In recent years, cyberattacks on world governments have been rife, and here in the United Kingdom, local authorities have also suffered assaults on their systems.
Back in 2018, UK government agencies and local councils made the headlines when their dedicated websites were knocked offline in a hack that impacted thousands of sites around the world. In the next sections, we’ll explore this global event, taking a closer look at how it occurred and what the effects were.
Thousands of websites infected across the globe
Over 5,000 websites were hacked in order to force site visitors’ devices to run malicious software that mined a cryptocurrency called Monero, which is similar in nature to the popular Bitcoin.
Here in the UK, users who loaded up the official government websites for the Information Commissioner’s Office (ICO) and the Student Loans Company (SLC), along with the local council sites for Croydon, Camden and Manchester City, had their devices’ processing power exploited by hackers. Across the Atlantic, the homepage for the United States Courts was also hijacked by the threat operators.
Malevolent code for specific software called Coinhive was used in the widespread attack. Coinhive is a program that is advertised by the slogan “A Crypto Miner for your Website”. The hack involved the code running discreetly in the background, up until the point a webpage was closed.
Scott Helme, a security researcher, was informed of the cyber strike by an associate who sent him over antivirus software alerts, he had received after accessing a website run by the UK Government. The associate commented to Helme that while the attack type was not new, it was the largest instance of it being deployed he had ever seen. With threat operators hacking a single organisation, thousands of websites had been impacted in the UK, the United States and Ireland. He later added that an Australian local government site that was using the software had been hacked as well.
Helme explained that, unlike with Bitcoin, where client wallet addresses are all stored on a publicly accessible database, with this attack, it was impossible to identify the location of the user account that was profiting from the malevolent code. The security researcher added that a simple method existed to defend against this type of attack:
“Every single website I run has an ‘Integrity Attribute’, which is a tiny change in how the script is loaded but is there because I’m worried about exactly this type of thing happening.”
Malevolent code hidden in an accessibility plugin
The malicious Coinhive script was cleverly inserted into a commonly used third-party plugin designed for accessibility. Entitled BrowseAloud, it was employed to assist both partially sighted and blind people to access the internet easier.
Software developer Texthelp, which operated the exploited BrowserAloud plugin, announced to news services that its software product had been hacked and was active for a period of up to four hours.
Data Security Officer at Texthelp, Martin McKay, commented at the time on its security measures and action taken:
“Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action. Texthelp can report that no customer data has been accessed or lost.”
McKay also confirmed that Texthelp had enlisted the assistance of an independent security firm to act as consultant on the incident and carry out a comprehensive review of all the software developer’s internal systems.
Impact of the attack
The result of the far-reaching hack was that many official government websites were forced to be taken offline, including the Information Commissioner’s Office, the regulator that businesses must report data breaches and other cyberattacks to.
In-house IT teams worked to resolve the problem, and the UK’s National Cyber Security Centre’s (NCSC) dedicated Incidents team was called in to investigate the case. A spokesperson from the NCSC commented:
“Technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue.”
While no private data was stolen during the hack, with government websites non-functioning, many people were unable to access important services when required, until they were safely restored.
IT security lessons to for local and national governments to learn
For governments to ensure they stay resilient and can keep official websites operational, it is essential that any third-party software or services pass stringent security checks. It is vital that any third-party worked with shares the same cybersecurity protocols as the government department or local authority if sites are to remain protected.
During the pandemic, online services and help centres have been key to keeping people safe and informed. This has made ensuring that government websites have 100 per cent up time even more critical than back in 2018.
To avoid members of the public being unable to access critical information and services, all sites should be safeguarded by a dedicated cybersecurity solution that will raise an alarm if an incident arises. Sites must be protected against infiltration, or personal data can be stolen or held to ransom, which can result in a lack of confidence in governments and put members of the community at risk.
Strong support against cyberattacks
At Galaxkey, we have created a secure system that can be employed by governments, enterprises and educational institutions to keep data safe and sites online. Our solution has zero backdoors and stores no passwords, blocking common penetration paths used by hackers. It also features powerful encryption software that allows emails and important documents to remain unreadable by hackers, while any alteration to documents will raise alerts with users, to identify issues.
Get in touch with our expert team today to test our system for yourself with a free, two-week trial term that allows you to explore its innovative and dependable features.