In December, Click2Gov, a service used for numerous payments like utilities and parking tickets, experienced a cybersecurity breach that compromised more than 300,000 records for users in the United States and Canada. While this breach was dealt with and patched, it appears that this was not enough as Click2Gov is dealing with a similar incident all over again.
According to Gemini Advisory, which covered the initial Click2Gov breach in 2018, the attack began around August 2019 and “over 20,000 records from eight cities across the United States” were discovered to be compromised. This number is smaller than the breach last year, but it should be noted that six of the eight cities were previously targeted in the 2018 attack. For this reason, it can be surmised that the number of Click2Gov user records compromised are lower because of the patches implemented. Nevertheless, these patches clearly were not enough as the attackers exploited flaws for a second time.
Gemini Advisory describes the intrusion a result of not keeping patches up-to-date. The initial patches employed in the Click2Gov system worked, however, this is not enough to keep attackers at bay. Gemini Advisory had this to say about the situation:
Given the success of the first campaign, which generated over $1.9 million in illicit revenue, the threat actors would likely have both the motive and the budget to conduct a second Click2Gov campaign... only users who key in payment card details appeared to be susceptible to card interception attacks, while those relying on automated bill pay may not be affected. Only locally hosted systems were vulnerable to attacks; cloud-hosted instances were unaffected... six of the eight cities’ systems were compromised... Some of these victims resided in different states but remotely transacted with the Click2Gov portal in affected cities, potentially due to past travels or to owning property in those cities.
There is no such thing as a miracle cure when it comes to cybersecurity solutions. It is up to the individuals who make policy to try to stay ahead of their attackers. Frequent patching is one of the ways that this can be achieved.
Featured image: Flickr/ World’s Direction