Drupal is a well-known CMS Platform that has been used for creating the websites of some governments and leading educational institutions. Even though the platform is acclaimed for its feature set, yet there are some serious concerns regarding some security flaws which have been detected in it recently. After the publication of these flaws, cyber criminals started seeing it as a vulnerable target. Consequently, as many as 400 websites running the outdated Drupal versions, recently fell prey to cryptojacking attacks.
Cryptojacking: The New Culprit On The Block:- Before delving deeper into what exactly happened, it would be better to understand the background of cryptojacking. A process in which hackers run cryptocurrency mining software on the victim’s system without him realizing it, cryptojacking has emerged as the newest hacking threat. Even though this kind of malware is not as impactful as ransomware or identity theft, it can cause damage to hardware or slowdowns in the systems if not resolved in time.
“Drupalgeddon 2”: The Critical Threat To Drupal Sites:- “Drupalgeddon 2”, the latest cryptojacking craze, was first discovered at BadPackets. The malware infected nearly 400 big websites, including the government website for Chihuahua, Mexico, the websites of PC manufacturer Lenovo and the San Diego Zoo, to name just a few. The reason that it happened was a flaw in Drupal CMS, which was exploited by cryptojackers to generate large quantities of cryptocurrency.
They were able to infiltrate the websites running vulnerable versions to install a cryptomining software called Coinhive. Though the software enables the sites to monetize their users in means besides advertising, hackers used it unscrupulously to take advantage of the users. When the users visited the infected sites subsequently, they were forced to run the software, thereby generating cryptocurrency for the hackers.
Could The Attack Be Prevented:- The vulnerabilities that opened these websites to crypto attack had been discovered since March and Drupal Developers had also come with an update. But a large number of websites failed to install the necessary patches, which put them at risk. Subsequently, 400 of such flawed sites were infected in the attack and hundreds of sites are still at risk because they are yet to be updated. The attacks could have been prevented if the infected sites had opted for timely Drupal Upgrade.
The Way Ahead:- Since there is a way to protect your website from such an attack, you must take all the steps to do so. You would require professional help to ensure that the flaws are identified and resolved before the worse happens. Hiring a Drupal Development Company to update the website is the best thing to do. Drupal India is a leading name that you can trust for creating, managing and maintaining high-performance Drupal business websites. Connect with us to ensure that your website is flawless and protected from all kinds of security threats.