Ireland is claimed to be wide open to attacks from cyber criminals and rogue states, following an incident in which over 4000 websites around the world were hacked and used to mine crypto-currency. First reported by The Register, the breach affected the Department of Argicultures, Dublin City Council and Fingal, Cork, Wexford and Offaly county councils, and it is suspected to have also affected the websites of the Oireachtas, the Broadcasting Authority of Ireland, Women’s Aid and the Central Remedial Clinic. The crypto-mining attack was not limited to Irish websites, however, as the Information Commisioner’s Office in the UK, the United States courts and many more sites belonging to governments and organisations were also hit.
Over 4000 websites around the world were affected in the crypto-mining attack, many of which belonged to government organisations
The sites affected by the incident all used a popular plugin named Browsealoud, which reads out web pages for blind or visually-impaired people. Somehow, this technology was compromised and the crypto-mining code was injected into any website running the plugin. The incident lasted for several hours, during which anyone who visited a site that utilised Browsealoud inadvertently ran the hidden mining code on their computer, making money for the cyber criminals behind the attack.
Just about every established website in the world relies on some resources provided by third parties, and if any one of these is hacked, it could affect every website that utilises the resource. Because of this, hackers now see these third party resources as prime targets. Why hack just one website when you can hack thousands at once? The good news is that a technology exists to protect against such attacks – called Subresource Integrity, or SRI. SRI detects alterations to third party code and can prevent these changes from being imported to all the websites that use it, thus preventing all the websites’s visitors from being exposed to malware.
Unfortunately, none of the websites affected by this crypto-mining cyber attack were using SRI. Throughout the past year, we’ve seen countless examples of organisations being hacked or otherwise suffering cyber attacks due to having outdated security or not following cyber security best practice. It’s also incredibly worrying that so many of the sites affected by this incident belonged to government organisations, who really should have had good cyber security as a priority.
“Ireland’s strategy is rudderless and lacking in direction.”
According to Fianna Fail technology spokesman James Lawless, “The Government isn’t treating cyber security with the seriousness it deserves. Ireland’s capabilities are woefully inadequate. The national cyber security centre is grossly under-resourced and it is unable to carry out the task it was established to do. The cyber security strategy expired last year and we are still waiting for a replacement. Ireland’s strategy is rudderless and lacking in direction.”
With less than four months to go until the GDPR comes into affect, such incidents should be setting off serious alarm bells within the government.
“All EU member states, including Ireland, must have the National Information Security Directive in place by May 2018”, Lawless added. “This aims to boost cyber security across the EU. However, no legislation has been published to deal with this. It seems no one in Government is taking responsibility for the cyber security of our State.”
This alert, should also ring alarm bells for any business (large or small) that is not monitoring their network, WiFi or firewall for this type of activity. Crypto-mining viruses can get on to the corporate network though a myriad of ways; from exploitation of un-patched browsers and third party applications, to untrained staff clicking a rogue link or attachment in a phishing email, or exploitation of other weaknesses and vulnerabilities in devices connected to the local network. Failure to monitor what your devices are doing over your network can result in it being used by cyber-criminals for malicious purposes.
Many people reading this blog may, unbeknownst to them, already have crypto-mining viruses running silently in the background on their servers, PCs and smart phones generating money for the cyber criminals at their expense. Businesses should look to take a number of proactive measures to block this type of threat. One proactive measure to prevent this sort of attack is to put in place a next generation firewall or upgrade to one as soon as possible and start monitoring the traffic in and out of your network for malicious activity like this, and put rules in place to block it and to ensure only necessary traffic in and out of your network is allowed (from your trusted applications). Other preventative measures include weekly patching of applications, security awareness training for staff and ensuring you have next generation antivirus installed on every machine, server and smart phone that access your network.