There is a special place in hell for some people. One or maybe more hackers have infected the Make-A-Wish foundation’s international website with crypto-mining malware scripts.
The cyber attack was possible because the site was using an older version of the Drupal CMS that was vulnerable to CVE-2018-7600 – a remote code execution vulnerability known as Drupalgeddon 2. This vicious vulnerability gives to a hacker admin access level to web servers, which means he has the ability to access and modify web pages.
The compromised server can also be obfuscated by changing its address or bouncing the connection of other servers. When a user visits the infected page, the mining script is called and the victim’s device power is used to harvest cryptocurrency for the hacker.
Nowadays, the Drupal vulnerability is easy to use one, thanks to many available exploit scripts.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For now, it’s not clear what motivated the hackers to chose to compromise the website of a charity that performs acts of kindness for seriously ill children.
The time of year might have something to do with the choosing of Make-A-Wish as a target. It is well known that during the holiday season hackers tend to look to infect sites and pages that get high amounts of traffic which means that the sites of charity organizations are a very good target.
Researchers say that protecting against this type of cyber attack is something easy to be done: users have to make sure that Drupal (and all other web server apps) are updated and fully patched. Admins must also keep a close eye on any changes or unusual activity on their pages that could lead to or be a cyber attack.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.