Law firms hold privileged information on and behalf of their clients. As we’ve seen recently they are under constant attack…:
Despite law firms being described as ‘performing admirably’ in the current conditions and daily attacks, many are still being compromised. Last month saw entertainment lawyers Grubman Shire Miselas and Sacks, that saw a sample of 756gb worth of data extracted from the firm and included personal date of various celebrities, including Bruce Springsteen and Madonna. The ransomware demand amount has not been disclosed by the company, but they have stated that they have sought alternative methods of returning the remaining data, and have forensic digital experts recovering the encrypted files.
BlueVoyant stated that they had seen million of threats towards firms:
“These threats were not only high-volume and constant, amounting to hundreds of thousands of attempted attacks against law firms daily; they were also highly targeted, as evidenced by numerous engagements with threat actors on the deep and dark web.
“Threat actors steal and abuse credentials; probe for network vulnerabilities; use anonymising tools and proxies; and make use of persistent, advanced tactics in order to ‘crack’ law firms around the world.”
The information firms hold on clients make them valuable targets for cyber attackers, and BlueVoyant has found evidence of requests on the dark web, seeking access to law firms across the globe. They also found private identity information found on the dark web had also been sourced from firms.
“Threats against law firms are high volume, multi-faceted, and organised,” it said. “Threat actors use multiple sophisticated tools and techniques.”
Robert Hannigan, chairman at BlueVoyant’s European operations and formerly director of GCHQ, said:
“Law firms not only hold very sensitive information, they are also a potential threat to the companies and individuals they represent.
“They can be a weak link in the supply chain and we have seen a number of cases where clients have been attacked through their lawyers. For that reason, big companies, especially in financial services, are looking very closely at their law firms’ cyber readiness and doing cyber due diligence much more rigorously.”
The beginning of May saw the SRA issue cyber crime warnings for remote users who were exposed to lower levels of security. The SRA issued 16 scam alerts including 10 email or website impersonations.