Cyber Attacks and Prevention for Lawyers: Understanding the Risks and Safeguarding Your Practice

In today's digital landscape, law firms have become increasingly attractive targets for cybercriminals. The sensitive and valuable nature of the data handled by legal professionals makes them prime candidates for a variety of cyber threats. This article delves into why cyber attacks on law firms happen, what criminals are targeting, real-world examples of these attacks, and how legal practices can safeguard themselves against these threats.

Why Cyber Attacks Happen

The primary reason cyber attacks on law firms are so prevalent is the highly valuable data they hold. Lawyers routinely handle personal client details, financial records, intellectual property, and confidential communications—all of which are gold mines for cybercriminals. This data can be sold on the dark web, used for identity theft, or leveraged for other malicious purposes. The sheer volume and sensitivity of the information in a law firm's possession make it an enticing target.

Another factor contributing to the frequency of attacks is the perceived vulnerability of law firms. Many cybercriminals believe that legal practices, especially smaller ones, may not have the robust cybersecurity measures that larger corporations have in place. This perception makes law firms appear to be easier targets, enticing hackers to attempt breaches.

Financial gain is a significant motivator behind many cyber attacks. Ransomware attacks, where criminals encrypt a firm's data and demand a ransom for its release, are particularly common in the legal sector. Given the critical nature of the information involved, law firms are often willing to pay substantial sums to regain access to their data. This willingness to pay makes them an even more attractive target for ransomware operators.

In some cases, law firms are targeted for political or competitive espionage. Firms involved in high-profile cases or representing significant clients can be attacked to gather intelligence that can be used to influence the outcome of legal proceedings or gain a competitive edge in business negotiations. Such attacks are often sophisticated and well-funded, making them difficult to defend against.

What Criminals Are Targeting

Cybercriminals targeting law firms focus on several key types of data. Client information, including personal and financial details, is highly sought after. This information can be used for identity theft, fraud, or sold on the dark web. Social security numbers, bank account details, and other personal information are particularly valuable.

Case files are another prime target. The confidential details contained within these files can be exploited for various nefarious purposes. Hackers might use the information for blackmail, to manipulate legal proceedings, or to gain insights that could be sold to interested parties. The sensitive nature of these documents makes them particularly valuable to cybercriminals.

Intellectual property is also a major target, especially for firms dealing with patent law, intellectual property rights, or trade secrets. Competitors or foreign entities may be willing to pay a premium for access to this information, which can give them a significant advantage in the marketplace.

Communication records, such as emails and other forms of correspondence, are another attractive target. These records can contain sensitive negotiations, strategic discussions, and confidential client advice. Cybercriminals can use this information to gain an advantage in legal battles, business negotiations, or to simply sell the information to the highest bidder.

Ransomware Hits Law Firms Hard - Worse Than Ever Before

In excerpts from an excellent article by logikcull, they wrote, “If you follow legal industry news, then you’ve probably read about at least a few ransomware attacks. Customers locked out of projects, lawyers shut out of their system, employees warned not to turn on wifi when approaching their office—ransomware attacks can get ugly quickly. Even large firms and respected vendors can fall victim.

But the “traditional” cyberattack seems relatively mild compared to a new wave of ransomware attacks hitting law firms, attacks where law firm data isn’t just encrypted and held for ransom, but where it’s released to the public when the ransom isn’t paid.

New Wave of Ransomware Attacks Hits Law Firms

This latest evolution of ransomware attacks is being driven by a new form of ransomware known as Maze. A typical Maze attack works similarly to a normal ransomware attack: The victim’s network is infiltrated and its information encrypted or otherwise seized. That’s, unfortunately, not unusual. But it’s in what comes next that Maze breaks with past practices.

In the most typical ransomware fact pattern, after encryption is complete, a ransom is then demanded, often via Bitcoin payment, in order to obtain a decryption key.?

But with Maze, that data isn’t just encrypted, it’s exfiltrated first—stolen. And while cyber ransoms have often handled (and paid) in the darker allies of the internet and often without public knowledge, hacking groups using Maze conduct their crimes in broad daylight. Victims are listed publicly on Maze’s website. The hackers then demand two ransoms, totaling between $1-2 million: one ransom to get their data back, another to have it destroyed.

If victims don’t pay up, their data is slowly made available to the public.

It’s the cyber equivalent of a severed finger delivered to your doorstep.

Maze’s public website, according to Krebs on Security, includes the date of the infiltration, the total volume of data stolen, and the IP addresses and machine names of the servers accessed. The site reads :

“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news!”

So far, at least five law firms in three states have been victims of the attack, according to reports by SCMedia. And at least one of those law firms appears to have paid to be delisted, Law.com reports, only to have its internal data subsequently released to the public. The leaked information was highly sensitive, according to the electronic evidence and information security blog Ride the Lightning:

“The data includes pain diaries from personal injury cases, fee agreements, and HIPPA consent forms among other documents.”

These most recent attacks don’t seem to be targeted at law firms exclusively, but the release of law firm data can be particularly devastating, given the sensitivity of data in law firms’ possession.

