Nearly One Fifth of Law Firms Show Signs of Compromise

Cybersecurity experts are calling for the legal sector to be defined as critical to securing national infrastructure, after revealing that 100% of law firms were targeted by attackers in the first quarter of 2020.

BlueVoyant appraised thousands of law firms worldwide between January and March 2020, to compile its latest report, Sector 17 – The State of Cybersecurity in the Legal Sector.

Of those targeted, some 15% are likely to have been compromised while nearly half showed signs of suspicious activity, including malicious proxy use, it said.

The near-$1 trillion sector is a prime target for financially motivated attacks as well as nation state actors looking for sensitive information they can use to make money or leverage geopolitically.

The report details examples of ransomware threats, financial data and PII theft, third-party risks, password breaches, insider leaks and hacktivism.

These include stand-out cases such as the 2016 Panama Papers breach of law firm Mossack Fonseca, the 2017 ‘ransomware’ outage at DLA Piper caused by NotPetya, and this year’s Luanda Leaks breach which revealed incriminating evidence on the former President of Angola.

BlueVoyant, a firm which counts former GCHQ director Robert Hannigan as its chairman, wants the sector to be added to the 16 others defined by the Department of Homeland Security as critical to securing national infrastructure, resources and resiliency.

“The stakes could not be higher. While the legal sector is performing well in comparison to the other 16 sectors, attacks against law firms constitute some of the most sensational and damaging cyber-attacks in history. We have already seen how recent incidents can cause substantial geopolitical fallout, not to mention tremendous direct and indirect financial repercussions for law firms,” argued CEO Jim Rosenthal.

“Threat actors are aggressively targeting law firms, and they are doing so daily. Threats against law firms are high volume, multi-faceted, and organized; threat actors use multiple sophisticated tools and techniques; and, notwithstanding industry-leading efforts, law firms have been successfully compromised.”

What’s Hot on Infosecurity Magazine?