Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

BEC Attacks

Chris Swagler | January 31st, 2024


Threat actors are finding new ways to bypass multi-factor authentication (MFA) measures, putting law firms at risk of business email compromise or BEC attacks. According to a cybersecurity risk consultancy company, legal companies have been increasingly targeted in recent months by cybercriminal groups specializing in BEC campaigns. The cybersecurity company discovered numerous major advances in recent BEC incidents targeting law firms in addition to recognizing novel MFA evasion methods. The advances include new strategies for delivering phishing emails while remaining unnoticed. The United Kingdom National Cyber Security Centre (NCSC) issued a report warning that law firms are increasingly vulnerable to cyber threats. In the Cyber Threat Report: The United Kingdom Legal Sector, the report reads that cyber criminals, nation states, breaching groups, and threat insiders pose specific risks to law firms that regularly handle highly sensitive information and large funds, and rely on external IT service providers.

Threat Actors Targeting Law Firms with New BEC Tactics

Threat actors have discovered methods to bypass multi-factor authentication, including stealing session cookies and employing advanced phishing techniques, according to the cybersecurity company. The threat actors are pursuing persistent access, which means that a single breach of MFA enables long-term access. Additionally, the threat actors are employing new ways for modifying IP addresses and geolocation data to avoid being detected after breaching law firms’ mailboxes. In terms of phishing improvements, the law firms stated that emails are becoming more complex, making them more difficult to identify as fakes. Along with traditional email attacks. threat actors are targeting more remote-working platforms, including Microsoft Teams, and employing QR codes. The cybersecurity company warns that the consequences of successful BEC attacks include not just reputational damage and financial loss, but also heightened regulatory scrutiny and implications on insurance and professional indemnity premiums upon renewal.

Law Firms in Crosshairs of BEC Attacks

According to a global head of cybersecurity services at a cybersecurity company, law firms are increasingly becoming targets of BEC attacks. The cybercriminals’ ability to bypass MFA and avoid detection is concerning. It serves as a clear warning that traditional defense tactics aren’t enough, and adaptation is essential. The cybersecurity director at the cybersecurity company stated that the surge in targeted email compromise attacks against law firms is a major concern for the legal industry. The threat actors’ evolving tactics, ranging from session cookie theft to more convincing phishing, are putting traditional defenses to the test. To protect their clients, reputation, and bottom line, law firms must emphasize the importance of advanced security measures, detection, and cyber resilience.

With more threat actors utilizing new advanced tactics and techniques, like bypassing MFA, to target numerous industries, including law firms, companies must remain alert to the current threat landscape and educate their employees to detect potential phishing scams and other cyberattacks. Phishing attacks are the most common methods threat actors use to harvest legitimate credentials. SpearTip offers phishing training as mitigation to enhance skills related to defending against these threats. The training tests the discernment of the teams within companies, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in their environment. Our team creates phishing email simulations like those threat actors use and sends them throughout the organization. We provide insight and feedback to improve the cyber defenses of the companies’ teams, leading to a profound decrease in the likelihood of being victimized by phishing scams. After the training, our team provides precise and thorough strategies about how to harden their environment and implement ongoing awareness training.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

OAuth Apps
Warning About OAuth Apps Used in BEC and Cryptomining Attacks
26 February 2024
Cybercrime Cases
FBI’s Biggest Cybercrime Cases in 2023
21 February 2024
Ransomware Groups
What To Expect From Ransomware Groups in 2024
19 February 2024
Cloud Threat Detection and Response
Improving Cloud Threat Detection and Response in 2024
16 February 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.