Russian Hacker Targets Top Am Law 100 Law Firms
No one is safe from hackers today, at least not in BigLaw. Crain's Chicago Business reports that 48 top Chicago law firms -- many of which are part of the Am Law 100 rankings -- were targeted by a mysterious Russian cybercriminal who operates out of Ukraine. His goal? Top law firms' mergers and acquisitions info. With that sort of inside information, a cybercriminal could do very well for himself.
Another new week, another spate of cyber-criminal activity for firms to prepare against.
Wolf in Sheep's Clothing
The hacker's modus operandi was, in at least one case, a sophisticated phishing attack. The traditional phishing attack strategy relies on a hacker or group of hackers sending out thousands of emails and hooking one or two careless email users. But email scams have become more innocuous looking with time; and some are practically indistinguishable from legitimate emails.
Phishing With Finesse: Fin4
Some of the basics of phishing were set out in FireEye's 2014 phishing report. (It may seem so old now, but it deserves mentioning.) It detailed the methods and means of one of the world's most successful cyberhacking groups known as Fin4. In the report, FireEye outlines Fin4's use of phishing to gain trust in order to obtain M&A information. The group would then play the market with non-public insider information.
To make things worse, Fin4's phishing had the gloss of legitimacy: it's written in "perfect English" uses the proper sounding investment terminology and even warns recipients of shareholder and public disclosure concerns. Ironic.
Could the hackers now targeting law firms have been inspired by Fin4's success?
"Oleras" Is Hiring
The Ukraine-based Russian hacker who is after company mergers and acquisitions information is known as "Oleras" -- and he's hiring. On March 3rd, the FBI released a notification about Oleras and his attempts to recruit other cyber-criminal talent. Law firms are squarely in his crosshairs. The FBI notification did all that they could do: warn us about opening emails carelessly. Oh, and stay insured.
- Cravath Admits Breach as Law Firm Hacks Go Public (The American Lawyer)
- Beware Of Big Hacking In Biglaw (Above the Law)
- Lawyers Must Do More to Protect Cybersecurity (FindLaw's Technologist)
- Are You the Last Lawyer Left Without a Data Breach Plan? (FindLaw's Strategist)
- Does Your Firm Need Cyber Insurance? (FindLaw's Strategist)
Was this helpful?
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.