The Federal Bureau of Investigation (FBI) and the Manhattan U.S. attorney’s office are investigating an attack in which hackers accessed the computer networks at U.S. law firms, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, according to a Wall Street Journal report.
An individual familiar with the investigation told the Journal that investigators are looking into whether the hackers accessed the networks for insider trading or other purposes.
It is also likely that employee and client records were accessed in order to facilitate spearphishing and social engineering attacks, said Adam Levin, chairman and founder of IDT911 and author of “Swiped” in comments emailed to SCMagazine.com. “The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain,” he noted.
The attackers have reportedly posted threats of similar attacks against other laws firms.
Darren Hayes, director of cybersecurity at Pace University’s Seidenberg School of Computer Science and Information Systems, noted that law firms have been a target for hackers because they possess large quantities of intellectual property. “The recent slew of attacks on Wall Street law firms is a new phenomenon, but makes sense given their access to sensitive information.”
Seclore Technology CEO Vishal Gupta said in an email to SCMagazine.com that financial institutions and Fortune 500 companies have improved their security preparedness, but he noted that “hackers are finding loopholes – and in this case, it’s through the top US law firms.”
Hayes also acts as a consultant on legal cases involving digital evidence. He said law firms “are not known to generally possess the best network security defenses.”
Forget the hospitals, it now appears that the world’s cyber hyenas have found an endless source of fat and slow moving wildebeests to prey on the digital savanna. Cash “cows” as it were for ransomware attacks.
Can you think of a slower, less well-defended beast with more cash that would be so highly motivated to pay the ransom to protect their reputation?
The ransomware challenge simply cannot be solved by playing defense alone. We need to de-monetize this exploit by either holding the perpetrators at risk of arrest — or disrupting their ability collect the ransom.
No matter what the security-industrial complex technologists try to sell you to allay your fears and let you play a losing rope-a-dope defense a bit longer — the only successful solution is to pursue and challenge these ransomware teams directly.