The research firm points out that bad actors had an easy entry into the website as it was using an older version of the Drupal content management system.
Trustwave’s security researcher Simon Kenin stated:
“A quick investigation showed that the domain ‘drupalupdates.tk’ that was used to host the mining script are part of a known campaign which has been exploiting Drupalgeddon 2 in the wild since May 2018.”
Trustwave findings also highlight that similar kind of cryptojacking activities have been rampant since May 2018 and is part of the known campaign that has been exploiting Drupalgeddon 2. It also states that although the campaign has been updated several times since May 2018 several website owners have not been agile enough to update their Drupal CMS version on a timely basis.
Kenin stated in a report “Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their “wish” to be rich, come “true”. It’s a shame when criminals target anyone but targeting a charity just before the holiday season? That’s low.”
Although cryptojacking is relatively new as far as threats are concerned, a recent report released by the Cyber Threat Alliance (CTA) put forward facts and figures that indicated a meteoric rise of 459% in the rate of illegal cryptojacking activity in 2018.
A similar figure was also made public in a report released by cybersecurity company McAfee Labs in September 2018. The report stated that in Q1 2018, cryptojacking activities saw an increase of 629%, translating to over 2.9 million attacks. It also affirmed that the trend continued in Q2 2018.
While hacking has been going on for years, cryptojacking is slowly finding its root. People definitely need to be more vigilant with their systems and processes.
What steps should be taken to curb malicious activities like cryptojacking? Let us know you thoughts in the comment section.