More than 80 government sites have been impacted due to their TLS certificates not being renewed. A good number of these sites now cannot be accessed by the public. Some of the known websites that are affected include NASA, The DOJ, and the Court of Appeals. This comes on the heels of the government shutdown, in which a massive number of employees have been furloughed–including those in the IT support and cybersecurity fields. Websites that had implemented correct HSTS policies can’t be accessed at all, not even to simply browse them. On the other hand, the sites where proper protocol wasn’t in place users received a HTTPS error within their browser, which can be bypassed and accessed through HTTP. An increased amount of cyber-attacks could be seen since authentication and traffic credentials are no longer encrypted giving way for threat actors to compromise them.
Analyst Notes
Users should not log in to any of these government sites. If they are being used for browsing purposes, no sensitive actions should be performed.