A leading City law firm has fought off sophisticated cyber attacks within the last fortnight, specialists revealed – ramping up fears that hackers view legal practices as a soft underbelly route to stealing sensitive client information.
The firm – which has not been named – was alerted to what is known as a ‘drive by’ or ‘watering hole’ attack, and was able to prevent a breach of client confidentiality.
But the incident came only a couple of weeks after hackers compromised the web site of a set of barristers’ chambers with the intention again of penetrating leading City law firm systems. Both cases have highlighted the increasing vulnerability of the legal profession to cyber attacks.
According to Tom Burton, business director at BAE Systems Detica and a cyber security specialist, both the law firm and the chambers were targeted by the latest manifestation of hacking techniques.
Until relatively recently, hackers would send Trojan e-mails containing attachments to selected targets. When the attachments were opened, the targets’ computers were infected with malicious software, opening a door that hackers could walk through unnoticed.
However, Burton told The Lawyer: “People are getting more wise to this, and some of the latest generation of firewalls is specifically designed to spot malicious payloads in e-mails”.
As a result, hackers are increasingly deploying so-called watering hole or drive-by attacks. With this technique, hackers partially compromise a web site their target executive or law firm partner is likely to view. As soon as the target browses the site, the computer used is infected and again the hackers can gain unfettered access to confidential information held across the firm’s entire system.
In the most recent case, reported Burton, the compromised site was a legal affairs news outlet, although not that of The Lawyer. Similarly, the chambers’ site was infected with the aim of breaching the computers of senior law firm partners visiting that site.
Top City law firms declined to comment specifically on the detail of these incidents. Although a spokesman for Allen & Overy maintained: “These attacks are a lot more common than people realise. We have full-on systems processes and we’ve been very successful in protecting ourselves’.
A Clifford Chance spokesman was equally bullish: “Every significant attack that has come our way has been caught.”
Detica’s Burton said the legal profession is gradually waking up to the dangers of cyberspace. “Law firms are beginning to treat this more than just a risk that needs to be dealt with. They are beginning to promote the fact that they are dealing with it in a specific way as being a differentiator between them and the competition.”
For more on this read our feature: Cyber security: Lawyers are the weakest link