Cybersecurity Analysts have revealed that widely trusted Indian Government sites have become a lucrative target of hackers for Cryptojacking.
Hackers use targets to lure users into download or running a malware that mines cryptocurrencies using their computer’s processing power. In 2015, popular torrenting software, uTorrent was accused of the same practice which is cryptojacking.
As security researchers reported, government sites such as that of the Tirupati Municipal Corporation, Director of the Andhra Pradesh Municipal Administration, and Macherla Municipality, have become targets to cryptojacking recently.
Security researcher Troy Mursch reported of hackers exploiting vulnerabilities in Drupal websites. A similar method was used on these government websites. They were defaced and injected with the Coinhive scripts – code that mines Monero on an infected machine through their web browser.
Indrajeet Bhuyan, a 20-year-old security researcher, stated “Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
According to the PublicWWW listing, over 119 Indian websites have been targeted with the malware. Guwahati-based security researchers Anish Sarma and Shakil Ahmed first identified this malware on most Andhra Pradesh government sites, which gets around a 200K+ visits every month.
Both the government and the corporate is targeted with cryptojacking. Hackers exploit vulnerabilities in web platforms, and mine cryptocurrencies, which proves more profitable than ransomware, or ads.
As reported by the McAfee security labs, the percentage of incidents of cryptojacking from 13% in the last quarter of 2017, to 26% in the first quarter of 2018, and witnessing an overall humongous 629% rise.
While the future of cryptocurrencies is being debated by Financial Institutions across the world, hackers continue to make the most use of vulnerabilities in today’s tech framework.
