The Police Federation of England and Wales (PFEW) have been exposed to a significant malware attack in March.
The ransomware attack was picked up by a PFEW alert on March 9. It is thought that the attack was nullified and isolated quickly so that it was unable to spread throughout the 43 police forces in England and Wales with a combined staff total of more than 119,000 police officers.
Whilst a recent statement from the PFEW claims that the initial malware attack used malicious software to affect some databases, it is thought that only Surrey Police Department was impacted. However, the attack has resulted in considerable loss, including: deleted or encrypted files and disabled email communication. Although the police will understandably be left licking their wounds, the extent of the attack could have been a lot worse.
If the cyber defences were unable to contain the attack and it had freedom to proliferate through the PFEW’s extensive data banks, the results could have been overwhelming.
PFEW statement and Tweet, claimed: “a number of databases and systems were affected. Back up data has been deleted and has been encrypted and became inaccessible. Email services were disabled and files were inaccessible.”
“All indications are that the malware did not spread any further than the systems based at our Surrey headquarters, with none of the 43 branches being directly affected.”
This news comes just days after a recent report by Egress found that only 28% of all gov.uk domains are using DMARC to prevent impersonation and phishing attacks.
The data security company Egress ran the test just weeks before the Government’s Secure Intranet (GSI) system, which has been operating on all internal governmental communication since 1996, is set to be replaced by the end of March 2019.
What they discovered was a lack of preparation from many government email administrators. From the 2,000 email domains that were checked, it was clear that almost three quarters were vulnerable to phishing attacks.
53% of the domains that had integrated DMARC also had their policy set to ‘do nothing’ which places each email box in immediate threat. These settings would enable hackers and cyber criminals the opportunity to send spam and phish messages direct to email boxes. It also means that Business Email Compromise (BEC) and email buffering can’t be prevented.
DMARC detects and prevents email spoofing, enabling the recipient to feel more confident in determining whether the sender is genuine and legitimate. Unfortunately, despite governmental advice, the majority of their domains are unprotected and unnecessarily exposed.
The recent attacks and vulnerabilities highlight the ease with which a cyber criminal could expose your law firm. If the law makers and governmental experts are digitally exposed by the sophistication of cyber fraudsters, it is a lot more likely that the average online presence is more susceptible to these threats.
Matt Walmsley, EMEA director at Vectra, said: “Whether they had a regulatory or legal need to inform the ICO isn’t clear – particularly if there has been no data breach. The launch of a criminal investigation may help salve anger and frustration but is unlikely to result in accurate attribution, never mind a conviction, even if they’ve called in their friends from the National Computer Crime Unit. However, their transparent reporting, even if it’s a number of days after the instance, should be commended for its candour. Defences are imperfect, always.”
Tim Erlin, VP of product management and strategy at Tripwire, commented: “Every organization should have a plan in place for a successful ransomware attack. While prevention is preferred, the reality is that no security control is perfect. The key to responding to a ransomware attack is to detect quickly, limit the spread and restore systems back to a trusted state. Functional backups are key to recovery, but so is a clear understanding of how systems are configured. Finally, restoring from backups is only useful if you can close the attack vector that allowed the ransomware to gain a foothold in the first place.”
Has your firm completed the baseline and minimum standards in cyber security to help prevent malware and ransomware attacks? Are you Cyber Essentials accredited? Have you employed DMARC technology to ensure your firm and clients are protected from domain spoofing?
Have you heard of Today’s Legal Cyber Risk? This is a sample article which we published recently. Our up and coming publication is respected as a source of reliable advice and information which informs the legal sector about the changes that are happening in regards to IT, risk and cyber crime. Are you a managing partner of a law firm? Or do you work in their IT department? Sign up to Today’s Legal Cyber Risk free newsletter here.