steven36 Posted September 20, 2019 Share Posted September 20, 2019 New 20,000 batch of payment card details found on the dark web and traced back to new Click2Gov hacks. Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed in a report shared with ZDNet today. These new hacks have allowed hackers to get their hands on over 20,000 payment card details belonging to US citizens, which are now being traded on the dark web, the cyber-security firm said. History of Click2Gov hacks Click2Gov is a web-based portal sold by Central Square, formerly known as Superion, to US and Canadian municipalities, small and large alike. It comes as a cloud-based offering and in a self-hosted version. Once up and running, Click2Gov provides a self-service portal where US citizens can pay taxes and bills. Such portals are widespread across the US and are not only used by locals, but also by Americans living across the country to pay bills and taxes for property they own in other cities or states. In 2017, a hacker group began targeting self-hosted Click2Gov portals that had been lagging behind with software patches. According to a FireEye report, this hacker group developed two never-before-seen malware strains named Firealarm and Spotlight, specifically for attacks Click2Gov portals. The first malware was capable of sifting through Click2Gov logs to identify and steal payment card data, while the second was designed to intercept card data in real-time, from HTTP traffic. During 2017 and 2018, the group is believed to have compromised the Click2Gov portals of at least 46 US cities and stolen up to 300,000 payment card details, according to reports from Risk Based Security [1, 2] and Gemini Advisory. Once sold on carding forums, Gemini Advisory researchers believe the stolen card details netted hackers over $1.7 million in revenue. New attacks last month But after the initial attacks, Central Square (then named Superion) did its due diligence and released security updates to address the various vulnerabilities hackers were using in previous attacks. But in a report shared with ZDNet today, Gemini Advisory said that hackers have continued to breach new Click2Gov portals. The company said it recently discovered a new 20,000 batch of payment card details that it tracked to compromises of Click2Gov portals at eight US cities. All eight were running up-to-date Click2Gov versions, and all hacks took place last month, August 2019. In addition, six cities had also suffered Click2Gov compromises in the first wave of attacks, in 2017 and 2018. New victims: Pocatello, ID; Broken Arrow, OK. Re-compromised victims: Palm Bay, FL; Deerfield Beach, FL; Milton, FL; Coral Fields, FL; Bakersfield, CA; Ames, IA. Currently, Gemini Advisory can't say how the hackers got in. For the six towns that had been compromised in the past, it may be possible that hackers left a hidden backdoor during the first hack, which they used to re-gain access to Click2Gov systems this summer. However, it remains unclear how hackers gained entry to the Click2Gov portals of the two other cities that weren't compromised before. One could point the finger at a new Click2Gov vulnerability, but things aren't that easy. Hackers could have very easily used spear-phishing, password spraying, or credential stuffing attacks to gain access to an administrator's account. Blaming the attacks on a new vulnerability may not be accurate. A Central Square spokesperson did not return a request for comment before this article's publication seeking more information from the company's side. US cities notified "Gemini attempted to reach out to several of these eight towns about the second wave of breaches; while most did not respond, those that did confirm a breach in their Click2Gov utility payment portals," the company said today in its report. "Certain towns that did not respond to Gemini's outreach have taken their Click2Gov portals offline shortly after we attempted to contact them." Everyone who paid taxes or bills on the Click2Gov self-service portals of the eight aforementioned cities are now advised to review payment card logs and request new cards from their banks. Source Link to comment Share on other sites More sharing options...
Ha91 Posted September 30, 2019 Share Posted September 30, 2019 I guess you can never beat the intelligence that can be on ground. We pay bills physically to banks at our Island and no one ever got hacked or robbed 😝 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.