What do The City University of New York, The US Court System, The Queensland Government, The UK Financial Ombudsman Service, and The UK National Health Service all have in common?
The websites of these institutions use the Browsealoud software service. Browsealoud is a popular tool for internet users with dyslexia and mild visual impairments, which utilizes speech recognition technology to read text on websites. Hackers installed malware onto Browsealoud’s source code, giving them access to thousands of websites using its service.
Monero is the 13th largest digital currency in the market. Like many cryptocurrencies, Monero offers an open source platform, allowing other developers and programmers to use its core technology. In this case, hackers exploited Monero’s source code to intentionally generate artificial coins. They did this by installing the mining code onto any website using Browsealoud, unknown to the companies themselves. This ultimately means that thousands of websites were unknowingly mining the cryptocurrency.
The Cyber-attack was first discovered by Scott Helme, a UK-based Security Researcher, speaker, and the founder of securityheaders.io.
At the time of writing, over 4,000 websites have been compromised in the US, UK, and Australia. Because Monero runs on multiple operating systems including Windows, macOS, Linux, and Android, it’s likely that more company and government websites were impacted and may announce so in the coming days.
What’s unique about this breach was that the public was unintentionally helping the Monero hackers mine the cryptocurrencies. From children playing computer games to UK citizens logging on to city council government websites, these innocent website users were unaware that their internet use was assisting Cyber criminals.
Success Often Breeds Risks
Digital currencies first rose to fame with the launch of Bitcoin in early 2009. This was soon followed by Litecoin in October 2011, Ripple in 2012, Ethereum in July 2015, and many others. Today, there are more than 800 cryptocurrencies in the market, according to digital currency site CoinMarketCap. The use of cryptos are becoming more common – even musicians have begun accepting this form of payment.
Like many industries, success often comes at a price. Similar to companies who become successful, then suddenly find themselves hit with lawsuits from people trying to take advantage of their popularity. As cryptos have risen in popularity and value, criminals have begun to target their wide reach.
With the Monero hack, Cyber criminals took advantage of the cryptocurrency’s popularity and market value to install malicious code and generate fictitious currencies.
How could this have been prevented? Cyber experts have different ideas, but what they tend to agree on is the importance of secure and hard-to-guess passwords. As HackerUSA consistently advises its students as well as the general public, passwords which are complex and changed on an ongoing basis are more difficult to be hacked.
Others suggest limiting social media discussions about personal investments in cryptos. The point is, if you talk about it a lot, you can easily become a target for Cyber criminals.
The main element of risk in Cryptocurrencies is that it’s a digital platform. Anything that is in digital form has a potential risk of breaches because hackers have increasingly hi-tech tools at their disposal. As technology develops and becomes more sophisticated (think of drones, self-driving cars, and Artificial Intelligence), those who seek to exploit tech advancement are always on the lookout for weak spots.
For more on the latest in Cybersecurity trends and news, check out other HackerUSA blogs and news.