Official government websites have become a prime target for cryptojacking in India, The Economic Times (ET) reports today, September 17.
Cryptojacking is the practice of infecting a target with malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
New research from cybersecurity analysts reportedly reveals that widely trusted government websites – including those of the director of the municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality – have become the latest to be exploited by the practice.
Security Researcher Indrajeet Bhuyan told ET that:
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
According to the Times, Guwahati-based security researchers Shakil Ahmed, Anish Sarma and Bhuyan were the first to identify vulnerabilities on the AP government websites, all of which are subdomains of the extremely popular ap.gov.in – which is reported to receive over 160,000 visits per month.
According to the ET, crytojacking appears rife on enterprise as well as government systems, with PublicWWW listing over 119 Indian websites that run Coinhive code – a script created to mine Monero (XMR) via a web browser.
ET cites a recent Fortinet report that suggests cryptojacking has more than doubled between 2017 Q4 and 2018 Q1, with the percentage of affected enterprises rising from 13 to 28 percent…