Professional services firms targeted by data theft cyberattacks

Holly Waszak, head of cyber claims advocacy at Marsh, stated that insurers are actively engaging with law firms to forewarn them of these escalating threats. The confidential nature of information handled by these firms, including details on M&A deals, trade secrets, and contentious legal matters, makes them attractive to malicious actors.

Groups such as the 'silent ransom' collective, which includes Luna Moth and Chatty Spider, are employing sophisticated phishing tactics. These involve impersonating IT help desk support to trick employees into granting remote access. Once access is gained, the focus is on exfiltrating data immediately, with the intent to extort victims by threatening to leak the stolen client information.

This trend is not new to law firms. In 2023, the firm Allen & Overy was targeted by the LockBit ransomware group. More recently, Stewarts Law reported incidents where criminals impersonated the firm to send fraudulent communications.

Experts emphasize that the focus for firms should shift from preventing attacks to effectively responding to them. Waszak advises developing comprehensive incident response plans that clearly name decision-makers, insurers, forensic providers, external counsel, and PR advisors. These plans should be regularly rehearsed through tabletop exercises to ensure readiness. Furthermore, fostering a strong security culture where employees feel safe to admit mistakes quickly is deemed as important as implementing technical controls, as delayed reporting can allow threat actors to remain undetected on systems for extended periods.