The National Cyber Security Centre (NCSC), part of GCHQ, yesterday published its first report on the growing cyber threat to the legal profession.
It said that while the primary threat stemmed from cyber criminals with a financial motive, “nation states are likely to play an increasingly significant role in cyber attacks at a global level, to gain strategic and economic advantage.
“There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.”
The NCSC said that, according to Action Fraud, in the two years to March 2018, 18 law firms reported hacking attempts.
“Such attacks tend to be more targeted in nature and are most likely initiated by phishing. They are often the work of more sophisticated cyber actors such as organised crime groups and nation states.”
The NCSC said the most significant cyber threats facing law firms were phishing, data breaches, ransomware, and supply chain compromise.
The report spells out the dangers and steps firms can take to combat them.
On phishing, it said the Solicitors Regulation Authority has publicised 110 scams against law firms so far in 2018, but “there are likely to be many more that go unreported”.
It gave the case study of a “mid-sized law firm with a multi-million pound turnover”, where a senior partner broadcast on social media full details about a business trip to Barcelona.
A criminal gang based overseas used this information to initiate a phishing attack against the firm’s accounts team. An accounts clerk received an email from an account spoofing the senior partner’s email address, instructing her to pay an invoice and imploring confidentiality.
Even though the firm had in place a number of policies and procedures that systemised the payment of invoices, they were able to persuade the accounts team to bend the rules, under the pretext of urgency, confidentiality and seniority.
The criminals also knew that the accounts team were tied up in installing a new accounting package and training on the new system, as a staff member had mentioned it on Facebook. It was at this time that the criminals convinced the clerk to make an authorised payment of £35,000.
The section on ransomware referenced the global attack last year on DLA Piper that caused significant business disruption for a number of weeks and is to date the single biggest cyber attack to ever hit any law firm.
The attack utilised a new variant of the Petya malware (NotPetya) via the software update mechanism of M.E. Doc, a Ukrainian tax program that had been compromised to spread the malware.
The report said the attack appeared to be a ransomware attack; it was later identified as a destructive variant so that the data was encrypted.
DLA Piper was running around 800 applications at the time and went through a process afterwards of building them back up. “Since the attack, the firm has been running a number of programs to enhance security and business resilience.”
Looking to cyber security trends, the report noted the increasing use of artificial intelligence (AI) systems among the large law firms, saying: “AI may help with thwarting future attacks, although may also be used maliciously, for example, to fool AI fraud checks or craft high-quality phishing emails.”
NCSC chief executive Ciaran Martin said: “Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
The report was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Law Society president Christina Blacklaws said: “In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have also launched a legal sector group on the free Cyber Information Sharing Platform.