Cyber Security Alert: Beware of Mining Scripts
Wed, 02 May 2018 15:51
The surge in value of cryptocurrencies has increased demand for computing power – and pushed hackers to get evermore creative in how they obtain that power. While the value of bitcoin has recently plummeted after scaling dizzy heights at the start of the year, it is still seen as an exciting investment opportunity by many.
Rather than go to the trouble – and considerable expense – of building a computer powerful enough to mine cryptocurrencies, some criminals are infecting websites with malicious code, which can then take over visitor's computers. This means that hackers can deploy these scripts and wait for the crypto-miner to return some valuable coins.
In the race to steal your computer's processor, competing hackers are now including code that deactivates any other crypto-miners that might be running on an infected machine, leaving the CPU free to handle their own dirty work.
Getting crypto-miners onto computers
In one example uncovered by security researcher Scott Helme, hackers exploited a weakness in a website application called BrowseAloud, which turns website text into audio. BrowseAloud is a popular accessibility tool used on 4,000 websites, including high-profile domains like the US court system and the UK's Information Commissioner's Office.
BrowseAloud maker TextHelp detected the unauthorised edit of their code and remedied the issue – but in the four hours that passed before it was patched, many computers may have been affected. Had they not installed a threat detection system, the impact could have been far more profound.
Cryptocurrency miners in ads
The BrowseAloud exploit is not an isolated case. YouTube ads have also been found running malicious miners, taking advantage of Google's DoubleClick ad platform. YouTube ads are the ideal target for crypto-miners because users typically spend an extended amount of time on the site. Users may not have noticed that, while they were enjoying a video or two, a hidden script was stealing their electricity and CPU.
Cyber Security Training from DeltaNet
Do your employees know the basics when it comes to Cyber Security? eLearning solutions from DeltaNet International can help. We offer off-the-shelf cyber security awareness training covering topics such as Keeping Information Secure, Phishing Awareness, Protecting your Identity, and Preventing a Data Breach.
Contact our team to find out more about Cyber Security eLearning at DeltaNet.