Cyberattacks Can Happen Anytime, Anywhere

The headline was clear and scary: “Cyberattack Hits Administrative Office of Pennsylvania Courts.” The attack disabled online docket sheets and the electronic case document filing portal. Court officials claimed that there was no evidence that the hackers had stolen data.

When you read a little further, you learned a lot of other information, even if the courts did not supply all the details. First, the attack was a denial of service (DOS) attack. That’s not the type of hack we are used to hearing a lot about. More often, we hear about ransomware and malware. But there are many other types of attacks. And, of course, it was disruptive. That presumably was the hacker’s goal.

So, what is a DOS attack? According to CISA, the Cybersecurity and Infrastructure Service Agency (https://cisa.gov), a denial of service cyberattack occurs when an attacker overloads a target with traffic. CISA is the agency charged with protecting the nation’s cyber infrastructure. It is also one of the best resources available for everything you want to know, and more, about cybersecurity.

When a DOS attack occurs, the attacker floods the targeted network with traffic until it cannot respond or simply crashes. As a result, legitimate users are prevented from gaining access to the site. The website cloudshare.com explains that there are two types of DOS attacks: buffer overflow attacks and flood attacks.

A buffer attack causes the attacked system’s memory to use all available disk space, memory, or CPU time. As a result, the site cannot handle all the information and stops functioning. Conversely, a flood attack targets the server with an overwhelming number of packets—a massive volume of small bits of information that floods the server, causing a DOS. Picture one person trying to catch baseballs thrown at him from hundreds of people at the same time.

The attack on the Administrative Office of Pennsylvania Courts (AOPC) was, by contrast, a flood attack. Pennsylvania Supreme Court Chief Justice Debra Todd acknowledged this in a statement released to the public. She termed it a “denial of service” cyberattack. She used the CISA’s description, noting that they “flood the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users.”

Compare this with ransomware, which in essence locks down a computer or computer network until the victim pays a ransom and then, they hope, regains access to the network. Delaware County suffered a ransomware attack in 2021 and paid $25,000 to regain access. While no attack is good, it is often easier to recover from a DOS attack than a ransomware attack.

Second, it appears that the AOPC had a plan for responding to such an attack, implemented the plan, and was transparent. That is best practice for how an attack victim should react. Plan, implement, and be transparent.

Promptly after the attack was discovered and the court knew what was happening, Todd issued a statement providing information about the attack and what was being done in response. She also noted that the “court information technology and executive team continues to work closely with the FBI and Homeland Security to analyze and investigate the cyberattack.” In the event of a cyberattack, the victim should notify the appropriate governmental agencies as soon as possible.

Third, it appears that the DOS attack did not involve any access to information. If it had, the court would likely have indicated that and begun to assess that damage. Like ransomware attacks, if court data is breached, the implications are much greater.

Finally, the court was transparent. And therein lies a lesson for us all. In short, while no one wants to be the victim of a cyberattack, the AOPC’s response helped minimize the ramifications of this one.

What to Do About the Risk

If the courts can be hacked, companies can too. According to the cyberinsurance broker embroder.com, cyberattacks were one of companies’ largest risks in the 2020s and were the “new norm” across public and private sectors. Fifty-seven percent of companies experienced phishing or social engineering attacks; 33 percent experienced attacks via compromised or stolen devices, and 30 percent were attacked through credential theft.

The embroder.com report indicates that the primary cause of successful ransomware attacks was “exploitation of remote access”—i.e., users clicking on links in spam or phishing emails. In other words, the number one cause of ransomware attacks is user error or ignorance, not proactive efforts by cyberhackers. Thus, in most cases, the weakest link is the organization’s staff.

All businesses must have a plan for their reaction when an attack occurs, because it is impossible to prevent every attack. DOS attacks like the AOPC’s, while not 100 percent preventable, can be minimized. CISA recommends taking proactive steps to reduce the impact of an attack on your network. You may also want to use a DOS protection service that will detect abnormal traffic and redirect it away from your network. This makes sense for larger organizations, which are more likely to experience a DOS attack.

Creating a disaster recovery plan helps ensure more efficient communication, mitigation, and recovery in the event of an attack. It bears repeating that there are two types of businesses: those that have been hacked and those that will be.

Fortunately, it is relatively easy to prevent many cyberattacks, with user training being the first and most important line of defense. Firms can hire outside trainers to educate staff. There are also excellent guides that explain how to prevent a ransomware attack.

Most cybersecurity experts agree that taking the following precautions can prevent most attacks:

• Never click on links in email unless you are absolutely certain they are valid.
• Do not click on links in spam emails. Not all spam emails look like spam. Hackers can “spoof” email addresses fairly easily. If an email message or format does not seem quite right, or your inner “alarm” is going off, instead of clicking, hover your mouse over the link and if the address that displays is one you are not familiar with, do not click on it. If you are not sure whether the link is valid, contact the sender by sending a separate email (do not forward the potential spam) and asking whether they were the source of the email. Users who click on malicious links present the number-one way computers get infected, with not just ransomware, but all forms of viruses.
• Do not open untrusted email attachments. Do not click on attachments to an email unless you are certain that the email came from a source you know and trust. If you are not sure that the attachment is safe, contact the sender by sending a separate email (do not forward the potential spam) and asking whether they were the source of the email.
• Only download files from websites you trust.
• Do not give out personal information if you receive an email from an unknown or untrusted source. Similarly, do not give out this information in response to a text or phone call.
• Keep your software up to date.

As the AOPC incident made clear, high-profile sites are targets for hackers. So too are businesses of all sizes. Companies have all types of information that hackers want, including Social Security numbers, financial data, personally identifiable information (PII), and more. It is therefore essential that firms plan for a possible breach.

Daniel J. Siegel, principal of the Law Offices of Daniel J. Siegel and chair of the Pennsylvania Bar Association committee on legal ethics and professional responsibility, provides ethical guidance and Disciplinary Board representation for attorneys and law firms. He is the editor of “Fee Agreements in Pennsylvania” (6th Edition) and author of “Leaving a Law Practice: Practical and Ethical Issues for Lawyers and Law Firms” (First and Second Editions), published by the Pennsylvania Bar Institute. He can be reached at dan@danieljsiegel.com.

From: BenefitsPRO