Throughout each state, county, and city, there are court
systems in place. Oregon is no different. In this specific case, Oregon
Judicial Department includes the Oregon Supreme Court, Court of Appeals, Tax
Court, Circuit Courts in each of the counties, and the Office of the State Court
Administrator.
Attack
Phishing attacks are the premier attack being used
throughout many industries. With the low cost and tech involved with a phishing
campaign, it is no wonder. The Oregon Judicial Department experienced a
phishing attack and was not successful in defending itself. The attack began at
4:30am on July 15, 2019. The successful attack led to five email accounts being
compromised. With any phishing attack, the level of success with the attack is
dependent on who clicks the link, picture, or tool creating an attractive
nuisance for the user to click. In this case, there were more than 6k persons
affected. The affected parties had their personal data exposed.
Data
Each of the 6,607 affected persons, while individuals have
the same issue. The data exposed included the affected person’s personal data.
This included the name and full and partial dates of birth. There was also
partial exposure to financial information, health information, and social
security numbers. This is exactly what the attackers would need to use for
identity theft or to sell on the dark web.
Remediation
The affected accounts were disabled within four hours of the
issue being detected. The Oregon Judicial Department sent notices to the
affected persons. The department will provide credit monitoring services to those affected by the breach. The department also did contact law enforcement
and other agencies to assist with the forensic work.
Thoughts
Phishing and the subsequent associated issues (e.g.
ransomware, viruses, backdoors, etc.) are a societal problem potentially affecting
anyone connected to the internet. One aspect of the remediation which in theory
is helpful, but may not be in the long-run regards the credit monitoring. This
did not state how long with was to last. This is a bit of a moot issue. The
data exfiltrated with the compromise is partially permanent (e.g. social
security number). While the credit monitoring may last a year, for example, the
issue will last well beyond this for the affected persons.
Resources
Associated Press. (2019, August 29). Oregon judicial department
hit by phishing attack. Retrieved from https://www.seattletimes.com/seattle-news/northwest/oregon-judicial-department-hit-by-phishing-attack/
Associated Press. (2019, August 29). Oregon judicial
department hit by phishing attack, personal information exposed. Retrieved from
https://katu.com/news/local/oregon-judiciail-department-hit-by-phishing-attack-personal-information-exposed
Associated Press. (2019, August 29). Oregon judicial
department hit by phishing attack. Retrieved from https://www.usnews.com/news/best-states/oregon/articles/2019-08-29/oregon-judicial-department-hit-by-phishing-attack
Associated Press. (2019, August 30). Oregon judicial
department hit by phishing attack. Retrieved from https://democratherald.com/news/state-and-regional/oregon-judicial-department-hit-by-phishing-attack/
Breach Exchange. (2019, August 30). Oregon judicial department hit by phishing attack. Retrieved
from https://www.bradenton.com/news/business/technology/article234530047.html
No comments:
Post a Comment