DTX Manchester DTX Manchester
  • About Us
Sunday, 28 February, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

International law firm Jones Day hacked with data posted on dark web 

Compromising a business is a matter of identifying the weakest link

by Sabina
February 19, 2021
in Editor's News
Share on FacebookShare on Twitter

This week, it was confirmed that international law firm Jones Day had data stolen from cybercriminals and is a direct result of the wider data breach suffered by file-sharing service Accellion. The hacker, which goes by the name Clop, had uploaded much of the sensitive information on the dark web which may have included data on prominent clients like Donald Trump.

When contacted by reporters at VICE as to why they carried out the attack, the response given was “what do you think? financial of course.”

The first to notify the breach had occurred was the website DataBreach.net which posted images of the stolen files that had been posted by Clop on the Dark Web proving the attack had happened.

The attack stemmed from a zero-day vulnerability within Accellion’s legacy file-transfer system which was exploited and led to other big named companies to be impacted, including telecoms providers Optus, Singtel, and law firm Goodwin Procter LLP.

The site DataBreached.net was the first to report on the incident and published screenshots of stolen Jones Day files that the Clop group posted on the Dark Web as proof it has the goods. The group told DataBreaches.net it didn’t encrypt the files, just stole copies of information. The Clop crew also said Jones Day hasn’t responded to its requests.

Providing industry insight and advice are the following cybersecurity experts:

Martin Jartelius, CSO at Outpost24 

So what we are seeing now are the effects of the Accellion intrusion from December, which has already been discussed in relation to for example Singtel and others. It’s an external file sharing solution that’s decades old, and has been used by several organizations. As we are seeing more and more data related to the breach hitting the news, other organizations that have used the services should review and prepare processes to inform any clients and any individuals for whom data has been processed on this platform. Noting that we are approaching a two month mark from when the breach likely occurred, those who suspect they may be affected should consider informing any affected data subjects at the soonest in line with current privacy legislation and not wait and hope for the best. 

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Centre)

“Modern business is based on an ecosystem of technology providers that form a digital supply chain. Compromising a business is then a matter of identifying the weakest link and accessing the data that it has on the business and its clients. While it is traumatic for any business leader to find themselves in the press for a data breach, the incident represents an opportunity. When a breach occurs, it’s the result of an exploitable weakness in the system and ecosystem. That weakness could be an unpatched vulnerability, misconfiguration, compromised credentials, or any number of other issues – and rarely is it only a single weakness that leads to data being stolen. It’s the cyber criminals who decide the rules of their attack, and those rules are based in part upon the data they encounter and the tools available to them. Reputational damage is inevitable following a cyber-attack, and one way to rebuild trust is to be transparent about the nature of the attack, but also the tactics used. Not only does such transparency rebuild client trust, but it also can serve as a warning to other businesses who might have similar “best practices” to those that were exploited and who haven’t yet been compromised.”

Sam Curry, chief security officer at Cybereason

“Attorney client privilege is vitally important and should be respected, not just by attorneys and courts. but by anyone. A right to defence and fair trial is a critical ingredient of our society. However, the size of the leak is not as important as the substance. For instance, image files can be very large compared to text files. The same is true of audio or video for depositions. The big concern here is where did the data go and how will it be used, not how much of it there is.

It’s never a good option to pay a ransom, but it may be better than some alternatives. Are lives on the line in a hospital? Do the systems manage critical infrastructure in an energy plant? No one wants to pay, but this decision must be the victims once we rule out illegal entities and funding terrorists or banned organisations. The best solution is to not have single points of failure and to prepare ahead of time. After the fact is messy. Ransomware works. It’s where the money is. Rather than a comeback or discussion of tools, we should realise that this is the nature of crime. It will continue to grow as long as it is hugely profitable and not addressed. We need to deploy solutions that can stop it cold, we need to collaborate, we need to prepare ahead of time, or the beast will continue to get fed and keep on growing.”

Lamar Bailey, senior director of security at Tripwire:

“The old saying a chain is only as strong as its weakest link also holds true for today’s extensive supply chains. If one of the products used by an organization is exploited, it opens up the organization to breaches also. Organizations need to be using threat intelligence services to alert them on any exploits or breaches of any provider or product (hardware and software) that is in use or has access to the network. When an alert  is received quickly asses if  the vulnerable versions of the hardware or software are in use and take remediation actions. If a supplier was breached, access what access the supplier had in the network and what data was accessible then take actions to lock it down until remediations are in place.”

Eoin Keary, CEO and founder of Edgescan: 

“In recent years legal and accountancy firms have been increasingly targeted as a pivot point to access data for larger organisations that are clients of these firms. This is because it is understood that associated legal and accountancy firms may not have the level of rigour in terms of cyber security that their clients may have implemented. Unfortunately, they may hold or be custodians of very sensitive data but not have the controls to protect it. You can outsource the service, but you can’t outsource the risk.”
0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Companies unprepared for cloud migration

Next Post

Clubhouse suffer a ‘data breach’

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Npower shuts down app after hackers steal customer bank info  

February 26, 2021
Partnership announcement: Edgescan partners with BSI to deliver safe and secure client solutions

Edgescan partners with BSI to deliver safe and secure client solutions

February 26, 2021
Microsoft building

Microsoft failed to fix known problems that could have prevented SolarWinds hack

February 26, 2021
Microscope

Dutch Research Council experience ransomware attack

February 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept