Indian Government Websites Keep Getting Hacked to Mine Cryptocurrencies

With more than 100 government websites hacked in September alone, security experts in India are in a race against time to identify more websites hosting malware that allows the unauthorized mining of cryptocurrencies, India Today reported on October 1, 2018.

Government Websites Fall Victim to Cryptojacking

Despite the country’s reservations about cryptocurrencies, Indian government websites are becoming the most popular target for cryptojacking.

According to a March 7, 2018 report from the Times of India, a total of 119 India websites have been infected by malware that allows illegal mining of cryptocurrencies. An analysis conducted by cybersecurity researchers shows that government websites like the director of municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality are among the hundreds infected, the report stated.

Minister of State for Electronics and IT, K.J. Alphons, told the Times of India that a total of 22,207 Indian websites were hacked from April 2017 to January 2018, with a total of 493 websites used for malware propagation during that period

The malware is commonly referred to as cryptojacking, the practice of unauthorized use of someone else’s computer to mine cryptocurrencies. By loading a crypto mining code on the computer or infecting a website with a JavaScript code, hackers can use the visitor’s computing power without consent.

High Traffic Websites Goldmines for Hackers

Security researched Indrajeet Bhuyan told the Economic Times that hackers target government websites as they handle a lot of traffic and are widely regarded as trustworthy.

In 2017, the Union Home Ministry informed the Parliament that at least one website run by the Indian government had been hacked every other day back in 2016, India Today reported.

The numbers shine a light on the huge gaps in security for a country that’s pouring an incredible amount of resources to go digital. Globally, crypto jacking malware grew from impacting 13 percent of all organizations in Q4 of 2017 to 28% of companies in Q1 of 2018, the Economic Times said.

Security experts still can’t confirm the estimated revenue generated through cryptojacking in India, as many factors are determining the money made, such as the type of content affected, the number of systems compromised and the time people spend on the hijacked website.

Rajesh Maurya, regional vice president of India and Saarc Fortinet, said that cryptojacking is becoming a “very big business” in India.

“This technology is most effective on illegal video-streaming websites where people stay for hours watching movies or TV series,” he told the Economic Times, adding that the next frontier for cryptojacking is moving towards internet of things (IoT) products. The report identified devices such as routers and smart home speakers as the newest targets for cryptojacking, as they are not used throughout the day but have high processing powers.