In the past week, a hacking campaign has been launched on sites running Drupal to inject malicious code that will then mine crypto-currency on your computer.

The campaign is believed to have successfully hacked 400 government, corporate, and university websites turning them into cryptocurrency mining platforms that surreptitiously drain visitors’ computers of electricity and computing resources, a security researcher said Monday.

Some of the websites included: Lenovo, the University of California at Los Angeles, the US National Labor Relations Board, the Arizona Board of Behavioural Health Examiners, and the city of Marion, Ohio.

The Social Security Institute of the State of Mexico and Municipalities, the Turkish Revenue Administration, and Peru’s Project Improvement of Higher Education Quality were also affected.

The code that was run on the websites dedicated 80 percent of their CPU resources to mining the digital coin known as Monero with no notice or permission.

The exploit used the  Drupalgeddon2 vulnerability which was found in 2014, but on March 28th of this year was identified again. Drupal issues a critical release update to fix the vulnerability, but carrying out this update is reliant on the website owners.

It is also believed that along with the mining script the hackers are installing other malware that will allow them to carry out denial of service attacks on other websites.

With the GDPR just over 2 weeks away, a hacked site can cause a company major losses both financially and with customer loyalty. If a site had been hacked post GDPR and it contained any personal information on users (which most content management sites do), then you would have 72-hours to contact your customers and inform them of the breach. The result of this would cause a massive loss of confidence in your company, and you would incur the costs of having to have the website disinfected too.

While we don’t specifically deal with Drupal anymore, if you have a WordPress website and want a hosting service that will handle all your updates for you, reducing the chances of an attack such as this, then get in touch via our contact page.