The National Cyber Security Centre (NCSC) is aware that a number of websites using software from a third-party vendor is causing visitors to those sites to mine cryptocurrency without their express permission. The software in question provides a number of assistive technology features commonly used in public websites. Users are only affected when visiting the compromised sites. The software vendor in question took the necessary mitigation actions Yesterday (Sunday 11th Feb) afternoon to disable this service thereby preventing further compromise.
There are no indications at this stage that members of the public are at risk.
The NCSC has issued an advisory to all its constituents of Government Departments and Agencies as well as Critical National Infrastructure providers, informing them of the issue and outlining a number of mitigation tech steps to prevent similar types of incidence occurring in the future. The NCSC will continue to monitor developments in relation to this matter.
The National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) is an operational arm of the Department of Communications, Climate Action and Environment, founded in 2011 and is responsible for overseeing the cyber security of Government IT infrastructure and Critical National Infrastructure. The role of the NCSC is to lead in the management of major cyber security incidents, provide guidance and advice to citizens and businesses, and manage cyber security related risks to key services. In the period since 2011, the unit has focused its efforts on building capacity and establishing a stable base for its operational work.
Under the National Cyber Security Strategy published 2015, the roles and development of the unit were set out as being:
•activities to reduce the vulnerability of critical systems and networks within the State to incidents and cyber-attacks;
•effective response when such attacks occur;
•responsibility for Critical Information Infrastructure Protection(CIIP);
•establishing and maintaining cooperative relationships with national and international partners.
This includes cooperation with academia, industry and through the promotion of events like European Cyber Security Month.
The NCSC encompasses the State's National/Governmental Computer Security Incident Response Team (CSIRT-IE). CSIRT-IE has recently received international accreditation from the TF-CSIRT body that servers as a clearing house for all security and incident response teams. CSIRT-IE is initially focusing on the State sector and critical national infrastructure, and acts as a national point of contact for all national cybersecurity incidents .
The NCSC will also be designated as the National Competent Authority single point of contact for the purposes of the EU Network and Information Security Directive.
Crypto-currency mining and cryptojacking - crypto-currencies essentially involve numerous complex mathematical computation that assist in the maintenance and validation of the crypto currency transactions. Crypto-currencies uniquely are not centrally managed so these calculations or mining function are performed largely by a distributed group of willing participants who voluntary run some software to participate in these calculations and in return receive a small monetary sum depending on how much processor time they decide to dedicate to the mining process. However some malicious actors will try and get user to give over part of their CPU function to this process without them knowing. This unwitting participation in the crypto currency mining computation is called "Crypto-jacking" and sees some of the processors cycles go towards calculation of the next number in a sequence and then reverting to normal user-instructed operations. All told this may result in the user experiencing a reduction in the performance of their device (Laptop, PC, tablet, phone). The incident in question was one such example of users who visited sites running the BrowseAloud software were unwittingly carrying out some of these calculations with the monetary reward going to the cybercriminals instead of the user who did the processing. In this specific case there was no risk to the user from the perspective of the Confidentiality, integrity or authenticity of their data however they may have experienced some reduction in performance on the device in question (laptop, PC, tablet, phone) but only whilst the browser tab of the compromised website was open.