November 15 (Portaltic/EP) –
The government web pages They are often perceived as secure, but they are exposed to digital threats, which take advantage of the poor configuration or poor maintenance that they sometimes show, although in others they are the target of attackers.
The Malaga company VirusTotal has shared his report ‘Deception at scale: how attackers infiltrate public administration infrastructures’, which reviews the infiltration of attackers in the IT infrastructure of public bodies.
This report is the third in a series on the current threat landscape, and is intended to help researchers, cybersecurity professionals, and the general public better understand how malicious software attacks are evolving, as detailed from the company in a press release.
The company points out that there are “thousands of domains” that are directly or indirectly linked to government organizations. Users usually understand them as safe, but it is an expectation that “reduces the chances of detecting or blocking possible attacks”, as warned by VirusTotal.
During its investigation, this company has identified “dozens” of government sites in the more than 50 territories that presented some kind of malware Y traces of different ‘webshells’which allow remote access.
The company also refers to how attackers abuse government-related domains in different scenarios, such as in the case of opportunistic attacks, that is, those for which the target is chosen at random.
This type of attack has been detected in a Guatemalan government initiative, in which a PDF invoice as part of a social engineering attack, which later enables ransomware-type attacks, among others.
In the case of trojans and droppers, VirtusTotal refers to the case of a municipality in China, whose website hosted a malicious sample of a Trojan for Windows for three years under different urls. This Trojan had capabilities for taking screenshots and keystrokes.
The Mimikatz ‘exploit’ was detected in the accommodation of a public hospital in Indonesia, which was linked to the deployment of lateral movement toolswhich are used to move around a network without attracting attention.
With regard to ‘webshells’, VirusTotal explains that it is difficult to detect if this element is active, but it allows checking if the government website has hosted ‘malware’ at some point. These have been found in jpg files or zip packages, for instance.
Finally, bad configurations and lack of maintenance of some government websites have led to the exposure of information and have allowed the implementation of ‘phishing’, cryptominers and ‘malware’ in some subdomain.
