Thousands of websites, including the Information Commissioner’s Office, the Scottish NHS helpline and the Student Loans company along with hundreds of other central and local government sites have been hijacked by hackers to mine cryptocurrency like Bitcoin or Ethereum.
The services have been infected with malware called Coinhive, which sits on a website and steals the processing power of its visitors‘ devices to mine Bitcoin or alternative coins that are stored in an anonymous digital wallet, to be withdrawn at a later date.
The discovery raises concerns for web security on official websites visited by millions of Britons, less than a year after the debilitating WannaCry attack struck the NHS.
„This is pretty worrying,“ said security researcher Scott Helme, who spotted the hack on Sunday. „First off, this is really easy to prevent and I’m disappointed that government organisations have not taken the incredibly easy steps available to them to stop this from happening.“
Mr Helme said that there were plenty of defences already available for these sorts of attacks, so the failure to implement them suggested more concerns about the government’s larger security priorities.
„They should be at the forefront of digital security,“ he added.
More than 4,700 websites, including the US courts official homepage, have been infected. Mr Helme said it was likely that a third party software which the organisations were using is likely to be the culprit. Rather than hacking separate websites, criminals can attack a single plugin that is used by several thousands.
The UK Power Networks company, the General Medical Counsel, Virgin’s private healthcare website Virgin Care are also affected.
The coins are being stored in a trackable digital wallet, however it is unclear the nationality or whether it is an individual or group behind the attack. Mr Helme believes the source of the malware is a third-party piece of software which is used by the affected organisations.
„Rather than hacking thousands of organisations separately, hackers tend to target third party services because they are often the weak link in the chain,“ Mr Helme added.
YouTube recently shut down cryptojacking adverts on its platform after users complained their computers were slowing down when visiting the site. The trend for mining by malware has becoming more prevalent as the Bitcoin frenzy continues.
The ICO, NHS Inform, Student Loans Company, Virgin Care, General Medical Counsel and UK Power Networks have been contacted for comment.