Money. It all comes down to it. Banks and financial institutions used to be easy targets for cyber criminals, but with improved security in place, they are no longer primary targets.
According to the San Francisco Chronicle, the new favorite targets are law firms. Why? Not only do they have money, but they also sit on a vast collection of confidential and useful information that can be used to make money. Intellectual property, trade secrets, information about new patents – this is all information worth a lot to somebody (usually the competition).
An attorney from a Long Beach law firm tells a story about how his firm got almost swindled out of nearly $200,000. They were contacted by a Hong Kong businessman who requested their help with debt collection from American customers. After a month of preparations and paper-signing, one debtor pops up and sends a cashier’s check in the mentioned amount. The check is deposited in the law firm’s account, the lawyer takes his fee of $10,000 and wires the rest to Hong Kong.
Alarm bells start ringing an hour-and-a-half later: the bank notified the attorney that the check bounced. Swift action from the bank in blocking the wire transfer saves the day – “the hardest 24 hours of my life,” the attorney admits.
Brian Hoffman, an attorney with Fenwick & West LLP, says that such schemes weren’t present six months ago. “A couple of months ago I started seeing them once a week. Now I see them once or twice a day,” he says.
In this case, the cyber criminals’ goal was to get their hands on the money, but the firms are facing a much bigger problem when it comes to the theft of information. Who would trust them ever again if confidential data gets stolen and used? Loss of money belonging to the firm can be concealed from the clients, and money can be earned again. Reputation is a much more fragile and delicate thing.
As with the majority of business or private targets, law firms are usually breached when an employee is tricked into downloading malware. If it goes unnoticed – and sometimes it does, for long periods of time – it can lead to enormous data loss.
The biggest stumbling block for the firms – as identified by Alex Stamos of iSEC Partners – is that “it’s impossible even for the largest law firms to have a dedicated security team that can hold their own against these people.”