The concept of cryptocurrency has been a never ending controversial issue on various grounds of which one has been the potential of hacking. The fear has became a reality affecting various stakeholders. Most recently, the CoinHive, an infamous cryptocurrency which started as a much appreciated tool for cryptocurrency mining. But very, reports surfaced about it being misuse it for cryptojacking by malicious entities.
Reports have surfaced about CoinHive cryptomining attacks victimized routers and websites. India though remain unaffected for a long time. However now the trend has also affected India. Security researchers have depicted a pattern in which various Indian websites including government sites, inadvertently mining crypto by hackers.
As reported, a team of security researchers from Guwahati including Shakil Ahmed, Indrajeet Bhuyan, and Anisha Sharma, discovered government websites inadvertently involved in cryptomining. It was reported that the researchers found government websites of Andhra Pradesh along with numerous other domains ran CoinHive scripts.
Indrajeet Bhuyan, one of the security researchers stated that it was a strategic attack and government website were used cryptocurrency mining because those websites get high traffic due to credibility these sites have.
Websites that were affected by the attacks included Macherla municipality, Tirupati Municipal Corporation, and the Director of Andhra Pradesh Municipal Administration. The observation made by Bhuyan becomes pretty evident by the fact that all three websites belonged to the subdomain ap.gov.in that receives around 160,000 visits each month.
The team of security researchers analyzed 4000 website index’s in the Government of India Web Directory which lacked researchers ran scripts in the home pages of these websites to detect the presence of cryptojacking scripts. Other than the three websites stated, the script affected 119 other websites from India that unintentionally assisted the hackers in cryptojacking.
The government officials have already been notified about the hack. the IT Advisor to the CM Andhra Pradesh, JA Chowdary though have acknowledged the hack but the government is still to take a concrete action. According to ET, even after six days, they noticed no prominent action regarding the matter. Moreover, Vijay Anand, the Andhra Pradesh IT Secretary, also did not respond to any mails or calls in this regard.
Despite of this being not the first such attack in which government website from India suffered a cryptojacking attack. The government has not been able to develop a safety mechanism. Earlier this year the union minister’s website also faced Monero mining attack. Besides, in February 2018, some government websites in UK also suffered cryptomining attack. It is important that the government consider this attack as an alarm and develop mechanism to address and confront such future attacks.