The details: The NGO community is often the target of attack due to often outdated and underfunded security programs. Recently, the website of the Make-A-Wish Foundation has been “cryptojacked” to install the increasingly popular cryptomining script.
The hack involved hackers accessing the Make-A-Wish website through a Drupal vulnerability dubbed Drupalgeddon 2.A. The Drupalgeddon 2 attack takes advantage of Drupal installations that have not patched CVE-2018-7600 and CVE-2018-7602, two vulnerabilities that have already been targeted this year.
The ability for the script to be obfuscated by traditional blacklist solutions, such as antivirus software and similar products, may result in an increase in attacks using this script.
The hacker’s perspective:
Tell Hause, Randori Security Researcher says,
“While it’s not the most wholesome headline I’ve read recently, I don’t believe that the attackers behind this attack were targeting Make-A-Wish any more than any other cooperation running outdated Drupal software. From the looks of the vulnerability exploited someone scoured the internet for unpatched Drupal versions and dropped this crypto-mining software on whatever they could. Given the low barrier to entry to push this kind of exploit it’s surprising to see that it took this long for this to be noticed and remediated. Moreover, this and other reports like it continually show how hard it is to do configuration management and regular patching at scale.”
*** This is a Security Bloggers Network syndicated blog from Code Red authored by Hannah Klemme. Read the original post at: https://code-red.randori.com/cryptojacking-attack-targets-make-a-wish-foundation/