When a law firm experiences a breach, there’s a lot at stake. In addition to the time, effort and expense the firm must spend responding to a cyber attack, employees may find themselves unable to access the firm’s technology and, therefore, unable to invoice hours.
To sum it up, a firm’s reputation suffers when it can’t meet the needs of its clients, which in turn, could lead to a loss of market share.
Meanwhile, the risk of being breached is significant. In its?, the American Bar Association noted that 26% of the firms surveyed reported having experienced a security breach. Cybersecurity incidents included hacks, website attacks and the loss of devices such as laptops.
To showcase the rising danger and repercussions, we’ve compiled a list of the eight most notable cyberattacks and cyberthreats targeting law firms.
The Most Damaging Legal Industry Cyberattacks
8. Oleras
In 2016, a cybercriminal using the alias Oleras allegedly??to steal confidential information to facilitate insider trading. The hacker attempted to hire accomplices via the criminal underground to help breach the law firms’ defences and then use keywords to search for pending deals
To entice others to join, Oleras advertised a plan that detailed the names, email addresses and social media accounts of the law firm employees to be targeted.
One of the phishing emails associated with the scheme appeared to originate from a business journal asking to run a profile of the recipient about their work in mergers and acquisitions.
- Cyberattack type:?Phishing
- Location:?United States
- Cost:?Undisclosed
Once made aware of the threat, the FBI initiated an investigation and?issued an industry alert. To date, none of the law firms targeted by Oleras have disclosed a breach in their firm’s defences.
7. Jenner & Block and Proskauer Rose
Jenner & Block admitted that, in response to a request that appeared legitimate, the firm had ¡®mistakenly transmitted¡¯??to ¡®an unauthorised recipient¡¯ in 2017. The phishing scheme resulted in the inadvertent sharing of personal information of 859 individuals, including their Social Security numbers and salaries.
Proskauer Rose experienced a?, involving what appeared to be a routine request from a senior executive within the firm. In this case, the firm lost control of more than 1,500 W-2s.
- Cyberattack type:?Phishing
- Location:?New York
- Cost:?Undisclosed
- People affected:?2,359
Jenner & Block reported the breach to the?relevant authorities. It provided two years of access to Experian’s ProtectMyID Elite 3B product to employees whose information was released. It also established a hotline for former and current employees and held townhall meetings with employees to discuss the breach.
Proskauer Rose also notified authorities of the disclosure of its employees’ personal information. The firm provided two years of identity recovery services for all employees, regardless of their involvement in the breach.
6. GozNym Malware
In 2016, two undisclosed law firms??involving malware known as GozNym, which criminals used to covertly steal banking login and password information.
To trick law firm personnel into providing their banking credentials, the criminals sent a phishing email that directed the recipient to web pages designed to look like their bank’s website. The scheme used keystroke logging, which recorded the keys entered when victims visited the fake bank site. It then sent that information surreptitiously to the cybercriminals.
The attack targeted bank accounts at Bank of America and Brookline Bank. Once the criminals gained access to the law firm’s bank accounts, they transferred funds to other US and foreign bank accounts that they controlled. One law firm experienced a loss of more than $76,000, while the other firm lost $41,000.
- Cyberattack type:?Phishing and malware
- Location:?Washington D.C. and Wellesley, Massachusetts
- Cost:?$117,000
According to the indictment, GozNym infected thousands of devices, with the potential to cause more than $100 million in losses.
5. Cravath Swaine & Moore and Weil Gotshal & Manges
To engage in??and gather?confidential information?regarding pending mergers and acquisitions, three Chinese nationals targeted the law firms of Cravath Swaine & Moore and Weil Gotshal & Manges.
According to the?, Iat Hong, Bo Zheng and Chin Hung earned over $4 million in profits while trading on information they stole from the law firms. To gather such information, the perpetrators used their unauthorised access to?read emails belonging to partners?at both firms about pending transactions involving public companies.
The indictment notes that the defendants targeted five additional law firms, launching at least 100,000 attacks on those firms.
- Cyberattack type:?Malware and other undisclosed methods
- Location:?New York
- Cost:?Undisclosed
- Illegal trading profits:?$4+ million
For trading on insider information, the US Securities and Exchange Commission?.