Indeed, it is the sensitivity of law firm data that makes them, along with financial institutions and healthcare providers, such a valuable target to hackers. Nowhere is that sensitive data more concentrated than during the discovery process, where sensitive information—the stuff worth suing over—is all gathered in one place. And far too often that place is an on-prem system that is horribly out of date, with limited resources devoted to protecting them from intrusion.

It’s no wonder then, that experts identify discovery repositories as particularly enticing, and vulnerable, targets for hackers. “The reality is this is already happening,” according to Lael Andara, litigation partner at Ropers Majeski. “We just haven't necessarily identified the hacks.”

And it’s no wonder, either, that security-minded legal professionals are taking a harder look at their discovery processes, limiting the amount of data that leaves their control, and opting for encrypted, highly-secure, closed-loop systems for their most sensitive documents.

How Maze Differs From Past Attacks

The Maze attacks mark a particularly troubling evolution in ransomware attacks. In the past, such attacks were largely a private affair. Data was held hostage through encryption, locally on your machines, and a ransom demanded for its decryption.

If you paid the ransom, there was a chance (but no guarantee) that your information could be recovered.

If you followed the advice of organizations like the FBI and refused to pay, you could rely on backups to restore your information without, hopefully, crippling disruption—or public knowledge. Despite a growing number of data breach disclosure laws, it’s estimated that only a small percentage of law firm data breaches are ever reported.

The Maze attack changes that equation. By not just encrypting data, but exfiltrating it and threatening to expose it to the public, the hackers can gain even further leverage over their victims—particularly if their victims deal with sensitive information.

Maze hackers seem to be remarkably strategic in their attacks as well. Infiltration strategies include impersonating government agencies and security vendors, for example.

Even when a ransom is paid, there is no guarantee that your data will be safe. As Brett Callow, a threat analyst at the cybersecurity company Emsisoft notes:

“Organizations that have data stolen have no good options available to them. Threat actors will promise to destroy data (that they’ve stolen) if ransoms are paid – but why would a criminal enterprise destroy data that it may be able to further monetize? The answer is that they probably will not.”

Every instance of cybercrime may leave you saying “there but for the grace of God go I,” but there are steps that can be taken to reduce your risks of becoming a victim of ransomware. As the FBI notes, “proactive prevention is the best defense.” That includes staying on top the latest threats and training your employees

Email scanning, firewalls, anti-virus programs, and following the “principle of least privilege”—that is, granting access to data or administrative tools to only those who have an absolute need for it—can all help protect against cyberattacks and reduce their impact, should they arise.?

Additionally, using tools that have robust security controls, such as data encryption in transit and at rest, and cloud-based software which is kept constantly up-to-date, can go a long way to protecting your information, and your clients.

For legal professionals, it’s no longer acceptable to wait for a problem to arise before addressing it. When it comes to cybersecurity, a proactive approach is the only way to stay secure.

Yet too many of us still rely on past practices and past tools that are disasters waiting to happen. Unsecured email, weak or nonexistent access control policies, a susceptibility to phishing attacks, on-prem hardware and software that is rarely updated—all of these practices are commonplace, and all help increase the odds that, when the hackers come, you won’t be able to keep them out.”

Real-World Examples of Cyber Attacks on Law Firms

The reality of cyber threats to law firms is starkly illustrated by several high-profile incidents in recent years. Accourding to an article by DarkReading, more than 25% of law firms and corporate legal departments have been attacked in the last three years. These examples highlight the vulnerabilities and consequences of cyber attacks on legal practices.

