Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
For several years law firms have been a key target for hackers seeking to obtain confidential information about initial public offerings, intellectual property and M&A deals, claim cybersecurity consultants, but rarely does word about specific attacks become public.
On March 29,’Crain’s Chicago Business reported‘that 48 top firms, most of which appear in the Am Law 100 rankings, were targeted recently by a Russian hacker living in Ukraine seeking to trade on M&A information stolen from law firms.
According to Crain’s, a cybercriminal named ‘Oleras’ shared a plan to hack those firms on a cybercriminal forum in an attempt to solicit help from other hackers. The hacker named firms such as Akin Gump Strauss Hauer & Feld, Kirkland & Ellis, Sidley Austin and Sullivan & Cromwell as potential targets, according to the report.
Our ALM sibling Am Law Daily reached out to several of the firms listed by Flashpoint, all of whom either declined to comment or did not answer requests to do so.
A spokeswoman for Seattle-based Flashpoint said that all the information ‘has been turned over to authorities, and they’re handling the investigation at this time.’
Tom Ricketts, a senior vice president and executive director at Aon Risk Solutions, a unit of insurance brokerage giant Aon plc,’which has helped more than 60 law firms buy cyberinsurance‘within the last two years, said this type of incident is not uncommon.
‘More firms absolutely must take this incredibly seriously,’ said Ricketts, who was not involved in the attempted attack by the so-called Oleras. ‘This is a major threat.’
Ricketts said that hackers will typically pose as someone they’re not and send e-mails to firm employees and partners that are meant to trick the recipient into handing over their login credentials. The hackers can then peruse their victim’s e-mails for information about pending business transactions that a firm’s clients are involved in.
Ricketts said these scams, known as phishing attacks, have become increasingly sophisticated. Hackers no longer need to send out thousands of spam e-mails in the hope that one or two careless people will click on a nefarious link. Ricketts said he was involved in an incident recently in which the hacker sent 70 e-mails and got four hits in response.
The security firm FireEye Inc. published a report detailing the methods used by one group, calling itself ‘Fin4,’ which uses phishing attacks to obtain M&A information. The group’s fake e-mails are written in perfect English, use investing terminology and often ‘play up shareholder and public disclosure concerns,”the report said.
Of the more than 100 companies targeted by this group, 20% were law firms, according to Milpitas, CA-based FireEye. In some instances, the hackers were able to inject themselves into email threads between company employees.
On March 3, the FBI released a notification about the threat posed by the cybercriminal who was trying to hire other hackers to help gain access to law firms,’Bloomberg Big Law Business reported at the time. The notification advised firms to educate personnel about the threat of cyberattacks and to carefully scrutinize all e-mails, the report said.’
Knowledge of the tools used by hackers often isn’t enough. Last year Russian hackers gained access to sensitive U.S. Department of Defense servers through phishing attacks that duped security professionals into clicking on e-mails containing malicious code,’according to a report by CNET, which noted that hackers also found their way into the personal e-mail account of John Brennan, the director of the CIA.
Nell Gluckman writes for The Am Law Daily, an ALM sibling of e-Commerce Law & Strategy. He can be reached at [email protected]. Follow him on Twitter @NellGluckman.
‘
EU Privacy Pushback Prompts Lawyers to Look For Plan B
Companies that thought the new U.S.-EU "Privacy Shield" would restore legal certainty around trans-Atlantic data transfers may want to think again.
Beginning with the June Issue, e-Commerce Law & Strategy will no longer exist as a single entity. Instead, it will continue its evolution into our all-new, cutting-edge title: Cybersecurity Law & Strategy.
Does Adoption of Cloud Computing Shift Cyber Liability Risk?
The rapid adoption of cloud computing has attracted companies that seek to lower their information technology costs. At the same time, it is reported that there has been an increase in data loss and an increase in cyber-liability claims against companies. But the biggest vendors in the cloud computing industry want to push the risk of penetration of their systems onto their customers adopting the technology.
Law Firms Grapple With Cybersecurity Issues and Regulatory Risks
Security is always a concern for law firms, and the risks have only grown in recent years. Increasingly, attorneys, staff and clients have become more mobile and rely on an array of laptops, smartphones and tablets to stay connected 24/7. As more data is created and resides in more places, it becomes more vulnerable.