[technology taskforce] ICANN's Confluence wiki was hacked last week

[Dev Anand Teelucksingh]

*http://domainincite.com/24153-icann-got-hacked-by-crypto-bots
<http://domainincite.com/24153-icann-got-hacked-by-crypto-bots> *

*ICANN had to take down its community wiki for several hours last week
after it got hacked by crypto-currency miners.*

The bad guys got in via one of two “critical” vulnerabilities in
Confluence, the wiki software that ICANN licences from Atlassian Systems,
which ICANN had not yet patched.

ICANN’s techies noticed the wiki, which is used by many of its
policy-making bodies to coordinate their work, was running slowly April 11.

They quickly discovered that Atlassian had issued a vulnerability warning
<https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html>
on March 20, but ICANN was not on its mailing list (doh!) so hadn’t been
directly notified.

They also determined that a malicious “Crypto-Miner” — software that uses
spare CPU cycles to attempt to create new cryptocurrency coins — had been
installed and was responsible for the poor performance.

ICANN said it took the wiki down, restored it to a recent backup, patched
Confluence, and brought the system back online. It seems to have taken a
matter of hours from discovery to resolution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190416/0da9371f/attachment.html>