1. Grubman Shire Meiselas & Sacks: In May 2020, the high-profile entertainment law firm Grubman Shire Meiselas & Sacks was targeted by the REvil ransomware group. The attackers claimed to have stolen 756 gigabytes of data, including contracts, personal emails, and sensitive client information related to celebrities such as Lady Gaga and Madonna. The hackers demanded a ransom of $21 million, threatening to release the stolen data if their demands were not met. The firm refused to pay, resulting in portions of the stolen data being leaked online.
2. Campbell Conroy & O'Neil: In July 2021, Campbell Conroy & O'Neil, a prominent U.S. law firm, suffered a ransomware attack that compromised sensitive client information, including personal identification details, Social Security numbers, financial information, and health records. The breach affected clients from various industries, including automotive, aviation, and insurance. The firm had to notify affected clients and work with cybersecurity experts to restore its systems and enhance security measures.
3. Goodman & Company: In October 2022, the Canadian law firm Goodman & Company experienced a cyber attack that resulted in the theft of confidential client data. The attackers gained access to the firm's network through a phishing email, compromising personal and financial information of their clients. The breach prompted the firm to invest in advanced cybersecurity measures and conduct extensive client outreach to mitigate the impact.
4. Fragomen, Del Rey, Bernsen & Loewy, LLP: In November 2020, Fragomen, Del Rey, Bernsen & Loewy, LLP, a leading immigration law firm, experienced a spear phishing attack that resulted in unauthorized access to the personal information of employees at a major tech company client. The attackers sent targeted phishing emails that tricked employees into revealing their credentials, allowing the attackers to access sensitive data, including Social Security numbers and immigration details. The breach exposed the personal information of thousands of employees, leading the firm to implement stricter email security protocols and conduct extensive employee training to prevent future attacks.
5. Seyfarth Shaw LLP: In October 2020, Seyfarth Shaw LLP, a large international law firm, suffered a ransomware attack that significantly disrupted its operations. The attack encrypted many of the firm's systems and data, forcing them to take systems offline and work with cybersecurity experts to contain and recover from the incident. The attackers demanded a ransom for the decryption key, but the firm refused to pay. Instead, Seyfarth Shaw LLP notified clients, engaged with law enforcement, and took steps to strengthen its cybersecurity posture, including enhancing its incident response plan and increasing monitoring of its IT infrastructure.
6. Cochran Firm: In June 2021, the Cochran Firm, known for its civil rights litigation, was hit by a ransomware attack that encrypted critical case files and client data. The attackers demanded a ransom for the decryption key. The firm worked with law enforcement and cybersecurity experts to handle the situation, while also enhancing its cybersecurity measures to prevent future incidents. The attack caused significant disruptions to ongoing cases, and the firm had to implement manual processes to continue its operations while systems were being restored.
7. Lavery Lawyers: In February 2022, Lavery Lawyers, a prominent law firm in Quebec, Canada, was targeted by a cyber attack that compromised confidential client information. The attackers exploited a vulnerability in the firm's network to gain access to sensitive legal documents and personal data. The breach affected a wide range of clients, including individuals and corporations, and exposed confidential information related to ongoing legal matters. The firm had to inform affected clients, collaborate with cybersecurity experts to close the vulnerability, and invest in advanced cybersecurity solutions to secure its systems and prevent future attacks.
8. Holland & Knight LLP: In September 2021, Holland & Knight LLP, a major US law firm, experienced a cyber attack that resulted in unauthorized access to its IT infrastructure. The attackers were able to steal sensitive client information, including legal documents and personal data. The breach was discovered when suspicious activity was detected on the firm's network, prompting an investigation. The firm took immediate action to secure its systems, notify affected clients, and work with cybersecurity experts to prevent further breaches. Holland & Knight LLP also reviewed and updated its cybersecurity policies to address the vulnerabilities exploited in the attack.

Since 2020, countless law firms in the US and Canada have been increasingly targeted by cyber attacks, highlighting the critical need for robust cybersecurity measures in the legal industry. These incidents underscore the importance of proactive, multilayered cybersecurity strategies to protect sensitive legal data.

Preventing Cyber Attacks

To safeguard against cyber attacks, law firms must implement robust security measures. Investing in comprehensive cybersecurity solutions, including firewalls, antivirus software, and intrusion detection systems, is essential. Regular updates and patches are necessary to protect against vulnerabilities that cybercriminals can exploit.

Encrypting sensitive data both at rest and in transit is another critical step. Encryption ensures that even if data is intercepted or accessed without authorization, it remains unreadable to the attacker. This layer of security is vital for protecting the confidentiality of client information and case details.

Access control is also crucial. Implementing strict access controls ensures that only authorized personnel can access sensitive information. Using multi-factor authentication (MFA) adds an extra layer of security, making it more difficult for unauthorized users to gain access.

Employee training is an often-overlooked but vital aspect of cybersecurity. Educating staff about the importance of cybersecurity and training them to recognize phishing attempts, suspicious emails, and other common attack vectors can significantly reduce the risk of a breach. Regular training sessions and updates on the latest threats can keep employees vigilant and aware of potential risks.

Conducting regular security audits and risk assessments is another important preventative measure. These audits can identify and address potential vulnerabilities before they become significant threats. A proactive approach to security can help mitigate risks and ensure that the firm's defenses remain robust.

Developing and maintaining an incident response plan is essential for quickly and effectively responding to cyber incidents. This plan should include procedures for isolating affected systems, notifying clients, and restoring data from backups. Having a well-thought-out plan in place can minimize the damage caused by a breach and help the firm recover more quickly.

Finally, it is important to ensure that any third-party vendors or partners adhere to stringent cybersecurity standards. A breach in a vendor's system can compromise your data as well, so it is crucial to vet the security practices of any third parties you work with.

Conclusion

Law firms are high-value targets for cybercriminals due to the sensitive and valuable information they handle. Understanding the motivations behind these attacks and what criminals are after is the first step in defending against them. By implementing robust cybersecurity measures, educating employees, and maintaining a proactive stance on security, law firms can significantly reduce the risk of cyber attacks and protect their clients' trust and their own reputations. In an era where data breaches are increasingly common, taking these steps is not just prudent—it's essential. The real-world examples of cyber attacks on law firms underscore the urgency and importance of these measures in safeguarding legal practices.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By investing in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every device connecting to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and tools fills the gaps in your business's IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at [email protected]