Thursday, November 21, 2024

UK Spy Agency: Ransomware Gangs Targeting Law Firms

British legal institutions across the board have been cautioned by the cybersecurity arm of GCHQ. The alarm bells are ringing as these law firms’ shift to hybrid working arrangements and the substantial amounts of money they manage is increasingly drawing the attention of cyber threats.

The cyberspy agency has also issued a note of caution regarding the ties these firms have with the supply chains of adversarial nations. This connection, they warn, marks them as prime targets for cyberattacks.

In a detailed report [PDF] released yesterday, the NCSC identified that the pandemic-induced remote working trend has made legal professionals more susceptible to online attacks. Asides from dealing with substantial financial transfers, these law firms regularly manage sensitive data, making them prime targets for cyber adversaries.

Yet, according to the NCSC, the transition to remote working didn’t receive the kind of criticism tech giants have for its potential to dampen morale and hamper innovation. The NCSC observed that this shift has actually boosted productivity within the legal sector, improving employee happiness by removing commutes and enhancing focus. However, the report noted that this shift introduces difficulties in collaboration and communication, which is where cyber threats like phishing emails find their entry point.

Small law practices face distinct risks due to their dependence on external IT contractors, a factor that complicates self-assessment of the adequacy of their cyber risk controls.

The report underscores the rise in the activity of “hackers-for-hire,” commissioned to conduct harmful cyber activities for third-party clients, usually including information theft to gain advantages in business transactions or legal disputes. These hackers provide their clients with technical prowess and plausible deniability if the cyberattack were to be discovered.

Recommended:  UK: Data breach at Greensward Academy

But it’s not just the conventional cybercriminals – the agency also warned of enemy states like Russia, Iran, and North Korea. These nations exploit criminal actors to raise funds, create disruption, and apply criminal malware techniques.

The report highlighted the susceptibility of major law firms, which could be part of wider supply chains exploited by nation states.

Law firms were urged to incorporate security measures within their contracting process and to refrain from paying ransoms, as there’s no assurance of data recovery, and this could encourage future attacks. The agency also advised enhancing password management, restricting user permissions, implementing multi-factor authentication, and maintaining software updates. Regular testing of disaster recovery and backup plans, and maintaining stringent control over remote system access, were other key recommendations.

The report mentioned Pegasus, the software by Israeli company NSO Group, which is capable of extracting data and remotely activating microphones on mobile devices. Lawyers were identified as being among the prime targets of such software.

The NCSC further warned firms to thoroughly consider third-party security measures, noting the primary supply chain issue to be a third-party’s failure to adequately secure sensitive data systems.

The agency also recommended engaging senior leadership in addressing cybersecurity risk, encouraging them to become more informed and proactive about potential threats.

See the report here: https://www.ncsc.gov.uk/files/Cyber-Threat-Report_UK-Legal-Sector.pdf

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Recommended:  IoT Devices That make Security Pros Cringe
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security