Cybersecurity Expert Commentary: Hacker Claims To Have Stolen Files Belonging To Law Firm Jones Day

By   ISBuzz Team
Writer , Information Security Buzz | Feb 17, 2021 05:24 am PST

hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day said in a statement that they are investigating the breach and are in discussion with affected clients and respective authorities.

Notify of
8 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Yiannis Fragkoulopoulos
Yiannis Fragkoulopoulos , Customer Security & Professional Services Director
February 19, 2021 5:21 pm

<p>Supply chain attacks are an emerging kind of threat increasingly used by cyber criminals. The SolarWinds hack is a very recent case demonstrating the sophistication and the impact that this type of attack may have. A new culture is required by organisations to effectively manage this new reality; they need to enforce for the entirety of their third parties a minimum level of cybersecurity controls (both organisational and technical) prior to giving them access to any of their information assets. Given the vast number of third parties an organization may digitally interact with, a standardised, automated and holistic cybersecurity evaluation process should be in place.</p>

Last edited 3 years ago by Yiannis Fragkoulopoulos
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
February 18, 2021 3:20 pm

<p style=\"font-weight: 400;\">We are likely to see more breach disclosures originating from the Accellion file-sharing data breach over the forthcoming months.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Business leaders can take appropriate action now to help maintain the trust with their customers, partners and employees. They can achieve this by carrying out due diligence with their organization to understand if the Accellion data file sharing tool is in use, and/or was in use in the past.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Being transparent with customers, partners and employees about this tool usage and potential exposure allows for appropriate actions to be taken.</p>

Last edited 3 years ago by Niamh Muldoon
Gregory Cardiet
Gregory Cardiet , Security Engineer International
February 18, 2021 3:19 pm

<p style=\"font-weight: 400;\">A targeted ransomware organisation strikes again. Jones Day has said that the breach occurred because of a third-party was compromised. This attack by CLOP highlights the need for organisations to install robust security that defends themselves before their intellectual property is being stolen or altered.</p> <p> </p> <p style=\"font-weight: 400;\">This is a good example of a trend that we have seen emerging in 2020 and will continue to rise in 2021, that security protection tools have been (and will be) bypassed. It is becoming an emergency for companies to start thinking about detection strategies instead of protective measures. In this case, it appears that the trust in a third-party service has led to a breach.</p> <p> </p> <p style=\"font-weight: 400;\">As Ransomware gangs are becoming ever more opportunistic, and it is critical that security operations teams are able to pervasively detect and respond to attacks. Detecting and responding to indicators of possible malware lurking on a network can make the difference between a contained incident or a damaging organisation-wide outage, breach or significant financial loss. </p> <p> </p> <p style=\"font-weight: 400;\">In situations such as these, the performance and analytical power of AI can be hugely beneficial for organisations needing to detect the subtle indicators of targeted ransomware behaviours and the misuse of privileged credentials from networks and the cloud. With AI, this can be done at a speed and scale that humans and traditional signature-based tools simply cannot achieve. Ransomware will continue to be a potent tool in cybercriminals’ arsenals as they attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets. It is therefore vital that organisations take all the necessary requirements to detect and respond to attacks that can potentially cause damage to their customers, as well as to themselves.</p>

Last edited 3 years ago by Gregory Cardiet
Raghu Nandakumara
Raghu Nandakumara , Field CTO
February 18, 2021 2:52 pm

<p style=\"font-weight: 400;\">The breach suffered by Jones Day, a prominent law firm in the US, is not the first incident of CLOP ransomware that we’ve seen recently, and it is a strong reminder to companies to ensure tighter security on their networks.</p> <p> </p> <p style=\"font-weight: 400;\">With the threat of ransomware only continuing to increase, in order to protect themselves and their customers, organisations need to take the more pragmatic approach of assuming breach and not trust any traffic, inside or outside the network. Instead, only grant users access to what they absolutely need in order to do their jobs, and block the rest of the traffic by default.</p> <p> </p> <p style=\"font-weight: 400;\">Micro-segmentation can often help limit the reach and impact of ransomware attacks, allowing companies to easily isolate breaches, prevent lateral movement and enforce granular security policies. Further, granular and real time visibility into network activity enhances the ability of security teams to detect potentially malicious behaviour. Breaches like these are a good reminder for organisations to pause, take stock and ensure they are protecting their networks from opportunistic cyber criminals to the best of their ability.</p>

Last edited 3 years ago by Raghu Nandakumara
Mitch Mallard
Mitch Mallard , Threat Intelligence Analyst
February 17, 2021 2:42 pm

<p>The Accellion breach highlights one of the key weaknesses of external file transfer systems, but also the over-arching issue of security versus convenience. When uploading any kind of sensitive file to an online repository, document transfer service, or even attach it to an email, it is best practice to encrypt the said file, and then provide your intended recipient with the decryption key through alternate means. This ensures that should a breach occur, your files are not in plaintext for the taking. It may be tempting and convenient to trust reputable external services, but when it comes to sensitive files, such as the legal documents affected in this case, there is no substitute for robust encryption and keeping unprotected instances local only.</p>

Last edited 3 years ago by Mitch Mallard

Recent Posts

Would love your thoughts, please comment.x