Repeated cyberattacks on court systems raise security concerns for the US
“While specific details about the perpetrators of these attacks may vary, there is a growing concern over state-sponsored cyber espionage campaigns targeting critical systems, including those within the US,” Plaggemier said. “While direct attribution can be challenging, there are indicators suggesting links to nation-state actors, including those from China. However, conclusive evidence linking these attacks to a particular nation-state actor may require further investigation and analysis.”
John Hammond, principal security researcher at Huntress, a cybersecurity research and services provider, said a nation-state involvement is rather unlikely. “It’s unlikely that there is supposed to be a large, looming, coordinated, or mass-scale trend in these attacks,” he said. “Truthfully, it’s more reasonable that these are just random, opportunistic hits. Cybercriminals tend to cast a wide net, and whatever targets are vulnerable will be the first to fall.”
Sometimes court systems, according to other experts, may get caught up in the crossfires of an unrelated threat event or campaign. “Although there are certainly examples of threat actors claiming to target court systems for specific gain, like the LockBit/Fulton County story, court systems are more often an unfortunate victim in the ripple effect of a ransomware attack on public sector entities,” said Dan Schiappa, CPO of Arctic Wolf.
Whether these attacks are being carried out with a nation-state interest, or are part of random targeting, the fact that multiple court systems were successfully obstructed within a short span paints a rather gloomy picture of these systems’ cybersecurity infrastructure.
Courts fell victim to ransomware and DoS attacks
Generally, the kind of attack a system experiences is a clear telltale of the perpetrator’s real motives. The court system attacks being majorly affected by ransomware indicates attackers were financially motivated.
LockBit, a Russian ransomware gang recently shut by global authorities, had later claimed that the takedown was particularly in response to its targeting of the Fulton County systems as the hack enabled the gang to possess sensitive documents relating to many high-profile cases including on former US president Donald Trump.
