The State Bar of Georgia in the US has suspended the normal operation of its website following “unauthorized access to its network”.
The authorized access by as-yet unidentified, or at least unnamed attackers is under investigation.
While it awaits the results of this investigation, the professional association for lawyers in the southern US state has shored up the security of its systems and hired external incident response consultants, as a holding page on its website explains:
Upon learning of the unauthorized access, we immediately took steps to secure the network, a cybersecurity firm was engaged and a thorough investigation is being conducted.
An endpoint detection and response system is being deployed throughout our network, which includes real-time continuous monitoring, analysis and response capabilities.
We are still investigating the incident and have not determined what information, if any, the unauthorized actor may have accessed. Updates will be posted on www.gabar.org as additional information is available.
Breaking the law
At the time of writing, the normal content of the Georgia Bar website has been replaced with this holding statement along with contact telephone numbers for its various divisions.
The holding statement was also published in updates to the State Bar of Georgia official Twitter account on Tuesday (May 3).
The type of intrusion, much less who carried it out, remains unclear. A hack exploiting vulnerabilities on the State Bar of Georgia’s website, or some form of malware-based attack, are among the many possible exploitations for the incident.
The Daily Swig asked the State Bar of Georgia for comment on the nature of the breach it had suffered, as well as on whether or not personal information might have been exposed.
We’ll update this story as and when more information comes to hand.
Source: https://portswigger.net/daily-swig/state-bar-of-georgia-reels-from-cyber-attack