India’s crypto industry is currently in a state of limbo, awaiting the green light, or perhaps another clampdown, when the Supreme Court case involving the Reserve Bank of India is finally resolved. Yet, allegedly this has not deterred cyber criminals of helping themselves to low-hanging crypto fruit on government websites.
Indian media are reporting that state-built websites are usually knocked up on a budget using dated code and poor security practices. This makes them soft targets for hackers looking to exploit those vulnerabilities for their own gain. According to the media reports, there have been hundreds of government websites compromised in order to mine crypto-currencies, including those for the director of municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality.
By using malware, known as cryptojacking, the attacker harnesses the computing power of the compromised machine via a security flaw in the website. This CPU power is then used to mine crypto currency and secretly send it to the hackers’ wallets.
Security researcher Indrajeet Bhuyan told Economic Times that “hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
Security researchers notified IT staff at Pradesh’s offices but it appears that the malware is still in operation and the websites are still compromised and were offline at the time of writing.
In addition to this incident an estimated 119 prominent Indian websites still run the Coinhive mining script which has been widely used to fraudulently mine the anonymous crypto Monero. Earlier this year the same script had infected over 200,000 ISP routers globally and continues to cause havoc to hardware and websites across the web. The official website of Union minister Ravi Shankar Prasad was affected by the same vulnerability in March, when it was discovered to be hosting malware.
Cryptojacking is rapidly surpassing ransomware as an easier way to generate illicit income. “Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention (required by) ransomware,” said Rajesh Maurya, regional vice president of cyber security firm Fortinet.
He added that Internet of Things (IoT) devices are likely to be the next targets after computers as they operate autonomously and are relatively easy to hack. Fortinet reported that cryptojacking malware increased from affecting 13% of all organizations globally in Q4 of 2017 to 28% in Q1 of 2018, more than doubling its impact.