e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels through which they can engage customers; national and local governments are also investing in providing e-services to their citizens. Many are even striving to work toward developing and nurturing smart cities.

Unfortunately, these government portals are being actively hacked by cybercriminals due to the valuable information they can contain. Governments typically have access to data names, addresses, social security details, and even biometric data. E-services that process payments may also have financial and payment information of their citizens stored in their databases.

These kinds of information are prized by cybercriminals and can be sold for profit over the black market. Click2Gov, a widely used payments portal for local governments in North America developed by CentralSquare, has been actively targeted by hackers since 2016 for the financial information that the portal stores.

As such, it’s imperative for governments to keep their e-services portals secure especially against modern threats. Acknowledging the potential risks that cyberattacks pose, the city of Tel-Aviv recently tapped security firm odix to implement malware-disarming solutions and prevent file-based attacks and malware from getting into and spreading through their e-services portals.

Hilay Selivansky, CTO, Chief Architect and vice CIO at Tel Aviv’s Municipality . “Partnering with odix has made a big impact in relieving us from having to choose between the cutting edge experience our residents love, and keeping their data secure and the city operating properly. We expect that preventing malware attacks with the help of this partnership, instead of just reacting to hackers, will lead to one our best returns on security investments.”

Vulnerabilities to file-based attacks

Hackers have become more creative in their attack methods, exploiting the user experiences that these portals provide. E-services that feature upload forms and require or encourage users to transmit documents directly through the portal are being exploited in file-based attacks.

Hackers can use these forms to send malware disguised as legitimate documents. Once uploaded, the malware can readily execute and instantly cause disruption or damage. Conventional security measures against such attacks involve validating file uploads based on file types and blacklisting certain file types such as executables. Servers could also have antivirus protection to readily intercept malicious uploads.

However, hackers now have access to complex and sophisticated malware that can be used in these attacks. They can disguise malware as legitimate file types such as PDF or JPEG. Some malware even work by using polymorphic code which allows them to mutate independently. Through this mechanism, they can circumvent conventional anti-malware solutions.

Once attackers are able to establish backdoors and deploy their malware and remote access tools into government systems, they can effectively operate as persistent threats that can readily compromise these e-services at their own convenience.

Advanced protection needed

In order to protect against these attacks, governments have to deploy capable tools and solutions to ensure that their portals aren’t used as gateways to infrastructure-wide breaches and attacks.

Security tools such as those provided by odix use content disarm and reconstruction (CDR) as an approach to address advanced malware. Through CDR, files are thoroughly and deeply scanned for any instance of malicious code. It verifies the validity of files even at the binary level. The solution then removes all traces of suspicious code and reconstructs the files to keep them usable.

A key advantage to this approach is that it can deal with both known and unknown malware. Most antiviruses and anti-malware solutions are signature-based. The developers must first know the specific variant of the malware so that they can deploy updated definitions that contain these signatures for the tool to capably detect the threat. Should a novel threat arise, the tool wouldn’t be able to identify it. CDR would be able to.

odix allows organizations to deploy CDR across their infrastructure. It can be deployed on email servers and over the network to sanitize files as they are received or before they are sent to other parts of the network. odix also has an API that developers can use to integrate CDR to existing enterprise solutions.

Aside from such solutions, governments can also employ stricter validation methods, strengthen administrative access to these portals, and block traffic coming from malicious sources. If they are also using the cloud to host, they must also ensure that these instances and accounts are properly configured and secured.

Stakes are high

Government e-services are bound to grow worldwide. According to the UN, almost two-thirds of its member countries already demonstrate a “high-level of e-government development.”

This should ultimately benefit citizens. Digitally driven public services are fast, affordable, and convenient. As digital trends evolve, e-services are also bound to offer new user experiences.

Unfortunately, government portals will remain targets of malicious actors. Considering the data that these portals process and store, it is crucial for governments to secure these channels. They must ensure that the proper security measures are put in place to mitigate all forms of attacks and modern threats.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...