Cybersecurity firm FireEye said it has been tracking a malicious cyberattack against Click2Gov, a software used by local governments to allow citizens to pay utility bills, building permits, and business license fees online. According to a FireEye blog posted yesterday, Click2Gov has been breached multiple times in the past with hackers stealing credit card and Social Security numbers. “In mid-June 2018, numerous media reports referenced at least seven Click2Gov customers that were possibly affected by this campaign,” FireEye explained. “Since June 2018, additional victims have been identified in public reporting.” In June of this year, Cyber Risk Analytics found that Click2Gov may have as many as 6,000 users. CentralSquare, the maker of Click2Gov, released a statement in June highlighting its proactive notification to affected customers, work with a third-party forensic firm, and deployment of patches to Click2Gov software, according to FireEye. In the statement, CentralSquare said that there is “no evidence showing that it is unsafe to make payments utilizing Click2Gov on hosted or secure on-premise networks with recommended patches and configurations.” FireEye believes Click2Gov may have been compromised during development because “attacker doesn’t align with any financially motivated threat groups currently tracked by FireEye” and “[t]he attacker’s understanding of the Click2Gov host requirements, process logging details, payment card fields, and internal communications protocols demonstrates an advanced knowledge of the Click2Gov application.” FireEye concluded that “it is possible that tool development could have been contracted to third parties and remote access to compromised systems could have been achieved by one entity and sold to another.”

Read More About
Kate Polit
Kate Polit
Kate Polit is MeriTalk SLG's Assistant Copy & Production Editor, covering Cybersecurity, Education, Homeland Security, Veterans Affairs