Threat actors are finding new ways to bypass multi-factor authentication (MFA) measures, putting law firms at risk of business email compromise or BEC attacks. According to a cybersecurity risk consultancy company, legal companies have been increasingly targeted in recent months by cybercriminal groups specializing in BEC campaigns. The cybersecurity company discovered numerous major advances in recent BEC incidents targeting law firms in addition to recognizing novel MFA evasion methods. The advances include new strategies for delivering phishing emails while remaining unnoticed. The United Kingdom National Cyber Security Centre (NCSC) issued a report warning that law firms are increasingly vulnerable to cyber threats. In the Cyber Threat Report: The United Kingdom Legal Sector, the report reads that cyber criminals, nation states, breaching groups, and threat insiders pose specific risks to law firms that regularly handle highly sensitive information and large funds, and rely on external IT service providers.
Threat Actors Targeting Law Firms with New BEC Tactics
Threat actors have discovered methods to bypass multi-factor authentication, including stealing session cookies and employing advanced phishing techniques, according to the cybersecurity company. The threat actors are pursuing persistent access, which means that a single breach of MFA enables long-term access. Additionally, the threat actors are employing new ways for modifying IP addresses and geolocation data to avoid being detected after breaching law firms’ mailboxes. In terms of phishing improvements, the law firms stated that emails are becoming more complex, making them more difficult to identify as fakes. Along with traditional email attacks. threat actors are targeting more remote-working platforms, including Microsoft Teams, and employing QR codes. The cybersecurity company warns that the consequences of successful BEC attacks include not just reputational damage and financial loss, but also heightened regulatory scrutiny and implications on insurance and professional indemnity premiums upon renewal.
Law Firms in Crosshairs of BEC Attacks
According to a global head of cybersecurity services at a cybersecurity company, law firms are increasingly becoming targets of BEC attacks. The cybercriminals’ ability to bypass MFA and avoid detection is concerning. It serves as a clear warning that traditional defense tactics aren’t enough, and adaptation is essential. The cybersecurity director at the cybersecurity company stated that the surge in targeted email compromise attacks against law firms is a major concern for the legal industry. The threat actors’ evolving tactics, ranging from session cookie theft to more convincing phishing, are putting traditional defenses to the test. To protect their clients, reputation, and bottom line, law firms must emphasize the importance of advanced security measures, detection, and cyber resilience.
With more threat actors utilizing new advanced tactics and techniques, like bypassing MFA, to target numerous industries, including law firms, companies must remain alert to the current threat landscape and educate their employees to detect potential phishing scams and other cyberattacks. Phishing attacks are the most common methods threat actors use to harvest legitimate credentials. SpearTip offers phishing training as mitigation to enhance skills related to defending against these threats. The training tests the discernment of the teams within companies, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in their environment. Our team creates phishing email simulations like those threat actors use and sends them throughout the organization. We provide insight and feedback to improve the cyber defenses of the companies’ teams, leading to a profound decrease in the likelihood of being victimized by phishing scams. After the training, our team provides precise and thorough strategies about how to harden their environment and implement ongoing awareness training.
If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.