May 22, 2012

Cyber Attacks on Corporate America continue to escalate in Frequency and Sophistication

Barnes & Thornburg LLP - a national law firm of more than 550 professionals
Roy E. Hadley, Jr.
Barnes & Thornburg LLP
Tuesday, December 27, 2011
Communications, Media & Internet / Criminal Law / Business Crimes / Intellectual Property / Law Office Management
All Federal
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

As attacks on corporate networks continue to escalate, we are seeing more and more instances of very sophisticated intrusions.  The recent discovery of the breach of the U.S. Chamber of Commerce illustrates that these types of attacks will continue to progress in both their frequency and sophistication.

It is being reported that the U.S. Chamber might not have been the ultimate target but instead was potentially being used as a gateway to the networks of its members.

What are you doing to protect your networks?  What are your trusted business partners doing? 

Here is more on the U.S. Chamber of Commerce attack as reported at TechTarget.com:

Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say

Robert Westervelt, News Director
Published: 21 Dec 2011

A targeted attack responsible for the U.S. Chamber of Commerce breach, exploited serious weaknesses in the lobbying group’s security defenses, according to security experts, and could have been a staging ground for attacks on Chamber member organizations.

 Investigators have not determined how attackers infiltrated the U.S. Chamber of Commerce, but once in, the attackers stealthily targeted approximately four people involved in the Chamber’s Asian policy affairs, according to a report in the Washington Post.  Experts said that while it’s unclear if spear phishing attacks were involved, they have become the modus operandi of many of the most sophisticated attacks, enabling cybercriminals to gain the initial foothold in an organization’s systems.

 “Years ago we used to say people got in through server vulnerabilities, but if we look back at this year of Microsoft vulnerabilities, we see a high majority of them we would classify as client-side bugs,” said Andrew Storms, director of security operations at San Francisco-based vulnerability management vendor nCircle. “Many of these attacks require the user to take some action, but they’re taking advantage of a piece of software that is otherwise silent but the user has activated it.”

 The organization learned of the attack from the FBI, and an independent team of forensics investigators said the Chamber’s systems were compromised between November 2009 and May of 2010, though investigators said the attackers may have had network access for more than a year.

 

You can read the entire TechTarget article here.

© 2012 BARNES & THORNBURG LLP

About the Author

Roy E. Hadley, Jr.
Partner

Roy E. Hadley is a partner in the Atlanta office of Barnes & Thornburg LLP where he is a member of the firm’s Corporate Department and co-leader of the firm’s Cloud Computing and Cyber-Security practice team. He counsels clients in complex corporate and outsourcing transactions, with a focus on those transactions involving cloud computing, intellectual property, technology and information security. Mr. Hadley specializes in counseling c-level executives and boards on information security risk management. 

roy.hadley@btlaw.com
404-264-4036
www.btlaw.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.