Government trial follows February’s widespread BrowseAloud campaign
The ignoble ascension of cryptojacking over recent months has not been lost on the UK’s National Cyber Security Centre (NCSC) – particularly as numerous government-owned websites were embroiled in the BrowseAloud scandal back in February.
In its most recent report, The Cyber Threat to UK Business, the NCSC suggests that popular websites are “likely to continue to be targets for compromise”, serving crypto-mining malware to visitors.
Now, as Comodo Cybersecurity reports that unauthorized crypto-mining accounted for 10% of all malware incidents in the first quarter of the year, the UK government has launched its own investigation into this illicit moneymaking scheme.
Speaking with The Daily Swig during Cyber UK earlier this month, Ian Levy, the NCSC’s technical director, said: “Following the BrowseAloud [campaign], we did some work on some government websites to see how many of them include third-party active code.
“We have now started a trial of looking for non-consensual crypto-mining on UK websites – and it has been really interesting. I don’t have the data to make a sensible judgement yet, but we are going to try and get it. And like everything we do, when we’ve got the data we’ll publish it.”
According to Comodo, the BrowseAloud campaign – which affected more than 4,000 sites worldwide – was just the tip of the iceberg, with the New Jersey-based company reporting a total of 2.9 million crypto-mining incidents during the first three months of the year.
“It’s a very different sort of attack, and I think it shows that criminals will do anything they can to make money,” said Levy.