Earlier this year, Forbes reported that crypto jacking is now the world’s most popular cyberthreat after displacing ransomware from the top spot. Apparently, the threat is now so prevalent that hackers are indiscriminate when it comes to their target. Their latest victim is the Make-A-Wish Foundation, a charitable organization which aims to fulfill the wishes of children who are diagnosed with critical illnesses.
Crypto Mining Script Found on Make-A-Wish Site
Researchers from TrustWave Holdings, an information security company based in Chicago, Illinois, discovered that one of Make-A-Wish’s sites was infected with crypto jacking malware. In a company post, the security firm revealed that https://worldwish.org/en, one of the foundation’s sites, was compromised with a crypto mining script called CoinImp.
Further investigation by the cybersecurity firm showed that the domain used to host the mining script is “drupalupdates.tk.” This suggests that the incident is part of the long-running hacker campaign since May 2018 that exploited vulnerabilities in the Drupalgeddon 2.
Drupalgeddon 2 Vulnerability
The vulnerability of Drupalgeddon 2 was already revealed as early as March this year, according to ZDNet. While patches have been released since May to address this issue, many Drupal site owners failed to promptly update their Drupal website manager (CMS) allowing hackers to infect their systems with the CoinImp malware.
Cyberjacking is a form of cyber-attack where hackers install crypto mining software into a device without its owners knowing about it. Once a device is infected, it will then start mining cryptocurrencies for the hackers without alerting the device’s owner. This form of cyber attack started to gain popularity last year when crypto prices skyrocketed with the 2017 rally, which made mining a very lucrative activity.