4. DLA Piper
In June 2017, DLA Piper??that first struck its Ukrainian offices during an upgrade of its payroll software. The attack involved malware known as NotPetya. The firm cited its ¡®flat network structure¡¯ as a reason the infection spread so quickly.
As a result of the attack, DLA Piper employees around the world could not use the firm’s telephones or email system, and some struggled to access certain documents. However, the firm states that it did not lose any data and its backups remained intact.
- Cyberattack type:?Ransomware
- Location:?Ukraine, then global
- Cost:?Millions of dollars
In response to the attack, the firm’s IT department?. Given the depth and severity of the attack, the firm had to wipe and rebuild its Windows environment.
3. Appleby
In 2016, Appleby ¨C an offshore law firm located in Bermuda ¨C experienced a cyberattack. News of the attack surfaced in 2017, when the hack attracted interest from the?.
Known as the Paradise Papers, the law firm’s breached records included?. According to?, a total of 96 media companies and 381 journalists reviewed the documents.
The same journalists from?S¨¹ddeutsche Zeitung?who received the Panama Papers also obtained the documents in the Paradise Papers. Appleby denied the involvement of an insider, instead?.
- Cyberattack type:?Hack or insider attack
- Location:?Bermuda
- Cost:?Undisclosed
- People and companies affected:?120,000+
In response to the breach, Appleby engaged in?, seeking compensation for the disclosure of its legal documents. It subsequently settled the dispute by entering into a??with both media companies.
The ICIJ reports on the Paradise Papers resulted in the?. The ICIJ also reports an increased awareness of the need for vigilance and more robust security to prevent future breaches.
2. Grubman Shire Meiselas & Sacks
In May 2020, Grubman Shire Meiselas & Sacks, which offers legal services to the entertainment and media industries, acknowledged having experienced a ransomware attack. To exert pressure, the hackers leaked information involving Lady Gaga, who is a client of the law firm. They also threatened to release information involving other celebrities.
The attackers asked for a??to prevent the release of the documents to the public. The perpetrators originally asked for $21 million, then doubled their payment demand.
According to news outlets, the criminals behind the attack??from the firm so far. They threatened to release additional data, much of which involves celebrities, if they do not receive payment in full.
- Cyberattack type:?Ransomware
- Location:?Undisclosed
- Cost:?To be determined
- People affected:?To be determined
As part of its response, the firm disclosed that it has hired ¡®the world’s experts who specialise in this area, and [is] working around the clock to address these matters¡¯.
Previously, Travelex ¨C a British company that provides foreign exchange services ¨C paid the same criminal gang a?.
1. Mossack Fonseca
In April 2016, journalists from German newspaper?S¨¹ddeutsche Zeitung, Bastian Obermayer and Frederik Obermaier,??belonging to the Panamanian law firm Mossack Fonseca. The journalists subsequently contacted the International Consortium of Investigative Journalists (ICIJ). The ICIJ put together a team of??to review the documents, later known as the Panama Papers. Among other forms of questionable activity, the documents detailed the widespread use of shell companies and complex transactions as means of committing tax fraud.
While some claim that the 11.5 million records that ended up in the hands of the world press came from a leak from an anonymous insider, Mossack Fonseca claims that the firm?.
Cyberattack type:?Hack or insider attack
Location:?Panama City, Panama
Cost:?The firm??in March 2018
People affected:?
In the aftermath of the Panama Papers, several individuals mentioned in the documents resigned, including Iceland’s then prime minister,?. Governments around the world used the documents to recover more than $1.2 billion. As a direct result of the adverse publicity associated with the Panama Papers, Mossack Fonseca closed its doors in March 2018.
In addition to attempting to commit run-of-the-mill bank fraud, cybercriminals increasingly want access to the data and intellectual property in a firm’s possession. In fact, many of the most damaging attacks involve either the outright theft of confidential data to support insider trading schemes or the theft and ransom of law firms’ client data.
If you’re looking to enhance security at your organisation,?Arctic Wolf provides law firms?with customised cybersecurity services, which include round-the-clock, on-demand access to a dedicated team of?security experts?with extensive experience working with the legal sector.
