A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day said in a statement that they are investigating the breach and are in discussion with affected clients and respective authorities.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Supply chain attacks are an emerging kind of threat increasingly used by cyber criminals. The SolarWinds hack is a very recent case demonstrating the sophistication and the impact that this type of attack may have. A new culture is required by organisations to effectively manage this new reality; they need to enforce for the entirety of their third parties a minimum level of cybersecurity controls (both organisational and technical) prior to giving them access to any of their information assets. Given the vast number of third parties an organization may digitally interact with, a standardised, automated and holistic cybersecurity evaluation process should be in place.</p>
<p style=\"font-weight: 400;\">We are likely to see more breach disclosures originating from the Accellion file-sharing data breach over the forthcoming months.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Business leaders can take appropriate action now to help maintain the trust with their customers, partners and employees. They can achieve this by carrying out due diligence with their organization to understand if the Accellion data file sharing tool is in use, and/or was in use in the past.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Being transparent with customers, partners and employees about this tool usage and potential exposure allows for appropriate actions to be taken.</p>
<p style=\"font-weight: 400;\">A targeted ransomware organisation strikes again. Jones Day has said that the breach occurred because of a third-party was compromised. This attack by CLOP highlights the need for organisations to install robust security that defends themselves before their intellectual property is being stolen or altered.</p> <p> </p> <p style=\"font-weight: 400;\">This is a good example of a trend that we have seen emerging in 2020 and will continue to rise in 2021, that security protection tools have been (and will be) bypassed. It is becoming an emergency for companies to start thinking about detection strategies instead of protective measures. In this case, it appears that the trust in a third-party service has led to a breach.</p> <p> </p> <p style=\"font-weight: 400;\">As Ransomware gangs are becoming ever more opportunistic, and it is critical that security operations teams are able to pervasively detect and respond to attacks. Detecting and responding to indicators of possible malware lurking on a network can make the difference between a contained incident or a damaging organisation-wide outage, breach or significant financial loss. </p> <p> </p> <p style=\"font-weight: 400;\">In situations such as these, the performance and analytical power of AI can be hugely beneficial for organisations needing to detect the subtle indicators of targeted ransomware behaviours and the misuse of privileged credentials from networks and the cloud. With AI, this can be done at a speed and scale that humans and traditional signature-based tools simply cannot achieve. Ransomware will continue to be a potent tool in cybercriminals’ arsenals as they attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets. It is therefore vital that organisations take all the necessary requirements to detect and respond to attacks that can potentially cause damage to their customers, as well as to themselves.</p>
<p style=\"font-weight: 400;\">The breach suffered by Jones Day, a prominent law firm in the US, is not the first incident of CLOP ransomware that we’ve seen recently, and it is a strong reminder to companies to ensure tighter security on their networks.</p> <p> </p> <p style=\"font-weight: 400;\">With the threat of ransomware only continuing to increase, in order to protect themselves and their customers, organisations need to take the more pragmatic approach of assuming breach and not trust any traffic, inside or outside the network. Instead, only grant users access to what they absolutely need in order to do their jobs, and block the rest of the traffic by default.</p> <p> </p> <p style=\"font-weight: 400;\">Micro-segmentation can often help limit the reach and impact of ransomware attacks, allowing companies to easily isolate breaches, prevent lateral movement and enforce granular security policies. Further, granular and real time visibility into network activity enhances the ability of security teams to detect potentially malicious behaviour. Breaches like these are a good reminder for organisations to pause, take stock and ensure they are protecting their networks from opportunistic cyber criminals to the best of their ability.</p>
<p>The Accellion breach highlights one of the key weaknesses of external file transfer systems, but also the over-arching issue of security versus convenience. When uploading any kind of sensitive file to an online repository, document transfer service, or even attach it to an email, it is best practice to encrypt the said file, and then provide your intended recipient with the decryption key through alternate means. This ensures that should a breach occur, your files are not in plaintext for the taking. It may be tempting and convenient to trust reputable external services, but when it comes to sensitive files, such as the legal documents affected in this case, there is no substitute for robust encryption and keeping unprotected instances local only.</p>