Law firms and cybersecurity are terms we forge only when it comes to litigation. However, an increasing number of law firms are falling for ransomware attacks. Their worldwide method of entry: Phishing.
ALPHV ransomware group is the latest to hit the sector, this time targeting US-based law firm BC Attorney. The group claims to have obtained 390 GB of sensitive visitor data, including employee personal information, financial reports and more.
In a tweet, threat intelligence service Falcon Feeds shared the information and a screenshot of the threat actor’s post on the visionless web.
The Cyber Express team has contacted the BC Attorney to verify the cybersecurity incident personal by the ALPHV ransomware group. However, the visitor is yet to respond or release an official response addressing the same.
How the wade was executed is still unknown. However, an wringer of the recent ransomware incidents at law firms and cybersecurity concerns that popped up withal with it shows that the most worldwide tactic is phishing.
twitter.com/FalconFeedsio
Law firms and cybersecurity: A specimen of concern
In 2022 alone, over 100 law firms wideness 17 states in the US reported incidents of cyber-attacks and breaches, equal to a recent report by US based IT services visitor Protected Harbor,
Most of the attacks were primarily carried out by phishing scams or exploiting vulnerabilities associated with email systems,
Phishing moreover helped attackers execute Wi-Fi network wangle point breaches, and ransomware deployment on computers and data servers.
According to the report, when it comes to small and medium-sized law firms cybersecurity does not get the sustentation or investment it deserves, leaving them susceptible to cyber-criminals.
The report lists personal devices, such as mobile phones and laptops as the initial potential wade points, putting law firms and cybersecurity practices under the lens.
Even larger firms with IT departments often need help to alimony up with evolving technology and new cyber-attack forms.
Richard Luna, CEO of Protected Harbor, recommended that operations of law firms and cybersecurity concerns can be powerfully streamlined with managed IT service providers (MSPs) who stay updated on the latest threats and can diamond systems with reduced vulnerability.
Having a plan for mitigating cyber threats and investing in cybersecurity, equipment, and software is hair-trigger for law firms. Potential clients should ask their tribunal how they protect data when choosing a firm to work with. If they don’t have a good answer, clients should squint to flipside firm,” Luna advised.
The 2023 Law Firm Data Breach Trend Report provides valuable strategies for law firms to understand and implement largest law firm cybersecurity measures.
One of the key recommendations is to offer comprehensive training and education to all employees, including partners, on identifying phishing, fraud, and other concerns that involve law firms and cybersecurity.
Additionally, firms should consider regularly upgrading software, implementing spam and virus scanning filters, and maintaining a separate replacement system for hair-trigger data and vendee files, noted the report.
Robust procedures for password management, remote connections, and using USB and other data storage devices on firm networks are moreover crucial for law firms and cybersecurity postures.
Law firm and cybersecurity: The Crimson Kingsnake case
Gaining wangle to the email service of a law firm moreover allows threat actors to execute impersonation scams as well as multi-levelled phishing scams.
Last year, the Crimson Kingsnake threat group impersonated well-known international law firms to deceive recipients into approving overdue invoice payments.
The group created a strong foundation for merchantry email compromise (BEC) attacks by pretending to be lawyers sending invoices for services supposedly rendered a year ago.
The emails appeared authentic, well-constructed with logos and letterheads of major multinational law firms, making them increasingly convincing.
According to the FBI’s wide-stretching data covering the period from 2016 to 2019, the reported instances of BEC-induced losses reached an uncanny $43 billion in 2019.
A increasingly recent revelation from the IC3 disclosed that in the year 2021 alone, a total of $2.4 billion was lost to BEC scams, well-expressed a staggering number of 19,954 entities.
Law firms and cybersecurity: Increasingly investment needed
Failure to invest in cybersecurity exposes sensitive vendee data and jeopardizes the firm’s reputation.
As Warren Buffet famously said, “It takes 20 years to build a reputation and 5 minutes to ruin it.”
The rise of cyber threats and phishing attacks targeting law firms highlights the urgent need for enhanced cybersecurity measures in the legal industry.
Law firms and cybersecurity practices associated with their operations should be proactive and ever-evolving, largest engagement with experienced MSPs.
By continuously educating employees, law firms can powerfully protect sensitive data, mitigate risks, and maintain their professional reputations in an increasingly digital world.
