Despite enormous and increasing resources devoted to combating data breaches, security incidents in the enterprise continue to grow. Hackers are deploying some of the most sophisticated malware attacks ever seen, and law firms are a primary target.
Just last month it was reported that a Toronto-based law firm lost a six figure sum over the holidays after a virus gave hackers backdoor access into a bookkeeper’s computer. The hackers used a Trojan virus, replicating a web page of the law firm’s actual bank, and copying bank account passwords as the bookkeeper typed them in. This allowed the hackers full access to the account, including the ability to wire money to foreign countries shortly after deposits were made.
The level of sophistication of this scam was something never before seen in Ontario, and once again brings to light the vulnerability of law firm security. Legal practitioners need to be aware of what scams are currently making the rounds, to better protect themselves from malicious attacks.
A Trojan Horse gives a hacker unauthorized, remote access to a targeted computer system. A Trojan presents itself as harmless, using gifts or other enticements (e.g. free screensavers) to persuade victims to install it on their computers.
When run, it uploads hidden programs, commands and scripts without the user’s knowledge and consent. Hackers can then steal information, or harm the host computer system. Some well-known operations include electronic money theft, data theft (e.g. retrieving credit card information), modifying files, watching the user’s screen and installing other software, such as third-party malware.
The Toronto-based law firm mentioned above is believed to have been victim of a Trojan horse attack. The bookkeeper may have clicked on a link, opened an email attachment, or downloaded something as mundane as a screen saver from the Internet, which contained a built-in Trojan banker virus.
“Spear phishing” is an email fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing emails appear to come from a trusted source and contain a link or attachment which, when opened, gives the hacker instant access to the recipient’s computer and/or internal network. The email usually contains key information, like sender contact information, or bank details, to make them appear legitimate.
Last year, we reported that a law firm in Virginia fell victim to a spear phishing attack. Hackers infiltrated the firm’s email system, releasing confidential information related to high-profile cases. Law firms are a prime target for security attacks through their email systems, and therefore need to rethink how they exchange confidential digital assets.
Ransomware restricts access to a computer system and demands a ransom to be paid in order for the restriction to be removed. Ransomware typically enters a computer system through a downloaded file (e.g. via email, websites or an infected flash drive). Users may unknowingly install the malware by clicking a link, opening an attachment, or simply visiting a compromised website.
Some forms of Ransomware encrypt files, preventing the owner from accessing them, while others simply lock the computer system. A message is then displayed, coaxing the user to pay a fee for its removal. Multiple ransomware cases have already been reported in Canada, including at least one law firm.
While Ransomware isn’t a new concept, the latest version – known as Reveton – is more sophisticated than most of this malicious software. Reveton instantly locks the infected computer, displaying a message that appears to be from the FBI. The bogus message says the user has violated federal law by downloading child pornography or illegally distributing copyright content. The user must pay a “fine” via a prepaid money card, online payment service or wire transfer in order to unlock the machine. The FBI issued a warning about Reveton in May, 2012. However, it has since spread in both the U.S. and internationally.
Example of Reveton ransomware:
Prevention is the Best Cure
All three scamming techniques present very real risks to law firms. But in order for any of them to succeed, they first require a human error to be made. The bank heist of the Toronto-based law firm only worked because, at some point, someone likely clicked or downloaded something they shouldn’t have…
Law firms can reduce their risk of malware attacks by doing the following:
- Be alert. Holiday distractions and office closures make certain times of year more convenient for hackers.
- Educate firm employees, particularly book keeping staff, on fraud prevention.
- Even if you recognize the email sender, don’t click on a link or attachment unless you can verify it or were expecting it.
- Monitor activities in all bank accounts closely and regularly.
- Contact your bank immediately through a verified number or in person if you have any problems accessing bank accounts online.
- Implement restricted privileges to computer users that will limit their ability to download software without an administrator’s permission.
- Ensure your anti-virus, spyware and firewall protection is updated regularly.
- Identifying the digital assets that are at most risk to intrusion and segregate them to provide additional security.
- If you do experience a security breach, report it immediately to the FBI Cyber Crime Division and Internet Crime Complaint Center. Then call a reputable computer technician for assistance.
- Always have more than one computer backup, which is physically removed from the network, in case this is also compromised. Virtual data rooms are a great option.
Virtual data rooms are a cloud-based secure document sharing solution. Online data rooms comply with the latest industry standards for data security, including SOC2 Type II. Firmex Virtual Data Rooms provide bank-grade data encryption and granular user permissions, to manage and revoke access to critical documents at any time.
Learn more about Firmex for Legal Firms.
Subscribe to Firmex and receive the latest industry insights delivered straight to your inbox.