News and Updates on Information Technology

United States – CentralSquare Technologies

Exploit: Malware
CentralSquare Technologies: Public Sector Services Provider

Risk to Small Business: 1.977 = Severe: 

Eight cities in three U.S. states that use CentralSquare’s Click2Gov payment systems for municipal transactions were recently affected by a payment card skimming attack that exploited a software vulnerability in the Click2Gov platform. Using Magecart-style malware designed specifically to work on Click2Gov payment sites, cybercriminals were able to capture payment card information from people using the affected Click2Gov sites to make municipal services transactions like paying bills or fines. The attacks began in April 2020 and are ongoing. Reports note that 5 of the 8 cities affected were also targeted in attacks in 2019. The names of the affected cities were not released.  

Individual Risk: 2.378 = Severe

Financial data was directly compromised in this attack, including payment card numbers, expiration dates, and CVV. Similar information from previous attacks against Click2Gov in 2019 and 2018 was made available on the Dark Web quickly. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Payment skimming malware is an increasing threat for any business that processes online payments. Compromised financial and identity information can also hang around in Dark Web markets for a long time, creating continued risk.