Law firms under constant cyber-attack

Hannigan: Law firms can be a weak link in the supply chain

Law firms are “performing admirably” in response to daily cybersecurity threats, but are still being successfully compromised, research has found.

“Threats against law firms are high volume, multi-faceted, and organised,” it said. “Threat actors use multiple sophisticated tools and techniques.”

This year has seen law firms’ information released as part of the Luanda Leaks – an investigation into how Africa’s richest woman, Isabel dos Santos, acquired her fortune – while earlier this month leading New York entertainment law firm Grubman Shire Meiselas & Sacks was hit by a ransomware attack.

Cybersecurity firm BlueVoyant analysed cybersecurity assessments for almost 2,000 law firms globally, and also conducted a detailed analysis of a sample of 20 firms.

It found that the legal sector earned a risk rating close to sectors like finance and energy, which are considered the most advanced and sophisticated in terms of cyber defence.

But the report continued: “While legal cyberdefenses are generally robust, so too are the motivations of their adversaries and the attacks waged against them.”

BlueVoyant said it observed “millions of threats” targeting the legal sector: “These threats were not only high-volume and constant, amounting to hundreds of thousands of attempted attacks against law firms daily; they were also highly targeted, as evidenced by numerous engagements with threat actors on the deep and dark web.

“Threat actors steal and abuse credentials; probe for network vulnerabilities; use anonymising tools and proxies; and make use of persistent, advanced tactics in order to ‘crack’ law firms around the world.”

The company discovered “non-trivial evidence of compromise” at firms of all sizes, including the largest and most sophisticated global firms.

The attacks came in many forms, including the criminal pursuit of sensitive financial information, ransomware, password breaches and leaks, and ‘hacktivism’.

BlueVoyant also surveyed the dark web. On Exploit, “an elite Russian-language cybercrime forum where threat actors auction malware, stolen data, and other illicit digital goods”, it found a post seeking access to European law firms, and another offering network access to a US law firm.

Law firms were also sources of private identity information traded on the dark web.

The detailed analysis revealed that three of the 20 firms were likely to have been compromised based upon strong evidence of suspicious traffic – and many more (almost half) showed signs of suspicious activity, including malicious proxy use.

Robert Hannigan, chairman at BlueVoyant’s European operations and formerly director of GCHQ, said: “Law firms not only hold very sensitive information, they are also a potential threat to the companies and individuals they represent.

“They can be a weak link in the supply chain and we have seen a number of cases where clients have been attacked through their lawyers. For that reason, big companies, especially in financial services, are looking very closely at their law firms’ cyber readiness and doing cyber due diligence much more rigorously.”

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


A two-point plan to halve the size of the SRA

I have joked for many years that you could halve the size (and therefore cost) of the Solicitors Regulation Authority overnight by banning both client account and sole practitioners.

Key cyber and data security questions to ask a legal IT provider

One of the growing priorities that law firms face when considering a legal technology provider is cyber and data security, such as their responsibilities and cyber incident management.

Navigating carer’s leave: A personal journey and call for change

The Carer’s Leave Act 2023, which came into force on 6 April 2024, was a pivotal moment for the UK. It allows workers to take up to five unpaid days off a year to carry out caring responsibilities.

Loading animation