in ,

Payment card thieves hack Click2Gov bill paying portals in 8 cities, Ars Technica

Payment card thieves hack Click2Gov bill paying portals in 8 cities, Ars Technica


      HACKED –

             

New wave of attacks comes after previous Click2Gov hack compromised 300 k payment cards.

      

          –

  

        

Payment card thieves hack Click2Gov bill paying portals in 8 cities

(In) and 2018, hackers compromised systems running the Click2Gov self-service bill-payment portal in dozens of cities across the United States , a feat that compromised 300, 00 0 payment cards and generated nearly $ 2 million of revenue. Now, Click2Gov systems have been hit by a second wave of attacks that’s dumping tens of thousands of records onto the Dark Web, researchers said on Thursday.

The new round of attacks began in August and have so far hit systems in eight cities, six of which were compromised in the previous episode, researchers with security firm Gemini Advisory said in apost. Many of the hacked portals were running fully up-to-date systems, which raises questions about precisely how the attackers were able to breach them. Click2Gov is used by utilities, municipalities, and community-development organizations to pay bills and parking tickets as well as make other kinds of transactions.

“The second wave of Click2Gov breaches indicates that despite patched systems, the portal remains vulnerable,” Gemini Advisory researchers Stas Alforov and Christopher Thomas wrote. “It is thus incumbent upon organizations to regularly monitor their systems for potential compromises in addition to keeping up to date on patches.

So far, more than 20 , 00 0 records swept up in the new round of hacks have been offered for sale on online crime forums. While the breaches affect eight cities located in five states, payment cards belong to people in all 50 states have been compromised. Some of the card holders didn’t live in the cities that were affected but transacted with the breached portals, possibly because of past travels to those cities or because holders owned property there, the researchers said. The cities with hacked portals are:

City (State) *******************************
Deerfield Beach FL
Palm Bay FL
Milton FL
Bakersfield CA
Coral Springs FL
Pocatello ID
Broken Arrow OK
Ames IA

Those appearing in blue were hit for the first time.

Map depicting cities affected only by the original Click2Gov breach (yellow) and those affected by the second wave of Click2Gov breaches (blue).

Enlarge/Map depicting cities affected only by the original Click2Gov breach (yellow) and those affected by the second wave of Click2Gov breaches (blue).

Gemini Advisories

Representatives with CentralSquare Technologies, the company that markets Click2Gov, wrote in a statement:

We have recently received reports that some consumer credit card data may have been accessed by unauthorized or malicious actors on our customers’ servers. It is important to note that these security issues have taken place only in certain towns and cities.

We have immediately conducted an extensive forensic analysis and contacted each and every customer that uses this specific software, and are working diligently with them to keep their systems updated and protected. At this time, only a small number of customers have reported unauthorized access.

According to a (September) postfrom security firm FireEye, the initial round of attacks typically started with an attacker uploading a Web shell to hacked Click2Gov Web servers. The Web shell put systems into debug mode and then wrote payment-card data to plaintext files. Attackers then uploaded two custom tools. One tool that FireEye dubbed Firealarm parsed the logs, retrieved payment card data, and removed log entries not containing error messages. The other tool, called Spotlight, intercepted payment-card data from HTTP network traffic.

“It is not known how the attacker compromised the Click2Gov Web servers, but they are likely employed an exploit targeting Oracle Web Logic such as CVE – 2017 – 3248, CVE – 2017 – 3506, or CVE – 2017 – 10271 , which would provide the capability to upload arbitrary files or achieve remote access, ”FireEye’s post said, referring to the earlier round of hacks.

People who have made transactions to Click2Gov systems should check their payment-card statements regularly over the next few weeks.

                                 

                  

Brave Browser
Read More
Payeer

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Amazon employees are walking out of work in a historic protest on climate change, Recode

Amazon employees are walking out of work in a historic protest on climate change, Recode

Rape Accused Chinmayanand Has Admitted to Almost Every Allegation, is Ashamed of His Acts: SIT Chief – News18, News18.com

Rape Accused Chinmayanand Has Admitted to Almost Every Allegation, is Ashamed of His Acts: SIT Chief – News18, News18.com