Cyber security watchdog issues law firm warning
The National Cyber Security Centre (NCSC), part of GCHQ, yesterday published its first report on the growing cyber threat to the legal profession.
It said that while the primary threat stemmed from cyber criminals with a financial motive, “nation states are likely to play an increasingly significant role in cyber attacks at a global level, to gain strategic and economic advantage.
“There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.”
The NCSC said that, according to Action Fraud, in the two years to March 2018, 18 law firms reported hacking attempts.
“Such attacks tend to be more targeted in nature and are most likely initiated by phishing. They are often the work of more sophisticated cyber actors such as organised crime groups and nation states.”
The NCSC said the most significant cyber threats facing law firms were phishing, data breaches, ransomware, and supply chain compromise.
The report spells out the dangers and steps firms can take to combat them.
On phishing, it said the Solicitors Regulation Authority has publicised 110 scams against law firms so far in 2018, but “there are likely to be many more that go unreported”.
It gave the case study of a “mid-sized law firm with a multi-million pound turnover”, where a senior partner broadcast on social media full details about a business trip to Barcelona.
A criminal gang based overseas used this information to initiate a phishing attack against the firm’s accounts team. An accounts clerk received an email from an account spoofing the senior partner’s email address, instructing her to pay an invoice and imploring confidentiality.
Even though the firm had in place a number of policies and procedures that systemised the payment of invoices, they were able to persuade the accounts team to bend the rules, under the pretext of urgency, confidentiality and seniority.
The criminals also knew that the accounts team were tied up in installing a new accounting package and training on the new system, as a staff member had mentioned it on Facebook. It was at this time that the criminals convinced the clerk to make an authorised payment of £35,000.
The section on ransomware referenced the global attack last year on DLA Piper that caused significant business disruption for a number of weeks and is to date the single biggest cyber attack to ever hit any law firm.
The attack utilised a new variant of the Petya malware (NotPetya) via the software update mechanism of M.E. Doc, a Ukrainian tax program that had been compromised to spread the malware.
The report said the attack appeared to be a ransomware attack; it was later identified as a destructive variant so that the data was encrypted.
DLA Piper was running around 800 applications at the time and went through a process afterwards of building them back up. “Since the attack, the firm has been running a number of programs to enhance security and business resilience.”
Looking to cyber security trends, the report noted the increasing use of artificial intelligence (AI) systems among the large law firms, saying: “AI may help with thwarting future attacks, although may also be used maliciously, for example, to fool AI fraud checks or craft high-quality phishing emails.”
NCSC chief executive Ciaran Martin said: “Like all businesses, law firms are increasingly reliant on IT and technology and, as a result, are falling victim to a range of malicious cyber activity.
“Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.
“The NCSC is committed to supporting the legal sector as part of our role to make the UK the safest place to live and do business online and that’s why we feel it’s extremely important to offer the tailored advice and guidance outlined in this report.”
The report was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
Law Society president Christina Blacklaws said: “In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.
“The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”
To help firms further, the NCSC and industry partners have also launched a legal sector group on the free Cyber Information Sharing Platform.
- REMOTE Penetration Tester - UK. Senior
- United Kingdom
CH7941 Identifier Project REMOTE Penetration Tester - UK. Senior role. Agile, flexible company looking to attract an experienced Penetration Tester that values transparency, creativity and interesting varied work. To join a growing team to deliver varied (Infrastructure, Web application etc) remote penetration testing to an international client base. You must be technically exceptional, able to work remotely / independently and be able to effectively communicate / document / produce written reports. This is a client facing role, so you must be able to represent yourself and the business in the best light. Experience around penetration testing best practice / frameworks highly desired. Manual penetration testing experience highly valued. Any of the following tests / labs are desired, but experience over Pen 200, OSCP, TryHackMe (THM), HackTheBox (HTB), VulnHub, Virtual Hacking Labs (VHL) GIAC Certified Penetration Tester (GPEN) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Offensive Security Certified Professional Certified Penetration Tester (CPT) Certified Expert Penetration Tester (CEPT) Offensive Security Certified Expert (OSCE) CompTIA PenTest+ EC-Council Licensed Penetration Tester Master Certified Mobile and Web Application Penetration Tester (CMWAPT)
- Head of CSOC (Cyber Security Operations Centre), London. Greenfield opportunity
CH7928 Identifier Project Head of CSOC (Cyber Security Operations Centre), London. Greenfield UNIQUE opportunity to establish, manage and grow a world class CSOC. Headquartered in the UK, the CSOC will grow and deliver cyber services into an international and underdeveloped market. As a greenfield site the Head of CSOC will be the first person on the ground to build a capability and team around them. The role will include, but not be limited to; Setting up and establishing a CSOC monitoring service using IBM QRadar and Palo Alto CORTEX XSOAR. Develop roadmap for future CSOC capabilities. Establish, develop processes, playbooks and use cases. Recruit, Build and train a specialist team. Build relationships with key clients- onboard and scale. The successful candidate must have experience working within / leading a technical Cyber Security monitoring capability. Technical experience working with IBM QRadar and Palo Alto CORTEX XSOAR will be highly beneficial, although other SIEM / Security Orchestration, Automation and Response tools are welcome as the skillset is transferable. This brings significant opportunity and welcomes creativity / best practice. Frequent travel to London office will be required. Chris.firstname.lastname@example.org 07884666351
- Aruba Data Centre Network Engineer
- Upto £500 a day
**Outside of IR35 contract** Aruba Data Centre Network engineer is required to start ASAP. You will be responsible for Data Center and Campus Network - Design and implementation of Aruba CX Switches, We are looking for an experienced data centre engineer who is happy to work remotely and autonomously Experience you will need to have, Solid Networking experience with good knowledge of -Routing & Switching - MP-BGP EVPN VXLAN, MPLS/VPLS, EIGRP, BGP, OSPF and Multicast, Experience with Aruba switches ideally the CX range Ideally SC cleared or able to become SC Cleared. This will be a 3 month rolling contract
- Network Engineer-
- 65000 plus bonus
An exciting opportunity has arisen with a global financal business that are looking for an experienced Network engineer with strong Firewall experience in particular Checkpoint You will be responsible for help to support and manage the network infrastructure both LAN/ WAN And VPNs and will have a focus on network secuirty (Checkpoint firewall and Security controls) This is a multi-Site environment with few thousand end users, As the business is growing so is the network so great opportunity to join an expanding business that will help cross-train you in both cloud and onsite solutions. They are looking for a strong network engineer with a mix of expereience o Experience with Azure networking managing VNETs, ExpressRoute, VPNs and other Azure network features such as NSG/MS loadbalancer is required. Working with Check Point firewalls in Azure is desirable. o In-Depth understanding of networking fundamentals including: Network topology, Data Centre Infrastructure systems, Layer 2/Layer 3 Switching, VLANs, Routing, VPNs, High availability protocols. o Demonstrable hands-on experience with Meraki Switches and wireless infrastructure, Arista software, Forcepoint Proxy (would be a strongly desirable), Citrix Netscaler, and Forescout CounterACT Location can be flexible, they are looking for someone who would be happy to do a hybrid working model 3 days at home 2 days in the office.