Leading industry expert, Darktrace Director of Threat Hunting Max Heinemeyer discusses why the legal sector is becoming one of the most frequently targeted by cyber criminals in the Asia Pacific region.
Asia Pacific has emerged as a hotbed of cyber-threats, with malware, cryptocurrency mining, ransomware and drive-by-download (DBD) attacks rising up to nearly 40% higher than the global average.
Rising cyber-attacks in law firms are partly due to inadequate cyber awareness and preparedness, perhaps in part due to continued reliance on legacy security tools focused only on defending the network perimeter.
Since July 2018, we have identified an increasing number of cyber-attacks targeting law firms. Concerningly, the attacks are emerging not from opportunistic malware, like banking trojans, but threat actors who actively conduct cyber-intrusions, seeking to exfiltrate data from these organisations.
Law firms are actively pursued because their systems contain the sensitive data of many other organisations. The essence of a lawyer’s work involves managing confidential client information.
Firms are privy to a huge variety of valuable data, from tax affairs, to intellectual property. Consequently, law firms’ ability to protect highly-sensitive information is critical; a successful cyber-attack might cause reputational damage resulting in the diminishing of their most valuable asset – clients’ trust.
As an industry, law is structured around sharing revenues among a minimal number of highly qualified professionals. As such, they can rarely employ large IT teams – and even smaller IT security departments. With the increased number of attacks seen in recent years, as well as the added risks of the cloud, and the Internet of
Things, security teams lack the capacity to defend their networks against the sophisticated, machine-speed attacks which characterise today’s threat landscape.
In addition, lawyers often have to research obscure or potentially illegal activities, while communicating and receiving files from third parties. This complicates any attempt to impose and regulate highly restrictive security policies, placing a significant burden on small, overstretched security teams.
Living off the land
Interestingly, the recent surge of targeted attacks against law firms is unified by the methods used. The attacks were all performed using publicly available tools, including: Mimikatz (for credentials dumping), Powershell Empire (for Command & Control communication), Dameware (additional C2/backdoor), and PsExec variants such as the Impacket Python variant of PsExec (for lateral movement).
Perhaps surprisingly, using generic methods against such high-level targets is actually beneficial to the attacker. Adopting mainly publicly available tools, rather than individually crafted malware, makes attribution much harder.
Although some of these tools, such as Mimikatz, have to be downloaded into the environment; the stealthiest, like Dameware or PsExec, are able to use the infrastructure within their environment. Known as ‘living off the land’, these tools are almost undetectable by traditional security approaches, as their malicious activity is designed to blend in with legitimate system administration work.
AI securing the law sector
Cyber-attackers are constantly discovering novel ways of evading rule-based security systems. Attackers ‘living off the land’ are generally too subtly anomalous for humans to identify.
For small security teams, AI technologies are a game changer that can rank genuine threats by their level of deviation from ‘normal’ and alert security teams to genuine threats, resulting in hours saved and a more effective workflow.
One such law firm that has recently recognised the potential of cyber AI to defend sensitive client information is ONC Lawyers, one of Hong Kong’s largest domestic law firms. After recovering from a near-miss cyber-attack almost two years ago, ONC Lawyers revamped its security strategy by deploying our cyber AI platform to autonomously identify and neutralise unpredictable cyber threats before they become fullblown attacks.
ONC Lawyers follows the footsteps of other law firms in the region that have also adopted cyber AI technology including Western Australia’s largest independent law firm Jackson McDonald and Singapore’s Shook Lin & Bok.
The increasing digitisation of intellectual property coupled with the plethora of sensitive data are requiring law firms to achieve advanced security without jeopardising the technological flexibility that modern workplaces require.
Law firms have a lot at stake in the event of a disastrous data breach or if their email servers are used to send fraudulent emails – they face not only significant reputational damage but also a loss of confidentiality, a core tenet that their clients covet.
While no organisation is immune to cyber-attacks in today’s digital age, using multi-factor authentication for email access, ensuring computers and mobile devices stay up to date, and tapping on technologies like AI and machine learning to immediately detect and respond to emerging dangers go a long way towards improving security.