Incidents on government websites compromise services

Hacker attacks and government instability put the lives of millions of companies and citizens at risk, who depend on a single means of access to more than 5 thousand digital public services

With the increasing digitalization of public services, hacker attacks on government platforms have become increasingly frequent. Incidents can cause service disruptions, leaks of sensitive data, and distrust in the security of government systems. In Brazil, several government entities and platforms have already been the target of cyber attacks, and the impact varies depending on the severity and response to the threats.

In late July, a “major cybersecurity incident,” in the government’s words, shut down the Electronic Information System (SEI) and some functionality of the National Electronic Process, through which the processes of nine ministries are processed. THE Federal Police (PF) and the Brazilian Investigation Agency (Abin) were called to investigate the incident.

At the time, servers were asked to change Office and Gov.br passwords, particularly those working with Siafi, the federal government’s financial management system, which suffered an invasion attempt in April, in which servers criminals tried to move at least R $ 15 million, as reported in the newspaper Folha de S.Paulo.

The threat to digital environments has only increased in recent years. Second lifting from Veja magazine, since 2020, there have been more than 50 thousand cases, including records of security breaches of federal networks and vulnerability alerts issued by the Center for Government Cyber ​​Incident Prevention, Treatment, and Response (CTIR Gov). During this period, almost 5 thousand confirmed cases of confidential data leaks occurred.

Many government systems store information such as CPF, medical and financial history. An attack resulting in the leak of this data could have serious implications, including identity theft and fraud. Furthermore, attacks on critical systems, such as healthcare, judicial or social security platforms, can disrupt essential services, causing harm to the population.

In November 2020, the Superior Court of Justice (STJ) was subject to a cyber attack massive attack that compromised the court’s IT infrastructure. Hackers encrypted court data, paralyzing all court proceedings for a few days. The attack reportedly had the characteristics of ransomware, where cybercriminals demand a ransom for leaking data. It was one of the most serious incidents ever recorded against the Brazilian judiciary.

In December 2021, a cyber invasion hit the Ministry of Health and had a direct impact on the ConecteSUS system, which stores COVID-19 vaccination information.

Gov.br

The Gov.br platform has also been the target of cyber incidents, in which a large amount of sensitive information is concentrated, becoming an attraction for criminals, such as attempts to exploit vulnerabilities by trying to access confidential data. The Brazilian government is constantly working to increase security levels, detect these attempts and mitigate these risks.

Types of cyber incidents include Denial of Service (DDoS) attacks, which overload servers with a huge amount of traffic, making websites inaccessible; exploiting vulnerabilities in the platform’s systems to gain access to users’ personal data, such as CPF information, bank details and other sensitive information; phishing attacks, in which fake websites are created or malicious emails that simulate Gov.br are sent, with the aim of tricking users into entering their credentials or personal information on fraudulent pages, and ransomware incidents, in which users hackers encrypt the data and demand a ransom to be paid to release it.

Numerous warnings have been published by digital security institutions and experts in texts, interviews and press articles about the outdated login and password system and other insecure means of access in the face of the escalation of cyber attacks, which are always one step ahead of any update system.

In January 2023, the Association of Brazilian Registration Authorities (AARB) published text warning about vulnerabilities related to accessing Gov.br without encryption, as well as the weakness of concentrating several services on a single portal. In event held in the same year, the experts reiterated the security of qualified digital signatures, which guarantee the highest level of legal and identification security.

“Centralizing the citizen’s life on a single portal, as in the case of Gov.br, can also reduce bureaucracy in processes, but unfortunately we are dealing with a high degree of cyber incidents, as well as hindering the citizen’s autonomy, that is at the mercy of a single system that, one day, could be invaded or stopped for any technical reason Brazil has advanced in the world ranking of digital governments thanks to the increasing use of technology and automation in public services, but it is necessary . invest in cybersecurity and advanced means of access, such as qualified digital signatures,” says AARB Executive Chairman Jorge Prates.

Users recently reported instability on Gov.br on Tuesday morning (10.10pm). According to reports on social media, the login system to access government resources was inaccessible. On September 17, some instabilities on the website hindered the tender procedures opened on the federal government’s procurement portal.

In one of yours alertsthe CTIR governor recommended the need to take proactive cybersecurity measures to mitigate the risks of successful exploits, such as using a combination of government digital certificates and enforcing multi-factor authentication.

“The use of the ICP-Brasil digital certificate to access systems continues to be the most secure means of authentication, especially for sensitive data. If it were not for this, CTIR Gov would not recommend its use for privileged access processes Therefore, as a security measure, it is important that citizens have an ICP-Brazil certificate, because it is issued by an accredited and trained agent to guarantee the truthfulness, integrity and trust of the application”, adds Prates.

Website: https://www.linkedin.com/company/aarb/

Source: Terra

Rose

Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.