Hackers branching out to law firmsReprints
Hackers are moving away from a focus on obtaining personally identifiable information and more towards “soft” targets including law firms.
Last week there were reports that a Russian criminal, Oleras, has been attempting to hire hackers to break into law firms' computer systems so he can trade on insider information.
This, among other developments, have highlighted that hackers have shifted their focus away from personally identifiable information and credit card data, said Tom Ricketts, New York-based senior vice president of Aon's professional services practice,
“It's all about the money” and getting merger & acquisition information, and potentially stock information, so cyber criminals “can play the market and make more money,” said Jerry Irvine, chief information officer at Schaumburg, Illinois-based Prescient Solutions, an information technology outsourcer
Erik Rasmussen, Washington-based associate managing director, cyber security & investigations, for Kroll Associates Inc., said while there is a threat, there is no evidence at this point that Oleras' efforts have been successful.
Mr. Rasmussen said to avoid problems, firms' information technology teams should check their network for malicious activities and the potential ways cyber criminals could engage in phishing. This should include double checking emails coming into the firm and warning clients and employees not to click on emails or answer email from unknown vendors, he said.
There are enterprise-level email filters that can protect firms “but really the best thing is to educate the user,” Mr. Irvine said.
Firms should also consider buying cyber insurance, said Mr. Ricketts, who estimates just 30-35% of law firms purchase stand-alone cyber coverage, which is consistent with cyber insurance coverage penetration as a whole.
Mr. Ricketts said based in part on the publicity concerning Oleras, he anticipates increased interest in the coverage. “It has brought home the importance, the urgency of the situation,” Mr. Ricketts said.
On Monday, the Federal Bureau of Investigation issued a warning about a dramatic rise in the “business email compromise” scam, where cyber criminals spoof company and company official's email, which it said has led to “massive” financial losses in Phoenix and other cities.