For example, the 2020 ransomware attack on TrialWorks a legal document management firm resulted in trial documents from scores of firms being held hostage by ransomware actors. Sophisticated cyber adversaries are increasingly moving downstream from law firms themselves, compromising legal supply chains.
#Accellion breach software#
Among other things, they should take stock of software and services they rely on. But law firms need to think holistically about the risk of sophisticated cyber attacks and ransomware. For example, another Accellion victim, QIMR Berghofer Medical Research Institute, acknowledged that it had mistakenly left clinical trial data on the Accellion FTA server long after it had been transferred, setting up a breach there after the FTA vulnerabilities were discovered and exploited.Īccellion’s advice for FTA customers is to migrate to a newer product, kiteworks. But they also introduce risks, both in the form of attacks on software flaws and inadvertent leaks. Tools like FTA help manage those data flows. Like other organizations, law firms manage huge volumes of sensitive data as a core part of their business. And attacks against firms large and small are on the rise. The global firm DLA Piper was, for example, one of the companies hit by the NotPetya wiper malware. The incident should be a wake up call for law firms, which have long been targeted by sophisticated cyber adversaries. Mandiant said both groups played a role in prior cyber operations by a group it calls “FIN11,” an active and financially motivated hacking group that is known to rely on sophisticated phishing email campaigns and to conduct high-volume ransomware and extortion operations involving - lately - the CL0P ransomware.Īccording to a statement by Accellion, multiple FTA customers who have been attacked by UNC2546 have received extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS". The initial compromise was attributed to a threat actor with the label UNC2546, and the subsequent extortion activity to a group known as UNC2582. Mandiant pinned the blame for the attacks on separate malicious actors. (As of Tuesday, Jones Day’s name and data had been removed from the _CL0P^_-LEAKS site, suggesting some development in the ransomware attack.)Īt the root of this incident is Accellion’s FTA product, a secure file transfer application variously described as a “legacy” product and a 20 year-old product “nearing the end of its life.” An analysis by the firm Mandiant/FireEye found that the attackers leveraged no fewer than four “zero day” software vulnerabilities in their attack, including previously undiscovered SQL injection and server side request forgery (SSRF) flaws. The Australian firm Allens also had client data stolen in the attack, according to reports. The firm joined a number of other companies as victims of the Clop ransomware attack, including SingTel, the Singapore-based telecommunications firm, technology firm Danaher and the U.S. It was among a group of companies who had sensitive data posted to _CL0P^_-LEAKS, a “dox” website run by the Clop ransomware gang containing data stolen from the group’s victims, often as a way to compel payment of its ransom. According to published reports, it was the victim of a supply chain attack on the FTA file transfer software by the firm Accellion. Jones Day is the fifth largest law firm in the U.S., with more than 2,500 attorneys and $2 billion in revenue.
Recent reports that the law firm Jones Day was a victim of a damaging supply chain attack just hammer that point home and also highlight the growing risk landscape for law firms. More and more, that kind of data is of interest to both cyber criminal groups and nation-state actors. However, they are rich targets holding highly sensitive data, communications, financial information and intellectual property on behalf of their clients. They don’t serve millions of customers like big box retailers. True, law firms don't sport the massive IT footprints of healthcare organizations or financial services firms. You might not think of law firms as top targets for cyber criminals, but they surely are. In recent years, that has included work with a growing number of global law firms, where QOMPLX technologies like our Identity Assurance and Privilege Assurance products and Q:SCAN help spot and manage cyber risk. At QOMPLX we're often called on to help companies assess their vulnerability to sophisticated cyber attacks.
0 kommentar(er)
