Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

FBI Warns of Spear Phishing in Law Firms

December 2, 2009

On November 17th, the FBI posted a warning about spear phishing in law firms. This caught the attention of Alan Cooper, a highly regarded reporter for Virginia Lawyers Weekly. Alan called to interview me about the subject and, by the time I was done, I realized I had verbally composed a pretty interesting blog post.

First, the definition of spear phishing. I know most of my readers will know the definition, but inevitably some readers will not. Regular phishing is when you get one of those silly e-mails telling you that you won a lottery, but you have to enter a lot of personal information to collect it. The goal of phishing is identity theft as a rule.

Spear phishing, however, is targeted. Someone is coming specifically after you with a very customized and personal message. Why law firms? Think about it – law firms hold vast quantities of highly confidential data. According to some experts, the #1 target is merger and acquisition law firms, which makes perfect sense. If you have insider information, you can make a bundle. The information may also provide competitive intelligence.

Another tempting target is litigation firms. Again, information about what evidence a party has, the prospect of settlement and trial strategies could be valuable indeed.

So who is targeting law firms? The U.S. government has indicated that a good bit of spear phishing is coming from China, if not directly from the government, then from state-sponsored groups. There are, of course, plenty of business espionage "malware for hire" types in the darker corners of cyberspace – and the word is that the living is doggone good in those dark corners.

Why target law firms rather than corporations? You had to ask? Most corporations are pretty secure these days and always monitoring their own security systems. Law firms, on the other hand, remain technology dinosaurs. Not all of them, but far too many. The idea of an annual third party security assessment just hasn't taken hold in law firms, as it has in many corporations. And making lawyers abide by security policies? Not bloody likely.

Why are lawyers getting stuck in phishing nets? Because spear phishing can be very clever. The phisherman can spoof the name of a colleague, come up with a subject line pertinent to your area of law and make the message itself conform to the subject. The trick is to get you to open an attachment or click on a hyperlink. Either one will cause the malware payload to download, potentially allowing a peephole into your network.

Shouldn't your anti-virus/anti-malware catch this malware? In theory, yes, if the anti-virus/anti-malware software is of very high quality and religiously updated. But no software catches everything – and you can always be the lucky "first kid on the block" to get a zero day malware for which there is no protection.

Clearly, you should always check out an e-mail that looks suspicious, even a little. If your IT department is sophisticated, they can check for the possibility of malware by looking at the attachment or clicking the URL on a virtual machine configured only to connect to the Internet. If malware is detected, you can return to a previous snapshot of the machine – no harm, no foul. We do this at Sensei for those who don't have IT departments or those who simply prefer to have computer forensics/security specialists deal with potential problems. An analysis of a suspicious e-mail (and attachment or link) is inexpensive and fast.

If you do have good software protection from malware, PAY ATTENTION if you get a message box that says "A program is unexpectedly trying to access the registry – do you wish to allow this?" Probably not. Another frequent message is "A program is trying to send data to an outside source." Once again, your sonar should be tripped.

Right now, opening the message itself is probably safe, but John and I doubt that it will remain safe. We fully expect to see HTML mail carrying the malware payload in the wild fairly soon. And yes, we could tell you how this can be done, but we don't like helping the bad guys, so we'll keep that knowledge to ourselves.

As they used to say on Hill Street Blues, "Be careful out there."

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

FBI Warns of Spear Phishing in Law Firms

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer