Cyber security watchdog issues law firm warning
The National Cyber Security Centre (NCSC), part of GCHQ, yesterday published its first report on the growing cyber threat to the legal profession.
It said that while the primary threat stemmed from cyber criminals with a financial motive, “nation states are likely to play an increasingly significant role in cyber attacks at a global level, to gain strategic and economic advantage.
“There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.”
The NCSC said that, according to Action Fraud, in the two years to March 2018, 18 law firms reported hacking attempts.
“Such attacks tend to be more targeted in nature and are most likely initiated by phishing. They are often the work of more sophisticated cyber actors such as organised crime groups and nation states.”
The NCSC said the most significant cyber threats facing law firms were phishing, data breaches, ransomware, and supply chain compromise.
The report spells out the dangers and steps firms can take to combat them.
On phishing, it said the Solicitors Regulation Authority has publicised 110 scams against law firms so far in 2018, but “there are likely to be many more that go unreported”.
It gave the case study of a “mid-sized law firm with a multi-million pound turnover”, where a senior partner broadcast on social media full details about a business trip to Barcelona.
A criminal gang based overseas used this information to initiate a phishing attack against the firm’s accounts team. An accounts clerk received an email from an account spoofing the senior partner’s email address, instructing her to pay an invoice and imploring confidentiality.
Even though the firm had in place a number of policies and procedures that systemised the payment of invoices, they were able to persuade the accounts team to bend the rules, under the pretext of urgency, confidentiality and seniority.
The criminals also knew that the accounts team were tied up in installing a new accounting package and training on the new system, as a staff member had mentioned it on Facebook. It was at this time that the criminals convinced the clerk to make an authorised payment of £35,000.
The section on ransomware referenced the global attack last year on DLA Piper that caused significant business disruption for a number of weeks and is to date the single biggest cyber attack to ever hit any law firm.
The attack utilised a new variant of the Petya malware (NotPetya) via the software update mechanism of M.E. Doc, a Ukrainian tax program that had been compromised to spread the malware.
The report said the attack appeared to be a ransomware attack; it was later identified as a destructive variant so that the data was encrypted.
DLA Piper was running around 800 applications at the time and went through a process afterwards of building them back up. “Since the attack, the firm has been running a number of programs to enhance security and business resilience.”
Looking to cyber security trends, the report noted the increasing use of artificial intelligence (AI) systems among the large law firms, saying: “AI may help with thwarting future attacks, although may also be used maliciously, for example, to fool AI fraud checks or craft high-quality phishing emails.”
NCSC chief executive Ciaran Martin said: “Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
The report was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Law Society president Christina Blacklaws said: “In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have also launched a legal sector group on the free Cyber Information Sharing Platform.
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.