NHS, local government, and ICO impacted by cryptojacking attack

Written by Sam Trendall on 12 February 2018 in News
News

National Cyber Security Centre claims public is not at risk after malicious code for generating cryptocurrency added to Browsealoud text-to-speech tool

Scores of public-sector websites were affected by a cyberattack which used malware to generate cryptocurrency.

Yesterday morning, hackers breached a JavaScript file contained within the code of Browsealoud – a product made by UK tech company Texthelp that offers a website plug-in to convert text to audio for visually impaired web users. The attackers “added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency”, according to Texthelp. 

This additional code, an example of a practice popularly known as cryptojacking, was active for about four hours after the breach occurred at 11.14am, Texhthelp said. More than 4,000 sites were impacted and were, during that time, running so-called cryptomining malware. 

Among those to have named as being affected by the issue are a wide range of UK public-sector organisations, including 45 local authorities, nine NHS trusts, six colleges, and four statutory or regulatory bodies.


Related content


The latter group includes the Information Commissioner’s Office, which at 9.29am on Monday morning said: “The ICO’s website will remain closed as we continue to investigate a problem which is thought to involve an issue with the Browsealoud feature.”

The ICO website now appears to be back up and running.

Texthelp said that, as soon as the breach was detected by the company’s “automated security tests”, Browsealoud was taken offline, which automatically removed it from customers’ websites. It will remain out of action until midday on Tuesday – although Texthelp claimed that “the security breach has already been addressed”.

Martin McKay, chief technology officer at Texthelp, added: “A security review will be conducted by an independent security consultancy.  The investigation is ongoing, and customers will receive a further update when the security investigated has been completed.”

The National Cyber Security Centre is also looking at the incident. 

A spokesperson said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage, there is nothing to suggest that members of the public are at risk.”

The issue was first flagged up by UK-based security researcher Scott Helme. In a blog post on his website yesterday, Helme provided details of simple changes to code that he believes could successfully block other attempts at such an attack.

“This is not a particularly new attack and we've known for a long time that CDNs (content delivery networks) or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites,” he added.

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

Add new comment

Related Articles

Top-tier data-processing fees rise sixfold to £2,900 in new ICO funding structure
24 February 2018

Large organisations that process personal data will see their annual subsidy contribution rise from £500

Treasury Committee to examine digital-currency regulation
22 February 2018

‘It is time Whitehall and Westminster understood cryptocurrency better’, committee member declares following period of extreme fluctuations

West Yorkshire Police to roll out mobile scanners for on-the-spot fingerprint checks
13 February 2018

Devices are designed to check against national criminal and immigration databases and return results in under a minute