Hackers Mined a Fortune from Indian Websites
Cryptojacking turns AP govt sites, among hundreds of others into mining platforms
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them,” said security researcher Indrajeet Bhuyan. “Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
The vulnerabilities on the AP government websites were first identified by a team of Guwahati-based security researchers Shakil Ahmed, Anish Sarma and Bhuyan. The three websites are subdomains of ap.gov.in which is one of the most popular websites globally with over 1,60,000 visits per month.
ET reached out to JA Chowdary, IT advisor to the chief minister of Andhra Pradesh, about the malwareaffected websites on September 10. “Thanks for notifying us about the AP website hacking,” said Chowdary in a response to the alert. Mails and calls to AP IT secretary Vijay Anand remained answered.
However, as on September 16, the websites continue to run the scripts.
Besides government websites, the malware that mines cryptocurrencies has been spreading and affecting enterprise systems as well. PublicWWW lists over 119 Indian websites that run coinhive script.
Bhuyan and his team ran a software script or code on the homepages of over 4,000 websites from the goidirectory.nic.in to identify cryptojacking scripts. Many of them had been taken down without him reaching out to them.
Globally, cryptojacking malware grew from impacting 13% of all organisations in Q4 of 2017 to 28% of companies in Q1of 2018, more than doubling its footprint as per a recent Fortinet report.
In March, the official website of Union minister Ravi Shankar Prasad was affected by the same vulnerability where it was mining cryptocurrency Monero. The website was later fixed after it was flagged by FactorDaily.
Coinhive is one of the most popular cryptocurrency mining service and it is turning out to be profitable. A small chunk of the code installed on a website uses the com-
puting power of any browser that visits the site to mine bits of the Monero cryptocurrency.
“Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention caused by ransomware,” said Rajesh Maurya, regional vice-president, India and Saarc, Fortinet.
Unlike ransomware — a type of malware designed to block access to a computer until a sum of money is paid — the success of cryptomining attack depends on not being detected.
RAJESH MAURYA Regional Vice-president, India and Saarc, Fortinet Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention caused by ransomware
Experts say the estimated revenue generated through cryptojacking depends on the audience, the number of systems compromised and how long people stay on a website. The more time spent while surfing on the site, the more CPU cycles that can be borrowed to mine cryptocurrencies.
“Crypto mining activity is becoming a very big business in India,” said Maurya. “This technology is most effective on illegal video-streaming websites where people stay for hours watching movies or TV series.” The next frontier for cryptojacking is moving towards internet of things (IoT) products, say security experts. Devices like home smart speakers that are not used all through the day but have high processing power are being leveraged to mine cryptocurrencies.
A preliminary search in Shodan.io, the search engine for internet-connected devices, showed that India ranked second after Brazil with over 13,500 home routers affected by cryptojacking software.
FORTINET REPORT ORGANISATIONS IMPACTED BY CRYPTOJACKING MALWARE