The Digital Age Blog

The Federal Bureau of Investigation (FBI) and the Manhattan U.S. attorney’s office are investigating an attack in which hackers accessed the computer networks at U.S. law firms, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, according to a Wall Street Journal report.

An individual familiar with the investigation told the Journal that investigators are looking into whether the hackers accessed the networks for insider trading or other purposes.

It is also likely that employee and client records were accessed in order to facilitate spearphishing and social engineering attacks, said Adam Levin, chairman and founder of IDT911 and author of “Swiped” in comments emailed to SCMagazine.com. “The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain,” he noted.

The attackers have reportedly posted threats of similar attacks against other laws firms.

Darren Hayes, director of cybersecurity at Pace University’s Seidenberg School of Computer Science and Information Systems, noted that law firms have been a target for hackers because they possess large quantities of intellectual property. “The recent slew of attacks on Wall Street law firms is a new phenomenon, but makes sense given their access to sensitive information.”

Seclore Technology CEO Vishal Gupta said in an email to SCMagazine.com that financial institutions and Fortune 500 companies have improved their security preparedness, but he noted that “hackers are finding loopholes – and in this case, it’s through the top US law firms.”

Hayes also acts as a consultant on legal cases involving digital evidence. He said law firms “are not known to generally possess the best network security defenses.”

Forget the hospitals, it now appears that the world’s cyber hyenas have found an endless source of fat and slow moving wildebeests to prey on the digital savanna. Cash “cows” as it were for ransomware attacks.

Can you think of a slower, less well-defended beast with more cash that would be so highly motivated to pay the ransom to protect their reputation?

The ransomware challenge simply cannot be solved by playing defense alone. We need to de-monetize this exploit by either holding the perpetrators at risk of arrest — or disrupting their ability collect the ransom.

No matter what the security-industrial complex technologists try to sell you to allay your fears and let you play a losing rope-a-dope defense a bit longer — the only successful solution is to pursue and challenge these ransomware teams directly.

Criminals are tricking corporate employees into giving them payroll information. Here is how the scam works – and how you can prevent yourself from falling prey to it.

IMAGE: Getty Images

Over the past couple months there have multiple well-publicized cases of criminals tricking corporate employees into giving them payroll information that the crooks then use to commit various crimes: commonly, employees’ identities are stolen and phony tax returns are filed in order to obtain illegal “refunds” of “overpayments,” but thieves continue to find other ways to monetize the data including filing fraudulent unemployment claims.

Here is how the scam works – and how you can prevent yourself (and your business) from falling prey to it.

In the first stage of the attack criminals perform reconnaissance – often checking social media for information that employees have “overshared.” Criminals love it when employees post nonpublic information about some work-related endeavor, for example, because anyone who later claims to be an employee of the company and refers to this information when contacting a real employee will be far more likely to be believed than someone who simply claims to work for the firm but does not know any “insider” information. Criminals also search social media and the Internet in general to find the right “target” employees within the firm whose data they are trying to steal.

After performing reconnaissance, criminals contact their targets – often via a “spear phishing” type email message, but sometimes through other media such as via social media, texting, or telephone. Spear phishing refers to communications targeting a specific intended victim and which impersonates a party whom the receiver is expected to trust. Several recent attacks have involved communications in which the “CEO” or other high level executive of a firm asks an employee with access to payroll information to send him or her the W2s for all employees of the firm; others forms of the attack ask an employee with authorization to make wire transfers to pay some particular party, others may ask the employee to visit some website for some purpose, when, in fact, the site actually installs malware.

Snapchat, Mercy Housing, and Sprouts Farmers Market have all fallen prey to the W2 scam within the last couple months, thereby exposing their employees to all sorts of risks. Other firms have been duped by similar attacks and sent out spreadsheets with personnel information, and the Federal Reserve Bank of New York is believed to have recently issued about $100-Million in fraudulent wire transfer payments as a result of receiving instructions fraudulent to do so.

Here are some ways to help prevent this problem from harming you and your business:

1. Train employees not to overshare on social media and provide them with technology that warns them if they are doing so.

2. Train employees not to respond to email requests for sensitive data without picking up the phone and speaking with the person requesting the data to be sent.

3. Understand — and make sure your employees understand — how phishing works, and why it is a serious problem that is not getting better with time.

4. Train employees to think about the risk level of requests. As Jonathan Sander, Vice President at Lieberman Software, noted, “If a payroll employee wants one W2, then maybe you just let them have it. If that same employee wants all of them all at once, then there should be something that triggers to say this is a different sort of request that deserves more scrutiny.”

5. Utilize encryption – if a sensitive document is sent encrypted, an unauthorized party receiving it will have difficulty opening it. As Brad Bussie, Director of Product Management at STEALTHbits Technologies, phrased it: “As a best practice, personal identifiable information should never be transmitted in an un-encrypted format.” I agree.

6. Use secure email – If a firm has the resources to do so, email security technology can help – but, do not rely on such technology to prevent problems since social engineering can come in through other channels (texting, social media messages, phone calls, etc.), and, sometimes problematic emails can still make it through. Nonetheless, reducing the threat via email can be useful; as Craig Young, Computer Security Researcher at Tripwire, noted “The use of cryptographically signed emails and securely configured mail services with advanced spam filters, sender policy framework (SPF), and DomainKeys Identified Mail (DKIM) configurations can also greatly reduce the likelihood of a successful e-mail scam.” Keep in mind that by reducing the number of problematic emails that reach users, email security technology can cause people to become less vigilant – so make sure to reinforce the need for vigilance via training.

7. Utilize Data Loss Prevention systems – these types of systems can block certain types of files and attachments from going out to external email addresses.

These are just a few ideas to think about, there are several others !!!

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Daily Archives: March 31, 2016

FBI investigating attack against computer networks at U.S. law firms

Do Not Respond To This Kind Of Email. It’s A Scam!

Advertisement

Donate to The Digital Age Blog

Terror Advisory

Recent Posts

Recent Comments

Archives

Categories