Law Firms and Cyberthreats: Lawlessness in the Land of Law

June 29, 2018 Todd Thiemann

Remember the story about Willie Sutton, the bank robber? He was asked, “Why do you rob banks?” He allegedly answered, “Because that’s where the money is.”

Why do cyberthieves target law firms? The answer is as straightforward as Sutton’s: Because that is where there is a wealth of valuable data.

That’s why cyberattacks within the legal industry are becoming quite common. The 2017 Legal Technology Survey reported that 22% of surveyed law firm respondents suffered a security breach at their firm. Below are some of the actors and motives we’ve seen in recent compromises:

State Actors— Hackers backed by the Iranian government compromised a law firm (along with universities and government agencies) in an effort to steal data and intellectual property. State actors have the budgets and time to go “low and slow” to obtain what they want. With those resources and patience, they can be relentless.

  • What to consider: Have you plugged your major security vulnerabilities? Do you have an education program in place to train your staff about phishing and other types of attack vectors? Do you continuously monitor your environment to catch the “low and slow” threats?

Hacktivists – Does the name Mossack Fonseca ring bells?  It was the Panamanian law firm that gained renown through the Panama Papers leak, where hacktivists gained access to tax shelter documents used to skirt tax laws.

  • Interesting fact: Mossack Fonseca subsequently closed its doors due to “reputational deterioration.”
  • What to consider: If your law firm has controversial or unpopular clients, you may have a target on your back.

Criminal Gangs, Insider Trading and Profit MotiveCravath Swaine & Moore LLP and Weil Gotshal & Manges LLP are white-shoe law firms in New York City that were breached to obtain confidential information for insider trading purposes. These particular hackers were reported to be Chinese, and three of them made $4M trading on inside information.

  • What to consider: Bad guys exfiltrated data from compromised systems in this hack. Can your firm correlate logs from multiple sources to locate and isolate compromised systems? Given the cost to build a SIEM and operate a security operations center (SOC) for this purpose, think about SOC-as-a-service.

Ransomware and (Illicit) Profit Motive—Law firms are similar to every other business in that they suffer from malware and, in particular, ransomware.  The posterchild firm for this is DLA Piper, which experienced a ransomware attack so devastating that it brought its entire IT operations to a standstill. Lawyers and staff rely on IT to do most of their work. Having no IT systems available means no, or drastically reduced, billable hours. In dollar figures, the costs at DLA Piper were reported to be “in the millions.”

  • What to consider: You may have enough layers of protection, but how do you monitor your security tools and detect what inevitably slips through?

Law firms face a threat environment with a lot of bad guys with various motives. The bad guys only have to get it right once to compromise a firm. And they are getting it right far too often. As a result, we see a lot of interest in the legal community for vulnerability scanning and 24/7 security monitoring to meet the vendor risk requirements of law firm clients. For more, check out our white paper to learn how your firm can protect against the top five cyberattacks by clicking on the banner below:












About the Author

Todd Thiemann

Todd Thiemann is a Product Marketing leader at Arctic Wolf Networks. He writes and engages in thought leadership on behalf of Arctic Wolf because, as he describes, Arctic Wolf is an innovative security startup that is radically changing how enterprises perform managed detection and response.

You might also be interested in...
Previous Article
Don’t Be the Next Exactis: How Your Firm Can Avoid a Damaging Data Breach
Don’t Be the Next Exactis: How Your Firm Can Avoid a Damaging Data Breach

Exactis has exposed a projected 340 million records by storing them on a public-facing server.

Next Article
Point Products Are Not Enough!
Point Products Are Not Enough!

An over-reliance on point products appears to be hurting SMEs chances at standing up to cybercriminals. 


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!