Coinhive attacks and how to prepare for the (almost) inevitable

This week’s report that more than 5,000 websites, including that of the Information Commissioner’s Office (ICO) have been hacked, shows that it really can happen to anyone. Other affected websites where malware took over the processing power of their user’s devices include the Student Loans Company, the council website for Manchester City, Camden and Croydon and the home page of the United States Courts. Although the initial reaction may be one of schadenfreude – pleasure in someone else’s misfortune – a more measured response would be to realise and accept that hackers are now so ingenious and creative that everyone, including those with top class cyber defence, is likely to be subject to attack at some point.

This latest hack involved a piece of cryptocurrency mining malware, called Coinhive, which ran in the background while the webpages of the hacked organisations were open. This forced visitors’ computers to run the mining programme which can then be used to gain small fractions of cryptocurrency from each victim.

So, how can we protect ourselves? The honest answer is that we can’t fully. What we can do, however, is to be prepared for the probability that our systems will be attacked at some point and to reduce the potential impact this will have. Developing a robust Incident Response protocol is an important start and here a Retained Forensic (RF) service will be of immense benefit. With a detailed knowledge of your systems, an RF team is able to mitigate the damage swiftly and effectively.

Damage limitation is crucial but, in the long term, building additional layers of security into your system’s architecture is also key. We need to ensure we are not giving away information without meaning to. We should also consider our defensive architecture but it is important that we balance the need for security with the practical requirement for our systems to be functional and easily navigable.

Achieving this balance is a complex issue. SRM’s VirtualCISO (vCISOtm) service can resource and support the incumbent CISO or DPO in managing this task. From providing expert strategic guidance to taking on the full CISO role, our vCISOtm team has many years’ experience in providing robust yet agile defences. We work with our clients across a range of services including Incident Response, Retained PFI, Digital Forensic Investigation and Security Breach, Incident Management and Containment Support.

To find our more, visit our website or contact Mark Nordstrom on 03450 21 21 51 or

Posted 2 weeks ago on · Permalink