Cyberthreats 101: The biggest computer crime risks lawyers face
Malicious software, dubbed malware, is any type of virus or worm that infects a user’s computer. Some of the most common forms are Trojan horses, spyware and ransomware.
Last year, global firm DLA Piper’s network was infected by the WannaCry ransomware. The firm shut down its network as a precaution after its advanced warning system detected suspicious activity. In a statement at the time, the firm said no client data had been breached.
Stark says the company files of a ransomware victim are rarely exfiltrated by hackers. Instead, as with Wicks, the hacker threatens the key will be destroyed or will expire, rendering the kidnapped files forever inaccessible. In many cases, the ransom email is accompanied by a digital clock that counts the minutes and seconds from the deadline—usually 72 hours. When the timer expires, the ransom demand usually goes up until the victim pays. If the victim doesn’t, the data is permanently locked and unrecoverable.
Although only a fraction of ransomware attacks are reported to federal authorities, a report by the Department of Justice says, on average, more than 4,000 ransomware attacks have occurred daily since Jan. 1, 2016. This is a 300 percent increase over the 1,000 attacks per day in 2015.
DENIAL OF SERVICE
In a denial-of-service attack, hackers will flood a website with high levels of traffic, causing the internal and external networks to go down. This type of attack is fairly unusual for law firms, Rasch says. “Firms aren’t time sensitive, unlike an organization like a hospital, which is sensitive to temporary shutdowns,” he says.
“Denial-of-service attacks are inconvenient but don’t have a big business impact for firms,” Westby says.
Web jacking happens when a cybercriminal creates a clone of a legitimate website to trick users into giving the hackers access to their computers.
“It can be a ruse to infect your computer or can be used as part of a ruse to create a legitimacy for another request, thereby allowing the hackers to then log your key strokes and access your passwords,” Stark says.
Web jacking also can take the form of a drive-by campaign, Westby says. “You go to a bank website, for instance, and you log in into the jacked site, and the hackers download a virus that infects your computer.”
There’s a quick way to determine whether a site has been hijacked. If you look at the site’s homepage, it should have a green padlock at the beginning of the URL, indicating that the site is secure. If the padlock is red, it’s a fake site.
Lawyers, who are an extremely mobile bunch, are vulnerable to attack if they use unsecured Wi-Fi connections, says Nelson of Sensei Enterprises.
“Do not use the hotel’s network,” she says. “Lawyers should be using a virtual private network or a secure mobile hot spot.”
She also cautions attorneys to make sure they update their software on a regular basis. “Older versions or outdated software makes it easy for the bad guys to get in,” she says.
Although a lot of breaches are due to human error—clicking on bad emails, not updating software regularly—some are caused by disgruntled employees or employees seeking to enrich themselves by selling a firm’s data or using it for themselves. “Firms can have bad stayers or bad leavers,” Stark says. “In the old days, they would slash the boss’s tires. Today, they steal information or infect the firm’s network with malware.”
In February 2016, a former Fox Rothschild partner was found guilty of insider trading after he bought stock in a client before it merged with another company and later sold the stock for a $75,000 profit. In 2015, Dimitry Braverman, a former senior systems engineer at Wilson Sonsini Goodrich & Rosati, was sentenced to two years in prison after using the firm’s computer system to make illegal trades.
Vendors or contractors who have access to a firm’s database also can pose a risk. “Law firms use a lot of third parties for things like the cloud, e-discovery, billing and research,” Rasch says. “If I’m a contractor and I know what you’re searching for on LexisNexis, I can figure out your strategy.”
Westby of Global Cyber Risk concurs. “Large volumes of email data and e-discovery put firms at a greater risk,” she says. She cites a case she worked on where a firm had given an entire email server to an e-discovery firm to analyze, and one of the employees walked off with all the email data.
Although cyberthreats are constantly evolving, firms can take a number of defensive measures to thwart cybercriminals. Such actions include encrypting emails, backing up data on a separate drive, banning employees from using thumb drives, and regularly updating software. Wicks can attest to the success of adopting some of these measures.
“We got hacked about a month after the first attack, but this time we didn’t lose our information because we now have a more sophisticated backup system and server,” he says.
This article was published in the March 2018 issue of the
This article was published in the March 2018 issue of theABA Journal with the title “Cyberthreats 101: A primer on how lawyers and firms are getting breached and the biggest risks they face.”