2019 eSentire Threat Intelligence Spotlight: Legal Industry

Five years ago, at a major legal technology conference in New York City, the topic of cybersecurity was overshadowed by a sea of document management and billing system vendors. eDiscovery captured the lion’s share of attention. Arguing that law firms must address cyberthreats was like telling attendees that the world was about to be invaded by marauding aliens from another galaxy. Then, like the movie “Independence Day,” cyberthreats arrived and hovered over law firms, preparing for a global assault.

The attack on Wall Street law firms Cravath, Swaine & Moore LLP and Weil, Gotshal & Manges LLP demonstrated how stolen FDA fillings and press releases could be used to make millions of dollars in illegal stock trades. The Paradise Papers and Panama Papers demonstrated that hackers could monetize or weaponize even innocuous tax law files. Ransomware attacks collected a pirate’s bounty in payments, cost a small fortune in lost billable hours and did untold damage to many firms’ reputations. Today, ransoms are morphing into extortion as hackers demand payment to avoid exposure of damaging information. Even nation state actors target law firms, finding it easy to access their lucrative clients or working in retaliation for political actions, as demonstrated in the case studies below.

The risk to law firms is apparent. In October 2018, the American Bar Association (ABA) issued a Formal Opinion, expanding on Rule 1.4. Formal Opinion 483 references a “duty of competence,” an “obligation to monitor for a data breach” and the necessity to “stop the breach” and “determine what occurred.” The duty to competence explicitly references a 2012 modification to Rule 1.1 that obligates law practitioners to understand the risks of the technology they use.

As the nexus of the global economy, the legal community establishes and interprets legislation, shepherds’ mergers and acquisitions, drives patent and files intellectual property claims. This myriad of highly profitable, confidential information ensures law firms will remain a preferred cybercriminal target. In fact, eSentire data shows law firms are one of the top five industries targeted by cybercriminals. Various reporting agencies find similar results with law firms accounting for almost 10 percent of breaches.

As an industry, law firms have improved their overall cybersecurity practices, which has resulted in a lower than average amount of nuisance cyberattacks as compared to other industries such as healthcare, manufacturing and energy. Legal and IT practitioners no longer smirk with disbelief when they hear about elaborate cyberattacks on their counterparts. Now discussions center on ways to reduce risk, advanced measures of performance and bringing all levels of a firm into training, incident simulations and board-level planning.

eSentire’s security analysts are pitted against smash-and-grab thugs, criminal cartels and nation state actors. Every year, eSentire Security Operations Center (SOC) teams analyze billions of indicators of compromise to identify real threats and contain attacks before they disrupt our clients’ businesses. This mission critical data contains a trove of enlightening trends and patterns that can be used to identify top vulnerabilities, popular attack vectors and tradecraft used by cybercriminals.

In law enforcement parlance, “means, motives and opportunities” should frame the tenants of your cybersecurity program. Knowing your adversaries’ capabilities helps focus priorities. Identifying their opportunities flags your security gaps or vulnerabilities. And, of course, knowing their motives highlights what assets they seek and which ones you must protect.

Today we are releasing our inaugural Threat Intelligence Spotlight on the Legal Industry, a report that provides a wealth of information that law firms can leverage to reduce their cyber risk profile. The report explores the most common malware, top vulnerabilities and phishing lures used to infiltrate law firms. As the expression goes: “A wise person gets more use from his enemies than a fool from his friends.” This report provides a focused exploration of the actions of your adversaries, along with actionable recommendations to improve your ability to protect your clients and reputation.

The full report can be downloaded here: https://www.esentire.com/resource-library/2019-legal-threat-report/