The New Jersey State Bar Association (NJSBA) warns the legal community to take precautions against cybersecurity attacks after it was recently reported that two major attacks wreaked havoc on hundreds of government agencies and businesses, including the New Jersey legal community.
In what is called the Solar Winds attack, regarded by cybersecurity officials as a “nightmare scenario,” software was hacked that is used to manage a wide range of information technology (IT) platforms and functions. The attack allowed spyware called “Teardrop” to access sensitive information and began as far back as 2019. While the focus of the attack was on large businesses and government agencies, almost everyone is likely to work or associate with an organization that was directly hit, it has been reported.
In a separate attack in December, Microsoft said Russia attacked its platform. As a result, the hack extended far beyond the original reach to the general population. The information compromise extended to a wide range of transactions and files, including tax returns, GPS locations, court records, credit card information, company memos and legal records.
The NJSBA, which has begun to see infections in some incoming emails, has taken substantial steps to protect its records and has alerted members who have shown signs of being hacked.
To stay safe, it is important to follow a few guidelines:
- Never trust free software and don’t reuse passwords.
- Regularly update software and computers.
- Scan all inbound and outbound traffic.
- Monitor, detect and report security events and unusual behavior.
- Use a technology scan to mitigate unusual activity.
- Prohibit access to your resources from specific regions, and only allow access from countries where you have business.
- Work with a good technology partner.