Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
For several years law firms have been a key target for hackers seeking to obtain confidential information about initial public offerings, intellectual property and M&A deals, claim cybersecurity consultants, but rarely does word about specific attacks become public.
On March 29,'Crain's Chicago Business reported'that 48 top firms, most of which appear in the Am Law 100 rankings, were targeted recently by a Russian hacker living in Ukraine seeking to trade on M&A information stolen from law firms.
According to Crain's, a cybercriminal named 'Oleras' shared a plan to hack those firms on a cybercriminal forum in an attempt to solicit help from other hackers. The hacker named firms such as Akin Gump Strauss Hauer & Feld, Kirkland & Ellis, Sidley Austin and Sullivan & Cromwell as potential targets, according to the report.
Our ALM sibling Am Law Daily reached out to several of the firms listed by Flashpoint, all of whom either declined to comment or did not answer requests to do so.
A spokeswoman for Seattle-based Flashpoint said that all the information 'has been turned over to authorities, and they're handling the investigation at this time.'
Tom Ricketts, a senior vice president and executive director at Aon Risk Solutions, a unit of insurance brokerage giant Aon plc,'which has helped more than 60 law firms buy cyberinsurance'within the last two years, said this type of incident is not uncommon.
'More firms absolutely must take this incredibly seriously,' said Ricketts, who was not involved in the attempted attack by the so-called Oleras. 'This is a major threat.'
Ricketts said that hackers will typically pose as someone they're not and send e-mails to firm employees and partners that are meant to trick the recipient into handing over their login credentials. The hackers can then peruse their victim's e-mails for information about pending business transactions that a firm's clients are involved in.
Ricketts said these scams, known as phishing attacks, have become increasingly sophisticated. Hackers no longer need to send out thousands of spam e-mails in the hope that one or two careless people will click on a nefarious link. Ricketts said he was involved in an incident recently in which the hacker sent 70 e-mails and got four hits in response.
The security firm FireEye Inc. published a report detailing the methods used by one group, calling itself 'Fin4,' which uses phishing attacks to obtain M&A information. The group's fake e-mails are written in perfect English, use investing terminology and often 'play up shareholder and public disclosure concerns,”the report said.
Of the more than 100 companies targeted by this group, 20% were law firms, according to Milpitas, CA-based FireEye. In some instances, the hackers were able to inject themselves into email threads between company employees.
On March 3, the FBI released a notification about the threat posed by the cybercriminal who was trying to hire other hackers to help gain access to law firms,'Bloomberg Big Law Business reported at the time. The notification advised firms to educate personnel about the threat of cyberattacks and to carefully scrutinize all e-mails, the report said.'
Knowledge of the tools used by hackers often isn't enough. Last year Russian hackers gained access to sensitive U.S. Department of Defense servers through phishing attacks that duped security professionals into clicking on e-mails containing malicious code,'according to a report by CNET, which noted that hackers also found their way into the personal e-mail account of John Brennan, the director of the CIA.
Nell Gluckman writes for The Am Law Daily, an ALM sibling of e-Commerce Law & Strategy. He can be reached at [email protected]. Follow him on Twitter @NellGluckman.
'
'
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.