Sign in / up

back to article Zero-day lets nation-state spies cross-examine elite US law firm Williams & Connolly

Washington's elite law firm Williams & Connolly has confirmed that attackers exploited a zero-day vulnerability to access a handful of attorney email accounts in what it believes was a nation-state-linked cyberattack. In a statement, the firm said it "recently discovered a cybersecurity incident involving access to certain …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Taliesinawen

    A bit short on technical details ..

    A bit short on technical details and what was such case files even doing accessible over the Internet. A local lawyer firm won't allow anything be brought into or out of the computer room - except paper.

    > Williams & Connolly added that it had "blocked the threat actor" and found "no evidence of any unauthorized traffic" remaining on its network

    This is self serving BS. I'm sure these state-linked Chinese hackers would have heard of "lateral movement". These kind of security breeches are a daily occurrence. In conclusion: yer modern integrated innovation isn't fit for purpose. And now they want to stick AI on top of this.

    8 0 Reply
  2. Decay

    As a government cyber security person once told me "You will never know the Americans have been in your systems, you'll only know if the Russians have been, if they want you to know and you'll probably spot the Chinese but they are learning at a rapid rate and will soon surpass the Russians" that was 3 years ago.

    There is a big difference between securing your IT systems against nation states and securing them against, for want of a better expression, private enterprise hacking. Realistically securing your systems against NSA intrusion is not financially viable. And that's before we even consider that your SaaS etc. are housed in readily available infrastructure in the US or touchable by the US. But that's like worrying about spy satellites taking pictures of you. A bit pointless. But so many of these "breaches" are not relying on nation state backing, basic cyber security hygiene is not observed. Your typical data breach relies on piss poor controls, so once a zero day is found and they penetrate your hard crunchy outer layer, they have relatively easy access internally, can move laterally, escalate permissions, all the good stuff we have seen for years. But with no internal controls, tripwires or monitoring, once in, they run rampant.

    I have said it before and I will say it again, proper punitive punishments for Execs and boards would concentrate minds wonderfully. There are some well established frameworks out there to ensure that good hygiene is practiced. If every time a breach occurred, a forensic review by an independent 3rd party took place and if the company was found lacking, fines and prison time were on offering, you would see a remarkable reduction in these types of events.

    We have the concept of fiduciary duty, a similar cyber security duty would be useful if properly implemented and with teeth.

    12 0 Reply
    1. VoiceOfTruth Silver badge
      Reply Icon

      >> Your typical data breach relies on piss poor controls

      In one article we have SonicWall admitting all their customers' cloud backups of configs have been exfiltrated by $badguy. In another article we have Discord admitting a $thirdparty they use has copies of photo IDs which has been compromised. The other day there was a false and malicious npm package which was downloaded 1500 times, and apparently used without any inspection by the developers who just used it as is.

      We (that is the IT world in general as a whole, not any one company or thing specifically) are making it easy for $badguys. Each time I read "state backed actor" or "sophisticated attack" or some such thing words, I think to myself it is quite likely somebody just did something stupid and left a security hole somewhere. I always worked on a simple principle: if there is a security hole, $badguys will find it. They put the "state actor" hypothesis out there to get themselves off the hook.

      >> Theranos founder Elizabeth Holmes

      Or, as many would put it, convicted fraudster Elizabeth Holmes.

      7 3 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      The Americans ARE already in your system if the traffic I see flowing to Microsoft is any indication..

      Could and entanglement: the gift that keeps on giving.

      4 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Most traffic indeed goes to Azure, AWS, Google Cloud, IBM. Even foreign military uses "the clouds" in USA. No need to penetrate, they already have all the data in their soil.

        2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like