Threat Update – Government and Utility Payment Portal Click2Gov Targeted Again

Researchers with dark web intelligence firm Gemini Advisory discovered a new campaign targeting Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associated with local government services, including utilities. As WaterISAC previously shared in its Security and Resilience Update for September 20, 2018 and December 20, 2018, Click2Gov has had its share of vulnerabilities. This time, over 20,000 records from eight cities in five different states have been offered for sale online via illicit markets. The impacted towns include: Deerfield Beach, Fla., Palm Bay, Fla., Milton, Fla., Coral Springs. Fla., Bakersfield Calif., Pocatello Ida., Broken Arrow, Okla. and Ames, Iowa. Despite reports that many affected towns were operating patched and up-to-date Click2Gov systems, six of the impacted town were compromised in the first breach; demonstrating cybercriminals’ propensity to repeatedly target previous victims. According to Gemini Advisory, the first campaign generated over $1.9 million in illicit revenue, giving threat actors both motive and budget to conduct additional campaigns. Read the article at Threatpost