• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Cryptojacking Enters the Arena in a Big Way

You are here: Home / Security News / Cryptojacking Enters the Arena in a Big Way

In the on-going struggle for online security, analysts recently discovered hidden cryptojacking JavaScript files embedded in a number of Australian government websites.

The malware was also discovered in European government websites such as the UK National Health Service (NHS) as well as an unnamed European water utility network[1].

Cryptojacking is a new form of malicious software penetration in which websites or phones are used to quietly mine cryptocurrency online on behalf of the hacker.  Overall, it doesn’t cause any overt harm to the website or its users but piggybacks on its connection to earn Monero (the cryptocurrency in question).

Users shouldn’t feel alarmed that the malware could gather personal details.  The worst that can happen is that your site or phone may have inadvertently raised some money for a criminal group.

What has worried digital analysts is how easily hackers have inserted the JavaScript file into the coding of the websites.  Had they not been solely interested in mining cryptocurrency, they could utilise the JavaScript file to install ransomware or keyloggers[2].

Coinhive, the malicious script discovered by analysts, was embedded into a website plug-in called Browsealoud[3].  The plug-in, which has since been taken down, provided people with low vision and literacy problems access to websites.

It is essential for all those involved in crypto currency in particular to learn about this evolving public cyber security threat.  Two important points to take from this incident are:

Review any third party software/add-ons – Infiltrations of malicious script can be prevented by ensuring users review and scan any third party software and plug-ins that will be used on your websites.  In this case, the Browsealoud plug-in had been hacked and spread its malware function onto any website that used the plug-in.  This doesn’t mean that the plug-in was a malware itself, so it is important to communicate with developer/service providers to let them know their software has been hacked.

Immediately notify the authorities – Cryptocurrency miners are making a profit for an unknown hacker through fraudulent means.  It is important to have authorities investigate the source of the malware as it could easily happen to many more unsuspecting victims.

Cryptojacking is a selfish kind of hack, and relatively victimless.  At worst, your phone or website may have raised funds for an unsavoury individual or group.  Nevertheless, the infiltration of secure sites and devices is a serious security issue.  As always, it pays to trust, but verify data from third parties and spread the word when things go wrong.

For further information on cybersecurity and how we may be able to assist in securing your networks from cryptojacking, please do not hesitate to contact Agilient. 

The Agilient Team

[1] https://boingboing.net/2018/02/13/monetizable-malware.html

[2] https://www.abc.net.au/news/science/2018-02-12/hackers-use-australian-govt-websites-to-mine-cryptocurrency/9421906

[3] https://www.theguardian.com/technology/2018/feb/12/cryptojacking-attack-hits-australian-government-websites

Tweet
Share

Security News

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692