30 C
Accra
Friday, January 15, 2021
No menu items!

Hackers plant credit card stealing malware on local government payment sites

Must Read

Tarkwa Municipal Hospital gets Breast Care Unit  

The Tarkwa Nsuaem Municipal Hospital has established a Breast Care Unit through the support of AngloGold Ashanti Iduapriem Mine...

Joe Osei Owusu condemns misconduct by some MPs in parliament

The First Deputy Speaker of Parliament, Joe Osei Owusu, has condemned the general misconduct by some members during the...

President Akufo-Addo, 10 others for AfCFTA awards

President Akufo-Addo and ten other African Heads of State and Governments will receive awards for their role in the...

Security firm FireEye has confirmed that a widely used web payment portal used to pay for local government services, like utilities and permits, has been targeted by hackers.
Hackers have broken into self-hosted Click2Gov servers operated by local governments across the US, likely using a vulnerability in the portal’s web server that allowed the attacker to upload malware to siphon off payment card data over a period of “weeks to numerous months,” Nick Richard, principal threat intelligence analyst at FireEye, told TechCrunch.
Superion, a major technology provider that owns the web payment portal Click2Gov, said in June following a confirmed breach last year that there was “no evidence” that the portal was unsafe to use amid reports of suspicious activity by customers.
Superion issued patches after several customers complained that their credit card information had been stolen, but said that it was largely up to local governments and municipalities to patch their servers.
But since then, several more local government sites were identified as victims of the malware.
FireEye’s incident response arm Mandiant said the hacker used the server vulnerability to upload a tool, which it calls FIREALARM, to sift through server log data for credit card data, while another piece of malware it’s calling SPOTLIGHT to intercept credit card data from unencrypted network traffic. Once collected, the data is encoded and exfiltrated by the hacker.
Credit card numbers, expiration dates, and verification numbers, along with names and addresses were stolen by the malware, the security firm said.
But Richard said it’s not known how many victims there are for each compromised server.
“Any web server running an unpatched version of Oracle WebLogic would be vulnerable to exploitation, thus allowing an attacker to access the web server to manipulate Click2Gov configuration settings and upload malware,” said Richard.
FireEye did not say who was to blame for the attacks but said it was “likely” a team of hackers, given the skills necessary to pull off the attack.
“There is much left to be uncovered about this attacker,” FireEye said in a blog post, and anticipates that the hackers will “continue to conduct interactive and financially motivated attacks.”
Superion told TechCrunch that it has “diligently kept our customers informed while working with them to update available patches for the third-party software that contributed to the issue,” and that none of its cloud customers are affected.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Tarkwa Municipal Hospital gets Breast Care Unit  

The Tarkwa Nsuaem Municipal Hospital has established a Breast Care Unit through the support of AngloGold Ashanti Iduapriem Mine...

Joe Osei Owusu condemns misconduct by some MPs in parliament

The First Deputy Speaker of Parliament, Joe Osei Owusu, has condemned the general misconduct by some members during the election of the Speaker and...

President Akufo-Addo, 10 others for AfCFTA awards

President Akufo-Addo and ten other African Heads of State and Governments will receive awards for their role in the coming into force of the...

Indonesia earthquake: Sulawesi hospital among collapsed buildings

Rescuers are searching through the rubble of a partially-collapsed Indonesian hospital after an earthquake struck the island of Sulawesi, leaving at least 34 dead. The...

How to preorder the Samsung Galaxy S21, S21 Plus, and S21 Ultra

During Samsung’s Unpacked event, the company unveiled three new phones as part of the Galaxy S21 lineup the Galaxy S21, S21 Plus, and the...

More Articles Like This