Some Indian authorities web sites proceed to permit the planting of scammy hyperlinks on their official domains — months after TechCrunch reported the difficulty final 12 months.
TechCrunch discovered greater than 90 “gov.in” web site hyperlinks related to Indian authorities departments, together with the Indian Council of Agricultural Analysis and India Submit, in addition to state governments and councils of Haryana and Maharashtra and others, have been redirecting to websites linked to on-line betting and funding scams. Serps like Google have listed the rip-off hyperlinks hosted on authorities websites, rising the chance of standard web customers discovering them.
In Could, TechCrunch reported that round 4 dozen Indian authorities web site hyperlinks have been redirecting to on-line betting platforms. India’s cyber company, the Pc Emergency Response Crew, generally known as CERT-In, escalated the matter on the time. Nevertheless, it remained unclear whether or not the federal government had fastened the underlying flaw that the scammers have been exploiting to plant their hyperlinks.
Deedy Das of Menlo Ventures, amongst others, posted on social media platform X this week concerning the difficulty resurfacing, indicating that the hacked pages are widespread.
Safety researcher Bob Diachenko instructed TechCrunch that the difficulty could have resurfaced because of a compromise within the web sites’ content material administration system (CMS) or server configurations.
“If solely the signs (e.g., malicious content material) are eliminated with out addressing the foundation trigger (e.g., vulnerability or backdoor), attackers can reintroduce the difficulty,” Diachenko stated, including, “It’s not a really difficult train however requires some downtime and efforts.”
Earlier this week, TechCrunch contacted CERT-In with a couple of affected hyperlinks. The company didn’t reply to the e-mail, although the hyperlinks began displaying a “web page not discovered” error at across the time of publication.