Forensics investigators at Mandiant, an American cybersecurity firm, have reported working on twice as many targeted attacks by so-called advanced persistent threat (APT) adversaries against law firms than in years past. The FBI, during the course of ongoing investigations, has identified noticeable increases in computer manipulation attempts against law firms. Over the last decade, malware has made its way into organizations large and small. The number of cyber threats has spiked, and malware has become both risky and sophisticated. So why go after law firms? The answer lies in intelligence on their corporate clients.
Why Law Firms Are Cyber Threat Targets
Law firms are increasingly getting targeted by crafty, low-profile targeted attacks going after intelligence on their corporate clients. The specific intrusion vector used against the firms is a spear phishing or targeted socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard. Phishing, spear-phishing and other malware attacks have become a daily reality for law firms. The dangers of these attacks is in the ability to obtain confidential company information that can radically change the stakes of a business transaction or legal matter. Law firms are also targeted because attackers find them to be attractive and somewhat soft targets for gathering the intelligence they want on a new weapons system or software, for example. Firms that represent clients in mergers and acquisitions, or civil litigation, seemed to be one of those targets getting hit, including when their clients are involved with deals involving Chinese companies.
Hackers exploit the ability of end users to launch the malicious payloads (the cargo of a data transmission) from within the network by attaching a file to the message or including a link to the domain housing the file and alluring users to click the attachment or link. Because subject lines tend to be crafted, in a way that uniquely engages recipients with content appropriate to their specific business interests, it makes network defense against these attacks difficult. Furthermore, the messages are made to appear as though they originate from a trusted source based on the relevance of the subject line. However, it should be noted that opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain. Infection is bound to occur once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file. What’s unfortunately more disconcerting is that a majority of companies don’t know or can’t detect when they’ve been attacked. Having clouds, mobile environments and a multitude of other tech tools aren’t making detection any easier.
Holistic Approach To Online Security
However, phishing attacks against law firms are nothing new – the FBI warned firms back in November 2009 of a massive phishing attack aimed at them. The solution to this prevailing problem is taking a more holistic approach to security. Other firms have reported deploying an array of conventional tools— such as intrusion detection, firewalls, prevention systems, and data- loss prevention virtual sandboxes. In the event that a threat alert is received, a solution would be to use a threat management platform like NetCitadel, to analyze contextual data about the incident, including user identity, IP reputation, indicators of compromise and geolocation data for IPs.
At the end of the day security is an enterprise issue, which means that attorneys, firm management and support personnel need to be involved. Essentially some basic activities must be undertaken to establish a security program, no matter which best practice a firm decides to follow. It goes without saying that technical staff will manage most of these activities, but firm partners and staff also need to provide critical input. Firm management has to outline security roles and responsibilities, develop top-level policies and exercise oversight. What this means is reviewing findings from critical activities, receiving regular reports on intrusions, reviewing the security plans and budget, system usage and compliance with policies and procedures.
Advantages Of Taking Action
Making sure that action is taken towards any potential malware and breach notification laws will keep a firm in a far superior position with its clients, its state bar and any regulators that may become involved if it can show that its security program is aligned with best practices, and its management is engaged. Furthermore, it bodes well for the firm as it proves it is complying with its policies and procedures, and tools are deployed to detect malware and criminal behavior.