Threat of Crypto Hijacking to the Universities on an All Time High
Apr 09, 2018 Posted / 1028 Views
According to News reports, some universities are being dragged in the scandal to support crypto hijacking.
Now this is attributed to many factors of which one being that the students themselves have been trading/mining in crypto using the university network which makes it easier for outsiders to break into the accounts and steal the information.
According to a research by Vectra,“Corporate enterprises enforce strict security controls to prevent cryptocurrency mining behaviours. However, universities do not have the same luxury with students. They can at best advise students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads”.
Also, the Drupal admins are set for a surprise as some new faults were diagnosed in its system. This problem was a huge one. The security hole which has been marked CVE-2018-7600 can be exploited by simple accessing a web page on their website and has the ability to impact the version 6,7 and 8. This flaw can give the attacker full access to the website.
The research about the mining of the bitcoin was based around August 2017 till January 2018 and was centered around all major universities and high schools. But there was a problem, during these times, mining was possible only using powerful computation resources. Crypto mining is not harmful to the people and the college but has a lot of effect on the network on which it is being done. Also, crypto mining is not easy and requires a lot of resources, human brain power and time, not to mention technology which is more than the usual.
In a recent report from Symantec highlighted an 8,500 per cent surge in 'crypto jacking' cyber attacks in the final quarter of 2017 alone. This is a matter of concern.
The CEO of High tech bridge, Ilia Kolochenko said that “It has been a while since such a dangerous and easily exploitable RCE vulnerability has been discovered on such a popular CMS as Drupal. Drupal website owners should urgently install a security update. We can expect massive exploitation of the vulnerability in the wild already by this afternoon. The situation is seriously aggravated by the Easter break, as many security and IT people will be away, granting attackers a huge advantage. The problem is also in "shadow IT" applications running Drupal CMS, as many large organizations don't even know how many applications they have, and thus cannot mitigate the risk.”
The websites which have been breached will be treated for data theft and ar likely to own up to the responsibility. Not shady websites, but famous well-established ones too can be involved in this breach of security and theft.
For this, the website can temporarily use WAF, but this will only mitigate the flaw and add nothing more.
The vulnerable nature has been however fixed with the release of release of Drupal 7.58, 8.5.1, 8.3.9 and 8.4.6. Alos, Drupal 6 has neared it existence cycle, but an update has been released to keep it in existence still!
Applancer is an open platform for discussion on all things like Blockchain , Cryptocurrency and Ico news updates. As such, the opinions expressed in this article are the author's own and do not necessarily reflect the view of Applancer .
Hottest Blockchain Newsletter
For updates and exclusive offers, enter your e-mail below.