The Tamil Nadu government domain (tn.gov.in) has many exposures that can lead to phishing attacks and data breaches. The domain is also vulnerable to notorious ransomware gangs like Ryuk and NextCry, who have targeted many victims in the past, according to an analysis that was done by Securin Inc and Ivanti.
Securin Inc. and Ivanti have conducted an investigation into the cyber hygiene of Indian State government domains and found several potential gaps in their current security practices. The investigation used the Securin Attack Surface Management platform to passively examine the domains of Indian State governments and Union Territories.
According to details that the firm shared, 46 links within the Tamil Nadu Government portal do not have the SSL (Secure Sockets Layer) encryption or they have expired. This is the basic security layer that needs to be added and without it the domain is insecure and its data and visitors are exposed. They have also found 60 credentials with passwords from this domain leaked on the deep and dark web, which makes them a prime target for phishing attacks and impersonation. The firms have also found hardcoded API keys in Github code base – in other words, this can lead to a major data breach. Instances of malware infection and stolen cookies as of March 21, 2023 were also found for the Tamil Nadu government domain.
While doing this study teams also discovered 21 blacklisted IPs for this domain (tn.gov.in) which can damage their online reputation, prevent emails from being delivered, and block website access. The analysis shows that because of this the overall trust factor for this domain will be lost and can impact the ability to communicate and do business online.
India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored,” said Ram Movva, Co-Founder and Chairman of Securin Inc. He further added,“The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organisations and government entities. Organisations must continuously strengthen their security posture, and the first step to that is knowing where your weaknesses are.”
Two Tamil Nadu Government officials mentioned that teams from the state data centre constantly keep monitoring these issues and address them, then and there. However hackers keep coming with new innovative ideas. To a query on the SSL’s expiration, one of the officials said that they are updating departments and asking them to renew it. “We always alert departments to do this,” he added.
The analysis also pointed out that over 10% of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Additionally, 700 plus credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation. At the national level, the investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.
