at TextHelp said In light of other recent cyberattacks around the world we have been preparing for such an incident for the past year and our data security action plan was put in place immediately.