A November 19 post by cybersecurity firm Trustwave has indicated that hackers had infected global non-profit organization, make-a-wish foundation’s network, with dangerous malware. Trustwaves’s researchers have revealed that the crypto-jackers managed to virtually lodge a JavaScript (js) miner CoinImp, into the organization’s domain for the purposes of illegally mining Monero (XMR). Not only did the hackers use their illegal access to mine Monero, they also used the organization’s computing power to mine other coins. The Trustwave report also showed that the CoinImp script infected the website through the drupal-updates domain which is associated with another campaign that had exploited a serious Drupal vulnerability to attack certain websites earlier this year.
The Trustwave researchers unearthed the hackers’ tricky techniques to avoid detection in the latest attacks; which included using different domains and IPS in a web socket proxy as well as alterations to their domain names on the network. Trustwave reportedly reached out to the make a wish foundation immediately they took notice of the hacking activity, but the foundation did not respond. It is also reported that the hackers’ injected bug was removed shortly after Trustwave had raised the alarm.
This is not an isolated incident since a Bloomberg report shows that crypto jacking cases have gone up a staggering 500 percent in 2018. Cybersecurity companies such as Trustwave and MacAfee have been unearthing crypto bugs non-stop with one of the latest bugs being “Webcobra” unearthed by MacAfee and is said to have originated from Russia. A Japanese cybersecurity firm, Trend Micro, also quite recently exposed a new strain of crypto mining software that targets Pcs running on Linux.