Cybersecurity and the Legal System
Throughout each state, county, and city, there are court systems in place. Oregon is no different. In this specific case, the Oregon Judicial Department includes the Oregon Supreme Court, Court of Appeals, Tax Court, Circuit Courts in each of the counties, and the Office of the State Court Administrator.
Attack
Phishing attacks are the premier attack being used throughout many industries. With the low cost and tech involved with a phishing campaign, it is no wonder. The Oregon Judicial Department experienced a phishing attack and was not successful in defending itself. The attack began at 4:30 am on July 15, 2019. The successful attack led to five email accounts being compromised. With any phishing attack, the level of success with the attack is dependent on who clicks the link, picture, or tool creating an attractive nuisance for the user to click. In this case, there were more than 6k persons affected. The affected parties had their personal data exposed.
Data
Each of the 6,607 affected persons, while individuals have the same issue. The data exposed included the affected person’s personal data. This included the name and full and partial dates of birth. There was also partial exposure of financial information, health information, and social security numbers. This is exactly what the attackers would need to use for identity theft or to sell on the dark web.
Remediation
The affected accounts were disabled within four hours of the issue being detected. The Oregon Judicial Department sent notices to the affected persons. The department will provide credit monitoring services to those affected by the breach. The department also did contact law enforcement and other agencies to assist with the forensic work.
Thoughts
Phishing and the subsequent associated issues (e.g. ransomware, viruses, backdoors, etc.) are a societal problem potentially affecting anyone connected to the internet. One aspect of the remediation which in theory is helpful, but may not be in the long-run regards the credit monitoring. This did not state how long with was to last. This is a bit of a moot issue. The data exfiltrated with the compromise is partially permanent (e.g. social security number). While the credit monitoring may last a year, for example, the issue will last well beyond this or the affected persons.
Resources
Associated Press. (2019, August 29). Oregon judicial department hit by phishing attack. Retrieved from https://www.seattletimes.com/seattle-news/northwest/oregon-judicial-department-hit-by-phishing-attack/
Associated Press. (2019, August 29). Oregon judicial department hit by phishing attack, personal information exposed. Retrieved from https://katu.com/news/local/oregon-judiciail-department-hit-by-phishing-attack-personal-information-exposed
Associated Press. (2019, August 29). Oregon judicial department hit by phishing attack. Retrieved from https://www.usnews.com/news/best-states/oregon/articles/2019-08-29/oregon-judicial-department-hit-by-phishing-attack
Associated Press. (2019, August 30). Oregon judicial department hit by phishing attack. Retrieved from https://democratherald.com/news/state-and-regional/oregon-judicial-department-hit-by-phishing-attack/
Breach Exchange. (2019, August 30). Oregon judicial department hit by phishing attack. Retrieved from https://www.bradenton.com/news/business/technology/article234530047.html
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.