Cyberattackers are doubling down on their attacks on law firms and corporate legal departments, moving beyond their historic activity of hacking and leaking secrets to target the industry with financial attacks such as ransomware and mail compromise electronic business (BEC).
On November 24, managed services provider CTS, which provides IT services to law firms, acknowledged that the firm had suffered a breach, but did not give details about the origin of the attack. The incident has the allegedly affected services to dozens of law firms, especially in the real estate sector. The attack follows claims by the LockBit group that it compromised London-based law firm Allen & Overy, listing the company as victims on its data breach site and demanding a ransom. the signature confirmed a breachbut failed to recognize the ransomware attack.
The attacks are just the latest to target law firms and legal departments. At least one attack group has specifically targeted law firms, seeding compromised sites with legal jargon to push the sites up in search rankings and then delivering a ransomware attack chain to visitors, says Keegan Keplinger , senior security researcher with managed detection and response company eSentire. .
“When [the targeting] it hasn’t been a legal organization, often it’s been the legal department or a legal user (a paralegal or a legal consultant) of an organization,” he says. “We saw a hospital get hit once, but it was the user legal in that hospital that was discharged [the malware].”
GootLoader, which leads to the Blackcat ransomware, has been heavily targeted at law firms. Source: eSentire
Hackers have long favored law firms as a way to steal secrets, making off with the personal information of Uber drivers. from the law firm Genova Burns LLC in January; data hijacking of contracts and personal emails of 200 high-profile celebrities: including Lady Gaga, Madonna and Rod Stewart — from New York law firm Grubman Shire Meiselas & Sacks in 2020; i allegedly leaking the “Panama Papers” — 11.5 million documents on wealthy tax evaders — from Panama-based law firm Mossack Fonseca.
Traditionally, the lure for online attackers hasn’t been money, says Ilia Kolochenko, chief architect at application security firm ImmuniWeb.
“Law firms are quite far from being attractive targets for cybercriminals,” he says. “However, their clients—that is, their clients’ secrets—make law firms a magnet for all kinds of cybercriminals.”
Clickbait becomes SEO poisoning
This has changed, as cyber criminals more and more focus on law firms as a way to make a profit with ransomware and BEC attacks. According to American Bar Association Annual Cyber Security Report, which emphasizes that a security breach is not as serious a classification as a data breach. The legal sector is the fourth most targeted sector by cybercriminals, behind service, manufacturing and financial firms, according to eSentire data.
The most significant threat to law firms may be GootLoader, a browser-based threat that is delivered through search engine optimization (SEO) poisoning. The group behind GootLoader has seeded malicious content and malicious advertising linked to 3.5 million search terms, a high percentage of which are legal terms. As a result, a lawyer or paralegal searching for specific content may find the top search result leading to a file infected by GootLoader. Downloading and opening the file will run the program, which almost always leads to BlackCat Ransomwaresays Joe Stewart, Principal Security Researcher at eSentire.
“This [is] what I call a land mine approach,” he says. open stand up, say, “What’s that? Oh, I’ll click on that JavaScript. No problem.'”
Ransomware is not the only concern for law firms. Several threat groups also target law firms with BEC scams. Law firms are the perfect victims of these schemes, says Dan Caplin, director of cybersecurity and incident response at S-RM, a cybersecurity consultancy.
“Firstly, they do a lot of business by email and secondly, law firms are often in a privileged position in situations where instructions and payment details are exchanged – this, again, is mainly done by post electronic,” he says. “This makes taking over the email account, intercepting a thread about a legitimate payment, and diverting funds to a fraudulent bank account a really effective approach.”
it will get worse before it gets better
Because law firms tend to be smaller, often just one or two people, cybersecurity knowledge is often lacking, says ImmuniWeb’s Kolochenko.
“Solo practitioners and small law firms are often poorly protected, with very modest budgets for cyber security,” he says. “Large law firms, however, are spending more and more on cyber security and cyber defense. [but most firms] have similar problems to all other industries, including shadow computing, working from home, [and] underprotected third parties”.
Unfortunately, law firms are often tasked with guarding extremely sensitive information, making any breach a problem and making the company more likely to pay a ransom. It’s no surprise that GootLoader has targeted the industry, says eSentire’s Keplinger.
“For a number of reasons, law firms are a bit behind the curve in security,” he says. “With ransomware, especially the double whammy (both stealing and encrypting the data), legal firms are an obvious organization that would be vulnerable to that, especially, that would worry about releasing their data.”
[ad_2]
Source link
