POSTED JULY 30, 2019 // BY JOHN CARDANI-TROLLINGER
Between November 2017 and September 2018, state-sponsored Chinese hackers attacked the systems of an unnamed law firm, known for its expertise in intellectual property. Representing clients in the pharmaceutical, technology, electronics, biomedical, and automotive sectors, the law firm was one of three victims included in a strategic and targeted campaign. The group known as APT10 used stolen user credentials to access third-party software used by the target organizations and leverage that access to further encroach upon internal systems.
While this may sound like the plot to a blockbuster movie, it is unfortunately an all-too-real scenario. Law firms are increasingly a target for hackers not only because they are often lacking in cyber security, but also because they are a means to an end. That is, as in the case with the unnamed law firm, the companies for whom the law firm represented were the target, and the law firm was just a way to gain access to the data. According to the American Bar Associations’ 2018 Cybersecurity TechReport, one out of every four law firms is a victim of a data breach. As in our example above, the motivation behind the attacks is often to target client data.
The ABA 2018 Legal Technology Survey Report explored the security threats, incidents, and safeguards that attorneys and law firms use to protect themselves. This report uncovered an alarming amount of law firms that are not using security measures that are viewed as “basic” by security professionals and are used more frequently in other businesses and professions.
ABA Formal Opinion 483
ABA Formal Opinion 483
“Data breaches and cyber threats involving or targeting lawyers and law firms are a major professional responsibility and liability facing the legal profession. As custodians of highly sensitive information, law firms are an inviting target for hackers. In one highly publicized incident, hackers infiltrated the computer networks at some of the country’s most well-known law firms, likely looking for confidential information to exploit through insider trading schemes. Indeed, the data security threat is so high that law enforcement officials regularly divide business entities into two categories: those that have been hacked, and those that will be.”
Recognizing the Cybersecurity Risk to Law Firms & Legal Services
Information security starts with understanding both what needs to be protected, as well as from what or whom. According to Law Technology Today, these can be generally broken down into 4 key areas:
- Phishing/Hacked Email Accounts
- Leaking of Sensitive Data
- The Risk of Legal Malpractice Allegations due to Poor CyberSecurity
Phishing/Hacking the Email Accounts of Law Firms
Phishing is an attack in which a target or targets are contacted, most commonly through email, by someone posing as a legitimate person or institution, to lure individuals into providing password credentials, launch fraudulent transactions, or to trick someone into downloading malware. According to the 2018 DBIR, phishing represents 90% of social engineering incidents and 93% of breaches, with email continuing to be the most common vector at 96%. As most law firms utilize online tools such as Dropbox or DocuSign (that users connect with their emails for login purposes), they are a likely target for email phishing scams. For example, in one recent incident targeting clients of a law firm in Colorado, victims received a phony .pdf file that appeared to come from the law firm. When the client clicked on the document, they were redirected to a phishing website.
Ransomware in Law Firms
Ransomware and its variants are a common threat uniquely associated with phishing attacks. Together, they have become a serious global threat. The two largest and most discussed ransomware attacks in history – WannaCry and NotPetya, were launched in 2017. Together, within just 24 hours, they infected more than 200,000 machines in more than 100 countries. In most instances, phishing has been the preferred and most successful method of attack for threat actors, with spam emails acting as the initial infection point of the network, before launching more destructive attacks (as in the case with ransomware). In these cases, highly targeted attacks use social engineering, relying on themes that are relevant, interesting, or appropriate to the targeted individual. When users click the links provided in the phishing email, they are directed to a malicious site or open an attachment carrying malware and inadvertently allow access into their network. It is at this point that the threat actor can either launch destructive malware, or propagate throughout the network, utilizing the information they have gleaned from the initial attack to gain access to critical client data, confidential corporate data, and sometimes, military secrets.
Sensitive Data Leakage for Law Firms
If law firms don’t have strong information security policies, they could be at a higher-than-average risk for attacks that make confidential information public. In a recent March 2018 attack, Duncan Lewis, a firm serving England and Wales was hacked. The firm was faced with loss of reputation and legal action when their client and employee data was broadcast on Twitter via a folder.
The Risk for Legal Malpractice Due to Poor Cybersecurity
As the alarming data from the 2019 ABA Legal Technology Survey uncovered, a fourth of all law firms in the US experienced a data breach in 2018. This percentage is climbing in comparison to previous years. Law firms must not only protect their networks and servers from malicious attacks and security threats, they must also do so at the risk of loss of files, data, and reputation.
Solution: Bandura Cyber Threat Intelligence Gateway
First and foremost, user education and awareness are key to preventing phishing attacks. However, even after training, errors can be made. Law firms must also implement security processes and tools that prevent phishing from reaching users in the first place and mitigate the effects of phishing if threat actors succeed in penetrating the network.
The Bandura Cyber Threat Intelligence Gateway (TIG) can block phishing attacks and their associated ransomware attacks by identifying and blocking the known malicious IP addresses and domains from which they originate, as well as protecting the network from outbound malware, inadvertently opened, from inside the network
Bandura Cyber enables Law Firms of all sizes use and take action with threat intelligence in an easy, automated, and scalable way, improving network protection and the efficiency of security operations. Based on patented technology, the Bandura Cyber Threat Intelligence Gateway (TIG) solution is purpose-built to filter network traffic against a massive volume of threat intelligence (IP and domain indicators). Bandura Cyber TIG aggregates, automates, and operationalizes massive amounts of threat intelligence, blocking known threats and unwanted traffic in a more efficient way than traditional network security controls.
The Bandura Cyber TIG helps Law Firms:
- Strengthen Edge Defenses: Powerful day one edge protection with significant “out of the box” threat intelligence from multiple sources. Easily integrate and take action on threat intelligence from any source, providing threat intelligence flexibility and choice. Massively scalable with the ability to filter traffic against over 100+ million unique IP and domain indicators at near-line speeds.
- Reduce Staff Workload: Helps to reduce alert overload. Eliminates manual threat feed management and reduces the burden of managing highly-dynamic access control lists (ACLs), blacklists, and firewall rules.
- Maximize the Value of Current Security Investments: Increases the value of existing threat intelligence investments (feeds, SIEMs, TIPs, SOAR) through automated threat detection and blocking, and enhanced threat intelligence-driven context. Improves the ROI and efficiency of existing network security controls like Next Generation Firewalls (NGFWs) and Intrusion Prevention Systems (IPS) by reducing the volume of traffic requiring deep packet inspection and firewall rule processing.