On November 19, Trustwave published its latest research report, stating that the website of the global non-profit organization, the Make-A-Wish Foundation, was attacked by cryptojackers who used malware.
According to the data, the malware has reached the site of the fund through the domain drupalupdates.tk, which has been used by the company that used the vulnerabilities of the site Drupal to compromise websites since May 2018.
According to experts, the attackers used a number of methods that allow them to hide their activities and avoid detection as much as possible. Among the named methods, it is worth noting the use of a complex domain name, the use of different domains and IP addresses in the WebSocket proxy server.
It is worth noting that, according to the data, the company Trustwave reported to the fund about the problem with the security of the site, but the representatives of the fund have not yet responded. Despite this, the malware has been removed.
This post is also available in: Русский