Another Website Security Article

Published in Drupal
Another Website Security Article

Let’s not kid ourselves, the internet is a dangerous place. Site hacks are commonplace and costly to fix both in terms of lost revenue, brand reputation and long tail SEO issues. 

Depressingly, charity websites are no exception.  

In the news recently was Make-a-Wish, a charity for children with serious or terminal illnesses, after its Drupal website was hacked by a group of “Cryptojackers”.

Cryptojacking is a particularly insidious form of cyber crime. Large numbers of computers are gradually taken over and forced to mine cryptocurrencies. Cryptojacking is relatively new of course, but cyber crime is anything but new, and criminals are as sophisticated and cunning as ever. What this means for your organisation’s websites is that it will always be at risk of attack.

In the case of Make-A-Wish, the attackers used an unpatched Drupal bug to insert cryptomining software called CoinImp onto the site. This forced any visiting computers to mine Monero, a privacy coin.

NOTE: Drupal security updates are part and parcel of our support contracts - if this is   something you need to address get in touch. We'll will secure your Drupal site. Just email us at [email protected].

Unfortunately Make-a-Wish had not installed a patch that would have safeguarded them. Thankfully, no donor information was compromised. However, it seems that non-profits are particularly susceptible to these types of attacks and could become a growing target as they may be slower to update their systems.

Of course, it could have been so much worse. 

One of the simplest things you can do is to check the version of your website’s software. If your version of Drupal or PHP is no longer supported, you could be headed for trouble. Checking your own site version of Drupal core through Drupal xray or the wappalyzer chrome extension will go a long way to protecting your organisation.

To avoid the risk of a serious hack and to stay several steps ahead of the criminals, we can offer a free consultation regarding your site’s security. We can help safeguard your website with a security audit at a fixed cost of $3,000.

If you would like to know more simply email us at [email protected].

SystemSeed are Drupal experts with over 4,000 commits to the Drupal community and have actively developed various Drupal security modules. We take security very seriously and we expect that you do too.