{"id":14306,"date":"2019-01-14T09:10:09","date_gmt":"2019-01-14T17:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/14\/news-8058\/"},"modified":"2019-01-14T09:10:09","modified_gmt":"2019-01-14T17:10:09","slug":"news-8058","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/01\/14\/news-8058\/","title":{"rendered":"Government shutdown impacts .gov websites, puts Americans in danger"},"content":{"rendered":"

Credit to Author: Adam Kujawa| Date: Mon, 14 Jan 2019 16:00:00 +0000<\/strong><\/p>\n

If you are in the United States, then you should know we are on our 24th day of a government shutdown. While it is considered a “partial” shutdown, there are still plenty of government workers who are not being paid or have been sent home, furloughed.<\/p>\n

Last week, TechCrunch posted a concerning story<\/a> about the shutdown, which covered the findings of NetCraft<\/a>, a UK Internet service company, who discovered that numerous US government websites are now inaccessible due to expired security certificates.<\/p>\n

This is a quick post to explain what happened, and more importantly, how cybercriminals will use this situation to their advantage.<\/p>\n

Security certificates<\/h3>\n

We aren’t going to dig deep into how security certificates work<\/a> for websites, but the gist is that every vendor or organization that uses a website requires a security certificate for users to access their site with trust. Today, a few browsers, like Chrome, require these certificates before they even let users access the websites. You can recognize when a website uses a valid security certificate, usually indicated by a green lock<\/a> on the URL bar.<\/p>\n

\"\"<\/p>\n

The certificate confirms that the identity of the website that you are communicating with is legitimate. In addition, these certificates make it possible for users to establish a secure connection with the web server hosting the site, which is incredibly important when sending financial or personal information to these sites.<\/p>\n

Since some of the most popular browsers won’t even let users visit a website if it doesn’t have a valid certificate, we now have a lot of users who can’t access government websites because the certificates have expired.<\/p>\n

Why did they expire?<\/h3>\n

So, if a security certificate lasted forever, what would be the assurance that it hasn’t been stolen by a criminal who will then be able to use it on their own malicious websites? Because of this reason, and probably some other ones, certificates do expire and it requires the organization that owns the website to purchase and deploy a new certificate that is up to date.\u00a0 Think of it like yearly fees to renew your car tags.<\/p>\n

The reason these certificates were allowed to lapse is because there is nobody renewing them.\u00a0 Apparently, most US organization websites maintain their own certificates.\u00a0 This is why not ALL U.S. gov websites are down, just a few of them (at least right now).\u00a0 With the government partial shutdown, the people in charge of making sure citizens can access their websites by keeping these certificates up to date are unable to do their jobs, which eventually leads to users being unable to access these sites at all.<\/p>\n

The Danger<\/h4>\n

Okay, so obviously not being able to access some government websites is a pain, but it isn’t anything that your regular person needs to worry about, as long as they aren’t frequent visitors to these gov sites. However, with any opportunity, you can bet that cyber criminals are going to take advantage.<\/p>\n

That is why we want to make sure that we share some vital warnings about how this shutdown may help cyber-criminals.\u00a0 Please, share this with everyone you know, at least until the shutdown is over<\/em>.<\/p>\n

Cyber criminals frequently utilize real world events in order to trick users into clicking on a link, downloading or sharing something.\u00a0 You can look back at a couple of instances where events in Syria directly influenced the actions of cyber criminals<\/a>, be it state sponsored or otherwise.\u00a0 In another case, the Boston bombing from a few years back<\/a> was used to try and scam people.<\/p>\n

\"\"<\/a><\/p>\n

Fake YouTube page setup to infect Syrian rebels.<\/p>\n<\/div>\n

With that being said, you can expect that users who are looking for government websites, especially if they offer some kind of service or require some kind of personal information or login to access, is going to be copied by cyber criminals and likely be presented as an alternative way to access the same website.<\/p>\n

\"\"<\/a><\/p>\n

Fake Singapore Government Website – From Gov.SG<\/p>\n<\/div>\n

While most users are likely not going to be affected by this very much, those that rely on social services and likely older folks will be looking for a way to access these sites, for whatever reason.\u00a0 When they go to search for the site, their first link might take them to a dead end, since the security certificate had expired, however the second or third link might work and take the user to a page that looks exactly where they want to go.\u00a0 Classic phishing attack.<\/p>\n

What to do about it?<\/h4>\n

The best thing to do right now is share this information with those close to you so they don’t make a mistake and give away valuable personal info just because the government has issues keeping itself open.\u00a0 Also, be vigilant moving forward, not just for this case but for others, any bit of sensational news needs to be investigated outside of a link telling you to click.<\/p>\n

The bad guys know human behavior and they know that people can’t help clicking on things that are either convenient or scandalous and sensational. Prove them wrong.<\/p>\n

Stay safe and safe surfing!<\/p>\n

 <\/p>\n

 <\/p>\n

The post Government shutdown impacts .gov websites, puts Americans in danger<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Adam Kujawa| Date: Mon, 14 Jan 2019 16:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Today, TechCrunch posted a concerning story about the shutdown and most importantly, they covered the reporting of NetCraft, a U.K. internet service company, about how numerous US government websites are now inaccessible due to expired security certificates. This is going to be a quick post to help explain what happened and more importantly, how cyber criminals will use this situation to their advantage.<\/p>\n

Categories: <\/p>\n