Government Sites in India Among Prime Targets for Cryptojacking, Research Shows

Published at: Sept. 17, 2018

Official government websites have become a prime target for cryptojacking in India, The Economic Times (ET) reports today, September 17.

Cryptojacking is the practice of infecting a target with malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

New research from cybersecurity analysts reportedly reveals that widely trusted government websites – including those of the director of the municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality – have become the latest to be exploited by the practice.

Security Researcher Indrajeet Bhuyan told ET that:

“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”

According to the Times, Guwahati-based security researchers Shakil Ahmed, Anish Sarma and Bhuyan were the first to identify vulnerabilities on the AP government websites, all of which are subdomains of the extremely popular ap.gov.in – which is reported to receive over 160,000 visits per month.

According to the ET, crytojacking appears rife on enterprise as well as government systems, with PublicWWW listing over 119 Indian websites that run Coinhive code – a script created to mine Monero (XMR) via a web browser.

ET cites a recent Fortinet report that suggests cryptojacking has more than doubled between 2017 Q4 and 2018 Q1, with the percentage of affected enterprises rising from 13 to 28 percent.

Fortinet’s Rajesh Maurya told ET that cryptojacking generates revenue “with a fraction of the effort and attention caused by ransomware,” noting that illegal video-streaming websites are a particularly lucrative target, as the script can make use of multiple CPU cycles to mine crypto as users watch movies or TV series.

ET further reports that internet of things (IoT) products are considered by security experts to be “the next frontier” for cryptojackers, given that such devices have high processing power and yet may be idle for much of the day. ET’s search on IoT-focused search engine Shodan.io found that over 13,500 home routers in India were infected by cryptojacking malware – a figure that was only outflanked globally by Brazil.

As previously reported, a research this summer from cyber security firm McAfee Labs revealed that cryptojacking malware activity had risen a staggering 629 percent in 2018 Q1.

Tags
Related Posts
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking
French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking. Cryptojacking backed by “massive firepower” BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet. The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, …
United States / Aug. 28, 2019
Researchers Find Monero Mining Malware That Hides From Task Manager
Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …
Altcoin / Aug. 14, 2019
Trend Micro: BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software
Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3. Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.” While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could …
Altcoin / June 4, 2019
'Infect and Collect': Cryptojacking Up 629% in Q1 2018, Says McAfee Report
Cryptojacking malware activity rose a staggering 629 percent in the first quarter of 2018, according to a new report published by cyber security firm McAfee Labs June 27. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. The McAfee Labs Threats Report for June detected over 2.9 million known samples of coin miner malware in Q1 2018 – a 629 percent rise from around 400,000 samples the previous quarter. As per the report: “This suggests that cybercriminals are warming to the prospect of monetizing infections of user systems without …
Altcoin / June 29, 2018