Government websites hit by cryptocurrency mining hijack

Early this week, another security researcher has discovered that more than 4,200 websites belonging to the governments of the United States, United Kingdom, Australia and beyond have been infected with malware. The malware can be found on the US court info system, the UK’s National Health Service and Australian legislatures and others. The JavaScript code was injected by modifying an accessibility plugin, Texthelp’s Browsealoud, to inject the cryptocurrency miner wherever the plugin Browsealoud was in use by visually disabled users.

So how do you protect yourself from being infected? Webmasters can use a technique called SRI, or subresource integrity to prevent hijacked Javascript code from affecting their website. SRI uses an approach similar to fingerprinting to stop compromised JavaScript from being used on web pages. If someone with malicious intent changes a third-party provider’s source code, the alteration is detected and blocked by the individual websites using this fingerprinting technique. To learn more about SRI and how to enable it on your website, check out the whitepaper here.

By | 2018-02-12T12:35:01+00:00 February 12th, 2018|Business, Security, Technology|Comments Off on Government websites hit by cryptocurrency mining hijack