Cybersecurity Firm Trustwave has discovered a cryptojacking malware on Make-A-Wish foundation website. The Make-A-Wish Foundation is a non-profit group established in the United States that provides activities called “wishes” to children diagnosed with severe illnesses.
Simon Kenin said that
It was indeed the case that the website of the Make-A-Wish organization had been compromised. Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their “wish” to be rich, come “true”. It’s a shame when criminals target anyone but targeting a charity just before the holiday season? That’s low.
The report further elaborated that the domain drupalupdates.tk was utilized to inject the mining script. It is part of recognized operations which has been abusing Drupalgeddon 2 since May 2018. Many website owners never update their Drupal version which allows hackers to jeopardize their websites to mine cryptocurrency.
The report further stated that Trustwave tried to contact Make-A-Wish to report the cryptojacking attack, but the foundation did not answer. However, the wicked injected script was ultimately removed. Malware is the most commonly employed vector by attackers. Thousands of websites worldwide have fallen victim to a cryptojacking malware that demands their visitors’ computers to mine cryptocurrency without them recognizing when browsing the site.
Trustwave Holdings is an information security company that provides threat, vulnerability and compliance management services. It has also published a few mitigations such as:
- Adding a layer of protection against known miners
- Audit all the website changes and make sure they were authorized.
- Regularly patch websites and keep all the software up to date.
In a cryptojacking attack, cryptocurrency mining code is sent without approval on a framework or a system. Mining is the calculation process that is executed by taking a framework as a major aspect of a mining pool to make or find coins. Multiple cryptojacking assaults have been accounted for as of late, including a substantial attack against YouTube, and additionally, attacks against un-secured SSH and Oracle WebLogic servers, as hackers have intended to benefit from the rising estimation of cryptocurrency.
Just a few days ago, researchers from Fudan University, Tsinghua University and the University of California Riverside had published the first systematic study about cryptojacking in the real world called as “How You Get Shot in the Back”. This study had revealed growing sophistication in the malicious mining of Cryptocurrency. Cryptojacking is a type of cyber attack in which an attacker hijacks a target’s processing power to mine cryptocurrency on the attacker’s behalf.
In this study, researchers found 2,770 uncommon cryptojacking samples from 853,936 popular web pages, including 868 among top 100K in the Alexa list. By using these samples they gained a more clear picture of the attacks, including their impact, distribution mechanisms, obfuscation, and attempts to avoid detection. They further found that a different set of companies benefit from this activity because of the unique wallet ids. Not only this, to stay under the radar, they also update their attack domains.
Not only this, in the month of June 2018, cybersecurity company McAfee had disclosed that Coin miner malware grew by 629% to more than 2.9 million known samples in Q1 2018 from almost 400,000 samples in Q4 2017.