RBS is doing a great job of tracking the Click2Gov breaches. In their most recent update, they report:
It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned:
- Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early on, we speculated whether the problem was with the Click2Gov application itself and whether it impacted the cloud-based version of the system. It has since come to light that only local installations are at risk. Attackers are gaining access to application servers due to a known vulnerability in WebLogic and escalating the attack from there.
Few other details about the attack methods have come to light. That said, one intriguing detail has remained consistent – only one-time payments are at risk. Data for customers with auto-pay enabled has not been exposed. That does make us wonder if there is another weakness in play, perhaps associated with the form or page used to enter payment information.
- Nine more incidents involving Click2Gov installations have come to light.
And sure enough, there was another update to note: FireEye issued an analysis and report.