Data security, the protection of confidential information from unauthorized access, is a top-of-mind issue today that touches nearly every sector of the economy, cutting across private and public institutions, both large and small. Since 2020 and the Covid-19 pandemic and the increasing reliance on interconnected devices and systems, attacks on data and cyber networks have been constant. Among the most well-known variety of data breaches is ransomware[1]—a kind of malicious software (“malware”) that blocks access to files and information until a ransom is paid. The implications of these attacks are often costly, have caused shifts in industries like insurance, and disrupt how companies, governments, and individuals operate.
Local Governments and Insurance:
Municipalities and local governments are vulnerable to data breaches for several reasons among them limited resources to invest in robust cybersecurity infrastructure and qualified personnel, complexity of systems they manage, but particularly they are attractive targets for cybercriminals and state-sponsored attackers because of the sensitivity of data they hold. These cyberattacks disrupt services, hurt credibility with taxpayers and rating agencies, and lead to rising cyber insurance costs, particularly for local governments. One solution to this vulnerability calls for increased federal involvement in local government cybersecurity, akin to disaster recovery support and national insurance programs like the National Flood Insurance Program. Another is a more centralized state-level approach through the State and Local Cybersecurity Grant Program to enhance local government cybersecurity readiness and risk management. Human errors, though, cause most breaches, which emphasizes the importance of implementing measures like single sign-on and multifactor authentication. However, there is a gap in training and preparedness, especially at the local government level. Strengthening training and planning efforts is vital as the cybersecurity threat landscape worsens, and resilience becomes paramount[2].
Data Security in the Legal Setting:
As of the writing of this post, the Judicial Branch of the state of Kansas is grappling with a major computer outage that has affected its court system since October 12th which is suspected to be a ransomware attack. The incident has disrupted the state's courts, leaving attorneys unable to access online records and forcing them to file motions on paper. The situation has significantly slowed down court operations, leading to a backlog of paper documents that will need to be processed later. While some other states have experienced ransomware attacks on their court systems, Kansas has seen one of the most severe disruptions. As of the first week of November[3], the courts are working on a phased approach to restore information systems, but there is no set timeline for full restoration. The process involves upgrading firewalls, rebuilding the network, and enhancing the technology environment to ensure safety and security. An investigation is ongoing to determine the extent of the attack, whether a ransom demand has been made, and when the systems will be fully restored.
The First Judicial Circuit of Florida also experienced a data breach[4] in early October and continues to investigate the incident. The Circuit responded quickly to the incident by temporarily disconnecting computer systems to protect sensitive information. However, the Circuit indicated the breach may have affected data including personal information such as names, Social Security numbers, taxpayer identification numbers, dates of birth, driver's license information, and state identification numbers. Unlike the Kansas breach, at least to date, a hacker group has claimed responsibility for the ransomware attack on the Florida Circuit. These incidents have highlighted the importance of cybersecurity in maintaining critical public services.
While local governments, hospitals, and educational institutions experience the bulk of data breaches and ransomware attacks, law firms also make attractive targets for hackers due to their handling and storage of personally sensitive, client confidential information. Again, people are the primary vector through which breaches occur, and although email has historically been the primary way hackers gain access, browser-based attacks are on the rise. For instance, two of these browser-based schemes[5] have been employed to target employees at law firms.
The first scheme uses Search Engine Optimization (SEO)—essentially the appearance and position of websites in search engine results—by hijacking websites and inserting content and wording that is likely to come up as a top result when employees search for legal templates. For example, “contract salary calculator,” and “professional firefighters association collective agreement" have been used. Employees who visit these sites and subsequently download a template are actually downloading malware that can then give hackers access to their computers and network environments.
In another scheme, hackers compromise multiple websites and use them as bait to attract victims in what is known as a watering hole attack. One specific example involves a Notary Public service website in Miami, Florida. The attackers manipulated the website to display an official-looking, yet fake message urging visitors to update their Chrome Browser, but this was a ploy to trick them into downloading malware. By infecting many less-visited websites, like the Notary Public site, attackers hope to capture higher-value targets, such as legal firms, who most tend to frequent such sites.
Ultimately, these schemes are only a couple examples of how bad actors put the data security of individual people, businesses, and local governments at risk and highlight the importance of vigilance, especially as methods of attack evolve and technology becomes more sophisticated. Ask your employer or consult your IT department for additional information on how to spot a potentially compromised website, file, or email, particularly in a field like law where the protection of confidential information is vital and required for ethical, competent practice.
[1] https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/ransomware
[2] https://www.route-fifty.com/cybersecurity/2023/09/cyberattacks-local-agencies-grow-cyber-insurance-increasingly-out-reach-many/390036/
[3] https://www.kscourts.org/Newsroom/News-Releases/News/2023-News-Releases/November-2023/Judicial-branch-working-on-phased-recovery-of-its
[4] https://www.firstjudicialcircuit.org/NoticeofDataIncident
[5] https://www.esentire.com/blog/hackers-attack-employees-from-six-law-firms-with-the-gootloader-and-socgholish-malware-using-fake-legal-agreements-and-malicious-watering-hole-s-reports-esentire