A cyberattack over the weekend targeted the website of Pennsylvania's state courts agency, causing disruptions to some online systems. However, officials have stated that no data was compromised, and the attack did not prevent the courts from functioning as usual on Monday.
The Administrative Office of Pennsylvania Courts, the target of the attack, is being investigated by the U.S. Department of Homeland Security and the FBI, both of which are leading federal cybersecurity agencies. Pennsylvania Supreme Court Chief Justice Debra Todd referred to the incident as a 'denial of service' cyberattack. This type of attack involves overwhelming the targeted host or network with excessive traffic, rendering it unable to respond to legitimate users.
Despite the disruptions caused, county court clerks reported that their offices were operating smoothly, indicating that the impact of the attack was minimal. It is still unclear who carried out the attack or what their motivations were, as neither the courts agency nor the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have provided this information. Additionally, it remains unknown if the attackers demanded a ransom or if the courts' cybersecurity measures successfully mitigated the attack.
Various high-profile entities, including major tech companies like Google Cloud, Microsoft, and Amazon Web Services, along with financial institutions, have fallen victim to similar denial of service attacks in recent years. Some attacks have been attributed to state-sponsored actors from countries like Russia and China.
Jack Danahy, a vice president of cybersecurity firm NuHarbor Security, explained that denial-of-service hackers typically seek financial gain. However, these attacks have become increasingly challenging to monetize due to network experts devising methods to divert and neutralize the flood of internet traffic. Danahy noted that denial-of-service attacks are relatively simple for smaller hackers to execute, as they can easily mask underlying attacks, such as ransomware attacks, within this type of assault.
Alexander Leslie, an analyst with cybersecurity firm Recorded Future, highlighted that denial-of-service tools used in such attacks can range from open-source software to premium tools available to criminals. Distributed denial-of-service attacks, which utilize a multitude of devices to overwhelm a website, often make it difficult to track down the culprits or determine their motives without a public claim of responsibility.
The incident in Pennsylvania follows a similar cyberattack on Kansas' judicial branch a few months ago. The Kansas court system took months and required significant financial resources to fully recover from the sophisticated attack. No ransom was paid, but the hackers stole data and threatened to disclose it on a dark website if their demands were not met. As a result, Kansas officials have requested an additional $2.6 million to cover the costs of improving cybersecurity, bringing computer systems back online, and hiring additional cybersecurity personnel.
Efforts are underway to restore the disabled systems in Pennsylvania, including online docket sheets and an electronic case document filing portal. Meanwhile, court officials continue to accept paper court filings through traditional means. As of Monday evening, the courts office announced that the systems had been restored, although they still appeared to be disabled on the courts' website.
The ongoing investigations by federal cybersecurity agencies will shed more light on the nature of the attack and potentially identify the perpetrators. In the meantime, Pennsylvania courts are functioning normally, and officials are working diligently to strengthen their defenses against future cyber threats.
