Security News > 2023 > July > Law firms under cyberattack

In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.

"The attacks emanated from two separate threat campaigns. One campaign attempted to infect law firm employees with the GootLoader malware. The other campaign hit law firm employees and other victims with the SocGholish malware," the company revealed.

As the UK National Cyber Security Centre noted in a recent report focusing on cyber threats to the legal sector, law firms handle sensitive client information that cybercriminals may find useful, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice.

Ransomware gangs specifically target law firms to extort money in exchange for allowing the restoration of business operations.

In 2020, the Solicitors Regulation Authority published a cybersecurity review revealing that 30 out of 40 of the law firms they visited have been victims of a cyberattack.

Law firms are targeted by cybercriminals, who seek to exploit vulnerabilities for financial gain; nation states, interested in gathering intelligence or gaining an advantage in geopolitical conflicts; and hacktivists, who aim to disrupt or expose activities they deem unethical.

News URL

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/