Posted by rgmekanic 4:13 PM (CST)
Monday February 12, 2018
Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was comprimised, and one of their hosted script files changed, spreading the malware to all websites using it.
This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.