Wednesday we received the following email from one of our law firm followers. The email was forwarded to Warren County (Ohio) Bar members by the Bar and is from someone at the Ohio Supreme Court. The Supreme Court's source is MS-ISAC, the Multi-State Information Sharing and Analysis Center and is a reliable source for the current Cyber-threat level and response recommendations.
If your law firm isn't taking Cybersecurity as serious as it should, the Warren County Bar Association in Ohio thinks you should.
From: XXXXXX, Lisa [mailto:LisaXXXXX@co.warren.oh.us] Sent: Wednesday, June 22, 2016 2:19 PM Subject: FW: Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE
From: XXXXXX [mailto:members-bounces@XXXXXohiocourtadministration.org] On Behalf Of XXXXXX Stephanie Sent: Tuesday, June 21, 2016 4:31 PM To: 'members@XXXXohiocourtadministration.org' Subject: [OACA-XXXXXXXX] MS-ISAC CYBER ALERT - Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE
We received the following security alert from the Ohio Office of Information Security and Privacy. The notification is regarding a known malicious email campaign targeting attorneys in several other states. The emails are attempting to get the attorney to respond by clicking a link which leads to a malicious download, potentially ransom ware. There is no indication that the malicious emails have targeted any Ohio based attorney groups, but they wanted to share it with all states.
This information was also sent along to the judges but it may be helpful for you to notify others on your staff as well.
From: MS-ISAC XXXXXXXX [mailto:MS-ISACXXXXXXXXXXX@msisac.org] Sent: Thursday, June 16, 2016 2:57 PM To: Thomas XXXXXXXXXXX <ThomasXXXXXXX@cisecurity.org> Subject: MS-ISAC CYBER ALERT - Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE
MS-ISAC CYBER ALERT
TO: All MS-ISAC Members, Fusion Centers, and IIC partners
DATE ISSUED: June 16, 2016
SUBJECT: Malicious Email Campaign Targeting Attorneys Spoofs Emails From Statewide Legal Organizations - TLP: WHITE
In June 2016 MS-ISAC became aware of a malicious email campaign targeting attorneys, which spoofs emails from statewide legal organizations, such as the Bar Association and the Board of Bar Examiners. The subject and body of the emails include claims that “a complaint was filed against your law practice” or that “records indicate your membership dues are past due.” Recipients are asked to respond to the claims by clicking a link which leads to a malicious download, potentially ransomware.
The emails are well written and appear to originate from the appropriate authority, such as an Association official, likely increasing their effectiveness. Reporting from various states indicates a likelihood that this campaign is personalized to individuals practicing in a particular state and may be progressing on a state-by-state basis. The following states have been referenced in public reporting on this campaign: Alabama, California, Florida, Georgia, and Nevada. This targeting may include attorneys working for state, local, tribal, and territorial (SLTT) governments.
MS-ISAC recommends the following actions:
- Share this information with potentially impacted organizations your area of responsibility, including Departments of Law/Justice, related law enforcement agencies, and agency-specific offices of counsel.
- Train government legal professionals in identifying spear phishing emails which may include spoofed email addresses, unusual requests, and questionable and/or masked links. This particular series of emails includes what appears to be a link to the state bar association, but when the user hovers over the link it shows that the link is really to a different website. Copying and pasting the link, instead of clicking on it, would defeat this social engineering attempt.
- Perform regular backups of all systems to limit the impact of data loss from ransomware infections. Backups should be stored offline.
- Additional recommendations for protecting against and responding to phishing campaigns are available at https://msisac.cisecurity.org/whitepaper/documents/MS-ISAC%20Security%20Primer%20-%20Phishing.pdf.
- Additional recommendations for protecting against and responding to ransomware infections are available at https://msisac.cisecurity.org/whitepaper/documents/CIS%20Primer%20-%20Ransomware.pdf.
- Report any suspicious emails to the Internet Crime Complaint Center (IC3, www.ic3.gov), as well as to the legal organization which is spoofed in the addressed email.
Additionally, please do not hesitate to leverage MS-ISAC to assist you in investigating any targeting affecting SLTT entities in your area of responsibility. MS-ISAC performs a variety of incident response services including log analysis, malware analysis, computer forensics, development of a mitigation and recovery strategy as well as network and application vulnerability scanning. Requests for these services can be obtained by calling 1-866-787-4722 or sending an email to SOC@cisecurity.org
Center for Internet Security (CIS)
Integrated Intelligence Center (IIC)
Multi-State Information Sharing and Analysis Center (MS-ISAC)
1-866-787-4722 (7×24 SOC)
Follow us @CISecurity
TLP: WHITE information may be distributed without restriction, subject to copyright controls.
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.