The Information Commissioner’s Office is among more than 5,000 organisations which have had their websites hacked in a bid to force visitors’ computers to run malicious software that mines a cryptocurrency similar to Bitcoin.
Just last week, the National Cyber Security Centre warned organisations to brace themselves for a new wave of highly sophisticated online attacks. The sites affected by this latest issue all use a popular plugin called Browsealoud, made by UK company Texthelp, which reads out webpages for blind or partially sighted people. But this technology has been compromised to silently inject a malicious code to search users’ computers for cryptocurrency Monero.
The hack, which was first flagged up by UK-based security researcher Scott Helme, is reported to have affected UK public sector organisations, including 45 local authorities, nine NHS trusts and six colleges, as well as the ICO, the Pensions Advisory Service, the Financial Ombudsman Service and the Student Loans Company.
At 9.29am yesterday morning the ICO’s site posted a statement which read: “The ICO’s website will remain closed as we continue to investigate a problem which is thought to involve an issue with the Browsealoud feature.”
Helme said: “This is not a particularly new attack and we’ve known for a long time that content delivery networks or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites.”
The National Cyber Security Centre, which is investigating the issue, said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage, there is nothing to suggest that members of the public are at risk.”
Firms warned over new wave of nefarious cyber attacks
Thousands of Morrisons staff to get data leak pay-off
Morrisons staff start High Court fight over 2014 breach
25 million UK adults in the dark over theft of their data
Stephen Fry on alert as toffs’ data is stolen from club
Uber faces long arm of the law over 64m data breach
Finance firms face sustained attack on their data vaults
FCA launches investigation into Equifax breach farce
Millions of Instagram users hit by major hack attack
Data breach at games giant CeX hits 2m customers
Data breaches ‘hit shares, sales and growth for years’