Last weekend it was reported that several thousand websites around the world including UK’s National Health Service, the Student Load Company and Information Commissioner’s Office and US government court system got infected with a malware Coinhive that used the computing power of the website visitors and mined cryptocurrency. It is also reported that the malware was injected sometime between 03:00 and 11:45 UTC
The cryptocurrency that was being mined turned out to be open source cryptocurrency Monero. The source of the indection was traced back a special plugin BrowseAloud. It aids blind and partially-sighted people in web browsing. This attack is the biggest one to date, according to Scott Helme, an IT consultant at National Cyber Security Centre. Mr. Helme suggested webmasters to try a special technique that catches and blocks attacker from implementing a malicious code.
Such atttack was made possible because nowadays any website loads in resources designed by third party companies. Thus, should any of these resources get compromised, all websites that rely on the resource will end up infected as well. Hackers simply have to break one provider to infect countless other webpages.
A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States
IT security consultant