Hackers can now steal card numbers from local government payment portals

There is an unknown hacker group responsible for numerous breaches that have been reported by local governments across the US.
In the report published today, we find that this yet-to-be-identified hacker group has been breaking into Click2Gov servers in order to plant a malware that is used to retrieve payment card details.

For those who don’t know Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and you can find a Click2Gov server installed anywhere from small towns to large metropolitan areas, where it’s used to handle payments for utility bills, permits, fines, and more.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

After the investigations, researchers found that this new hacker group has been attacking Click2Gov portals for almost a year. Responsible for this cybersecurity flaw seems to be a flow present in the Oracle WebLogic Java EE application server, that is used to gain a foothold and install a web shell named SJavaWebManage on hacked portals.

The hackers are using the web shell to turn on Click2Gov’s debug mode, which starts logging payment transactions, card details included and then latter detect and extract payment details from HTTP network traffic.
Superion released a statement about suspicious activity on a number of customer portals, claiming it was investigating the incidents.
Superion didn’t answer the accusations, but the company did release a Click2Gov patch.

Even with this patch, we find out that there are new incidents with another nine cities that reported Click2Gov security incident.
News of the Click2Gov hacks will probably continue to come and many similar incidents affecting the GovPayNow portal will be reported because the process of updating them is slow and decentralized.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.