Often entrusted with privileged communications, confidential employee and client records, intellectual property, and critical business insights, law firms serve as an abundant resource for those seeking illicit access to proprietary information.
The rapid emergence of cybercrime within the legal industry presents many unique challenges for law firms, which is why Flashpoint is proud to work with numerous industry leaders. Flashpoint empowers law firms to bolster security, inform strategic decisions, gain visibility into industry-specific threats and actors, and mitigate risk.
Below are examples of the types of threats Flashpoint works with legal industry customers to address:
MERGERS & ACQUISITIONS (M&A) INTEGRITY
Although most law firms maintain privileged access to their clients’ proprietary information, those specializing in M&A negotiations have become of particular interest to cybercriminals involved in insider trading. The problem for law firms seeking to protect their clients’ M&A information from compromise is that these cybercriminals operate solely within the most exclusive corners of online illicit communities. These regions are nearly impossible for outsiders to penetrate, which means the exploitation of M&A information often goes undetected until after the damage has occurred.
After months spent gaining access to one Russian-speaking forum, Flashpoint analysts observed an actor in search of “hackers-for-hire” to assist in harvesting valuable corporate information. Flashpoint continued to track this actor, who soon revealed complex phishing, insider trading, and money-laundering schemes targeting proprietary M&A information from 48 top-tier U.S. law firms. Flashpoint immediately notified the authorities and named law firms of the yet-to-be enacted scheme, which enabled them to appropriately secure their clients’ proprietary information and mitigate the associated risks.
Image: Russian-speaking threat actor “oleras” seeks hackers-for-hire to exfiltrate M&A information from U.S. law firms.
Despite many organizations’ efforts to prevent malware infections, cybercriminals operating within illicit communities continue to produce complex malware strains capable of bypassing even the most robust controls and detection measures. Unfortunately, the desirable information harbored by many law firms makes them an especially vulnerable target. And because traditionally they have not been a main target of cybercriminals, many law firms lack the tools, expertise, and manpower required to mitigate many types of malware infections.
Flashpoint’s extensive coverage of online illicit communities provides advance visibility of emerging campaigns and threats. During the recent investigation of an attempted malware infection at a major U.S. law firm, Flashpoint identified that the malware had previously been used in multiple attempts to breach and exfiltrate proprietary information from other law firms. While the threat actors initially appeared to be linked to the Chinese-speaking underground, Flashpoint determined they were actually Russian-speaking and had used a falsified domain registration and incorporated random strings into the malware code to hide their identities. Flashpoint then alerted the authorities as well as law firms so they could adjust security and detection measures, proactively address infections, and reduce exposure.
Image: Threat actors incorporated randomly-generated file names into the malware code to hide their identities.
Organizations across certain industries have spent decades bolstering cybersecurity and addressing complex cyber threats. But, as the legal industry has not been a primary target for cybercrime until recent years, law firms tend to have much less experience confronting these types of threats. Indeed, many law firms have reported issues identifying and patching vulnerabilities within critical systems and databases. Even worse, as cybercriminals continue to develop advanced methods of finding and exploiting unpatched vulnerabilities, more law firms are facing the harsh realities that come with these threats.
Flashpoint recognizes that security vulnerabilities are a common yet problematic issue for many law firms. By constantly monitoring illicit communities in search of cybercriminal schemes pertaining to vulnerabilities, Flashpoint analysts often uncover law firms’ previously-unknown vulnerabilities and cybercriminals’ nascent plans to exploit them. Recently, Flashpoint observed that access to three U.S. law firms’ Remote Desktop Protocol (RDP) servers, along with each servers’ IP addresses and login credentials, were offered for sale on a Russian-language forum. Details surrounding the offered sale clearly indicated that threat actors had gained remote access to law firms’ internal systems. As such, Flashpoint immediately notified the affected law firms so they could address the previously-unknown issue, reduce any further exposure, and mitigate risk.