Cybercriminals Attack Make-a-Wish Website to Mine Monero
The recent victim to a cryptojacking attack is U.S.-based non-profit organization Make-A-Wish Foundation’s website. Since March 2018, the hacker has been taking advantage of the Drupal vulnerability to mine Monero cryptocurrency, as per research findings from an independent research lab.
Exploiting Drupal Vulnerability
On November 19, A crypto research firm Trustwave SpiderLabs findings suggest that cybercriminals infused a crypto mining software called CoinIMP, into the codes of Make-A-Wish website. CoinIMP miner is based on JavaScript and is commonly used by attackers who secretly embed the code into web pages and use it to mine Monero deploying the site visitors computer strengths.
The research firm points out that bad actors had an easy entry into the website as it was using an older version of the Drupal content management system.
Trustwave’s security researcher Simon Kenin stated:
“A quick investigation showed that the domain ‘drupalupdates.tk’ that was used to host the mining script are part of a known campaign which has been exploiting Drupalgeddon 2 in the wild since May 2018.”
Trustwave findings also highlight that similar kind of cryptojacking activities have been rampant since May 2018 and is part of the known campaign that has been exploiting Drupalgeddon 2. It also states that although the campaign has been updated several times since May 2018 several website owners have not been agile enough to update their Drupal CMS version on a timely basis.
The exploitation of this vulnerability gave hackers the ability to access and modify the pages of the website and plant its crypto miner in it. Further investigations revealed how smartly attackers used multiple techniques to avoid any kind of static detection which included changing of the domain name hosting the JavaScript Web Miner.
Kenin stated in a report “Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their “wish” to be rich, come “true”. It’s a shame when criminals target anyone but targeting a charity just before the holiday season? That’s low.”
Cryptojacking Has Been on the Rise in 2018
Although cryptojacking is relatively new as far as threats are concerned, a recent report released by the Cyber Threat Alliance (CTA) put forward facts and figures that indicated a meteoric rise of 459% in the rate of illegal cryptojacking activity in 2018.
A similar figure was also made public in a report released by cybersecurity company McAfee Labs in September 2018. The report stated that in Q1 2018, cryptojacking activities saw an increase of 629%, translating to over 2.9 million attacks. It also affirmed that the trend continued in Q2 2018.
While hacking has been going on for years, cryptojacking is slowly finding its root. People definitely need to be more vigilant with their systems and processes.