Law firms holding sensitive data for their clients are the targets of a new round of organized cyberattacks, federal authorities cautioned this week. On Tuesday, the FBI warned that U.S. law firms and public relations firms were being targeted by hackers using “spear phishing” attacks — personalized emails drafted to look like they come from a trusted or reputable source and designed to induce the reader to click an attachment or link that will infect his or her computer with malicious software. “Hackers exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link.”
While the FBI indicates that it may not be possible to flag the emails attacks themselves, system administrators will be able to detect the malware infection once a computer has been compromised:
Once executed, the malicious payload will attempt to download and execute the file ‘srhost.exe’ from the domain ‘http://d.ueopen.com’; e.g. http://d.ueopen.com/srhost.exe. Any traffic associated with ‘ueopen.com’ should be considered as an indication of an existing network compromise and addressed appropriately.
The FBI has asked that firms that have detected a breach direct incident response notifications to the Department of Homeland Security and U.S. CERT.
FBI unit chief Bradford Bleier commented to the Associated Press: “Law firms have a tremendous concentration of really critical, private information,” and infiltrating those computer systems “is a really optimal way to obtain economic, personal and personal security related information.”
Allen Paller, director of research at SANS Institute, told reporters that an attack on a major New York law firm in 2008 has been linked to a group of Chinese hackers. Paller told the AP that the hackers going after law firms, “often target companies that are negotiating a major international deal — anything from seeking a patent on a sensitive new technology to opening a plant in another country.” “The best documents to steal are in the law firm that represents that company.”
As hackers become more organized and strategic, law firms may need to reassess the risks they face in light of the value of the information they manage for their clients.