Cryptojacking a Growing Threat to Government SitesAfter Researchers Report on Issue, Security Experts Offer Mitigation Advice
Researchers say hackers are increasingly using Indian government websites to mine cryptocurrencies. Security experts urge government authorities to take steps to mitigate the risks of cryptojacking.
See Also: Case Study: The Road to Zero Trust
Cryptocurrency-mining programs use a computer's processing power to generate hashes. Proof-of-work cryptocurrencies rely on crowdsourced hashes to complete blocks of transactions on a blockchain. If a correct hash is submitted, a share of cryptocurrency gets shared back as a reward to miners.
The process of mining isn't necessarily harmful to a computer. But it does consume extra electricity, and in some cases could potentially cause performance problems or even cripple a system by monopolizing its processing power.
According to new research conducted by Shakil Ahmed, Anisha Sarma and Indrajeet Bhuyan, computer science students at Assam Don Bosco University, hackers have illegally gained access to government websites in India using cryptocurrency mining malware to mine digital currencies.
The researchers first discovered cryptomining script on Andhra Pradesh government's municipal websites and then found similar vulnerabilities in many other government websites as well.
"The IT adviser to the Chief Minister of Andhra Pradesh, JA Chowdary, was immediately notified of the same, but as of September 16, 2018, the websites were still running the cryptojacking scripts," Bhuyan says. "The website was, however, down as of September 18, 2018."
Sachin Raste, security researcher at eScan, an internet security solution provider, notes: "Government websites are highly lucrative targets for cryptojacking criminals due to the sheer fact that the volume of traffic on these sites is substantially high. Furthermore, most government-owned websites are handled by third-party vendors and understandably the maintenance is not very high."
Pune-based Rohan Vibhandik, a cybersecurity practitioner and researcher at a large IT organization, says government sites handle so much traffic that it can be difficult to identify the illegitimate traffic.
"Cryptojackers use the system resources of government sites to execute the intended operations for generating the cryptocurrencies," he says. "At some level, corporate or private websites can restrict the ingress communication based on their business interests, unlike government websites, which have a wide and diversified user base."
Government websites not only use outdated software and CMS but they also have very poor security disclosure policies, some researchers claim. So reporting of flaws is also a challenge.
The Modus Operandi
Ever since Coinhive, a cryptocurrency mining service company, launched its service in September 2017, there has been an increase in the number of cryptojacking incidents. Cryptojacking is spreading fast because it's profitable and many organizations don't know how to prevent it.
In a blog, Bhuyan shares step-by-step details of how they discovered vulnerabilities in Indian government websites.
"Our first aim was to make a list of all the government websites of India and see if they are infected by cryptominers," he writes. "We searched online for list of government websites but did not get any so we headed over to the website goidirectory.nic.in, which lists all government websites."
The private sector in India, too, is vulnerable to cryptojacking. In May, Aditya Birla Group, one of the nation's largest conglomerates, was cryptojacked, with more than 2,000 computers of various companies within the group affected.
Surge in Cryptojacking
A Fortinet report states that cryptojacking malware impacted 13 percent of companies globally in Q4 of 2017. The figure grew to 28 percent as of Q1 2018. The report further states that cryptojacking may prove to be more harmful in the long run than ransomware because cryptomining is tougher to detect and it takes control of a computer, which could lead to the device potentially being used to carry out other attacks.
"Ransomware and cryptojacking are fairly similar in terms of how they need to penetrate and spread between systems," says Rajesh Maurya, regional vice president, India & SAARC, Fortinet. "Ransomware has some inherent limitations, such as poor long-term strategy for leveraging existing victims for additional revenue. Cryptojacking, if done properly, can leverage the processing power of hijacked system to mine for cryptocurrencies for a longer time. So it's a long-term profitable venture," Maurya says.
Fortinet Threat Landscape Report Q2 2018 reveals cybercriminals added IoT devices to their arsenal of tools used for mining of cryptcurrencies.
Is There a Solution?
The main reason that government websites are attacked is because they lack continuous and rigorous traffic monitoring, some security experts say.
"They should have a strong firewalls coupled with IDS and IPS systems. Apart from that, system-level scanners would help them to check the usage of memory resources going beyond threshold," Vibhandik says.
To mitigate cryptojacking risks, Sachin Raste, security researcher at eScan, says all government websites should:
- Have standardized IT security policies for all web services and IT-enabled public services;
- Be managed by a central authority;
- Have a centralized SOC and NOC.