Comment 8: MOVEit or Lose It…
Over the last few months a massive cyberattack is playing out in organizations across the globe. This attack has so far affected almost 600 organizations and between 32 and 37 million individuals. Among the organizations hit are law firms and universities. In other words, this has been really big news and you may have missed it.
The attack vector (which is the thing that was exploited) was a third-party, managed file transfer application called MOVEit. What happened was that a group of criminal hackers were about to use a previously unknown exploit (called a 0-Day Exploit) in the MOVEit software. The criminal hackers (known as Cl0p) were able to use this 0-Day to exfiltrate (steal) files from individuals and organizations that use the MOVEit software.
If your practice,firm, or university uses MOVEit software, please be sure that you have followed the prescribed mitigations.
This is a reminder about the importance of you or your IT support regularly assessing your software assets for vulnerabilities.
The Cybersecurity & Infrastructure Security Agency (CISA) provides best-practices for securing your computers and networks.
The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to firstname.lastname@example.org.