Hackers breaching law firms for insider trading info
Two of the most prestigious law firms in the US who are best known for their financial services and corporate practices have had their computer networks compromised by hackers.
According to the WSJ, the FBI is investigation breaches at Cravath Swaine & Moore LLP, and Weil Gotshal & Manges LLP, trying to ascertain whether the attackers managed to access information that could help them with their insider trading efforts.
“The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting ‘international law firm information used to facilitate business ventures,'” Linn Foster Freedman, a litigator with Robinson+Cole who leads the firm’s Data Privacy and Security Team, recently shared.
“According to the FBI ‘[T]he scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information… This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit,'” she noted.
Apparently, a criminal actor has recently posted a job offer on a cyber criminal online forum for hackers who could gain “sustained access to the networks of multiple international law firms.”
According to the WSJ, in February, a post on an underground Russian website was made by an individual looking to get hired for his phishing skills, and in the posting he pointed out specific law firms as potential targets.
The investigation into these attacks has been going on since last year, and the breach at Cravath Swaine & Moore LLP dates back to last summer, so this might be an attack campaign that has been going on for a while.
In the meantime, security firm Flashpoint has also been warning law firms about possible attacks, and information about them has also been propagated through the Financial Services Information Sharing and Analysis Center (FS-ISAC).
“The discovery of these breaches is yet another example of how exposed professional organizations truly are,” says Adam Levin, chairman of IDT911.
“The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain. The FBI is currently investigating to determine whether confidential information was stolen for the purpose of insider trading. Unfortunately, it is equally likely that employee and client records were also accessed,making them prime targets for further spear phishing and social engineering attacks.”
He advises lawyers or staff members who may have been exposed to be hyper-vigilant about monitoring accounts for fraudulent activity.
“They must not click on any links or attachments in emails without confirming the authenticity of the sender, change passwords for potentially compromised accounts and update security programs to protect personal data,” he noted.
“Professional organizations need to acknowledge their constant state of vulnerability and radically change their corporate culture by implementing more sophisticated security protocols, stepping up employee awareness training programs and adopting robust damage control programs that can limit the inevitable fallout from events such as these.”
According to the WSJ, the FBI is investigation breaches at Cravath Swaine & Moore LLP, and Weil Gotshal & Manges LLP, trying to ascertain whether the attackers managed to access information that could help them with their insider trading efforts.
Warnings are sent out
Apparently, other law firms have been targeted as well – so many, in fact, that the FBI sent a warning about the attacks to law firms.“The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting ‘international law firm information used to facilitate business ventures,'” Linn Foster Freedman, a litigator with Robinson+Cole who leads the firm’s Data Privacy and Security Team, recently shared.
“According to the FBI ‘[T]he scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information… This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit,'” she noted.
Apparently, a criminal actor has recently posted a job offer on a cyber criminal online forum for hackers who could gain “sustained access to the networks of multiple international law firms.”
According to the WSJ, in February, a post on an underground Russian website was made by an individual looking to get hired for his phishing skills, and in the posting he pointed out specific law firms as potential targets.
The investigation into these attacks has been going on since last year, and the breach at Cravath Swaine & Moore LLP dates back to last summer, so this might be an attack campaign that has been going on for a while.
In the meantime, security firm Flashpoint has also been warning law firms about possible attacks, and information about them has also been propagated through the Financial Services Information Sharing and Analysis Center (FS-ISAC).
“The discovery of these breaches is yet another example of how exposed professional organizations truly are,” says Adam Levin, chairman of IDT911.
“The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain. The FBI is currently investigating to determine whether confidential information was stolen for the purpose of insider trading. Unfortunately, it is equally likely that employee and client records were also accessed,making them prime targets for further spear phishing and social engineering attacks.”
He advises lawyers or staff members who may have been exposed to be hyper-vigilant about monitoring accounts for fraudulent activity.
“They must not click on any links or attachments in emails without confirming the authenticity of the sender, change passwords for potentially compromised accounts and update security programs to protect personal data,” he noted.
“Professional organizations need to acknowledge their constant state of vulnerability and radically change their corporate culture by implementing more sophisticated security protocols, stepping up employee awareness training programs and adopting robust damage control programs that can limit the inevitable fallout from events such as these.”