Law firms are “performing admirably” in response to daily cybersecurity threats, but are still being successfully compromised, research has found.
“Threats against law firms are high volume, multi-faceted, and organised,” it said. “Threat actors use multiple sophisticated tools and techniques.”
This year has seen law firms’ information released as part of the Luanda Leaks – an investigation into how Africa’s richest woman, Isabel dos Santos, acquired her fortune – while earlier this month leading New York entertainment law firm Grubman Shire Meiselas & Sacks was hit by a ransomware attack.
Cybersecurity firm BlueVoyant analysed cybersecurity assessments for almost 2,000 law firms globally, and also conducted a detailed analysis of a sample of 20 firms.
It found that the legal sector earned a risk rating close to sectors like finance and energy, which are considered the most advanced and sophisticated in terms of cyber defence.
But the report continued: “While legal cyberdefenses are generally robust, so too are the motivations of their adversaries and the attacks waged against them.”
BlueVoyant said it observed “millions of threats” targeting the legal sector: “These threats were not only high-volume and constant, amounting to hundreds of thousands of attempted attacks against law firms daily; they were also highly targeted, as evidenced by numerous engagements with threat actors on the deep and dark web.
“Threat actors steal and abuse credentials; probe for network vulnerabilities; use anonymising tools and proxies; and make use of persistent, advanced tactics in order to ‘crack’ law firms around the world.”
The company discovered “non-trivial evidence of compromise” at firms of all sizes, including the largest and most sophisticated global firms.
The attacks came in many forms, including the criminal pursuit of sensitive financial information, ransomware, password breaches and leaks, and ‘hacktivism’.
BlueVoyant also surveyed the dark web. On Exploit, “an elite Russian-language cybercrime forum where threat actors auction malware, stolen data, and other illicit digital goods”, it found a post seeking access to European law firms, and another offering network access to a US law firm.
Law firms were also sources of private identity information traded on the dark web.
The detailed analysis revealed that three of the 20 firms were likely to have been compromised based upon strong evidence of suspicious traffic – and many more (almost half) showed signs of suspicious activity, including malicious proxy use.
Robert Hannigan, chairman at BlueVoyant’s European operations and formerly director of GCHQ, said: “Law firms not only hold very sensitive information, they are also a potential threat to the companies and individuals they represent.
“They can be a weak link in the supply chain and we have seen a number of cases where clients have been attacked through their lawyers. For that reason, big companies, especially in financial services, are looking very closely at their law firms’ cyber readiness and doing cyber due diligence much more rigorously.”