Ride the Lightning

Two New FBI Cybersecurity Alerts Issued for the Legal Sector

May 18, 2016

They are actually two alerts combined in one e-mail.

To quote from the first alert, "KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen."

The other alert seemed somewhat similar to one issued before regarding ransomware, but there is one point I want to emphasize.

The FBI makes an excellent suggestion when it advises implementing application whitelisting – you should only allow systems to execute programs known and permitted by security policy. In other words, if some rogue application appears on your network and wants to run amok, it is stopped dead in its tracks by application whitelisting – one of the best tips we offer in our cybersecurity presentations and too rarely implemented by solo/small/mid-sized firms. If you don't know if your law firm is doing this, ask.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson