Cryptomining attack hit Australian government websites

Cryptomining attack hit Australian government websites

Matt Blowes February 12, 2018 Security

A new cryptomining attack has struck Federal and state government websites in Australia, along with thousands of other government websites being hit overseas.

The attack struck over 4000 government websites by exploiting a commonly used website plugin named Browsealoud, reported by iTnews

The affected websites share a service called Browsealoud, a third party plugin that helps those with impaired hearing to access websites. The service is popular among government websites. The attackers inserted the cryptomining code into the Browsealoud service, allowing the attack to be so widespread. 

Martin McKay, the chief technical officer of Texthelp, the company who run Browsealoud, said no data was accessed or lost.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday."

He also said the Browsealoud service will be disabled for several days as they investigate the attack. 

Cryptomining trend is rising

Cryptomining attacks are a relatively new threat. They are an appealing option for cyber criminals, as they can quickly raise money with little to no reliance on end-users. Malwarebytes recently pointed to cryptomining as one attack method to watch out for in 2018. 

As we've discussed before, a cryptomining attack is:

"where a website, or ad on a website, uses your computer power to mine a cryptocurrency. It does this in the background, without warning you. A tell-tale sign of a website using you for cryptomining is if you computer suddenly slows down, goes hot and/or the fans inside your computer become loud."

Despite the fluctuations in the cryptocurrency prices, it's believed the cryptomining attacks will continue to increase throughout the year. 

Click to book a ransomware readiness assessment