Best Lawyers logo
 
Insight

Targeted Cyber Attacks Are Rapidly Increasing in 2019

Targeted cyber attacks, spear-phishing attacks, and ransomware attacks are increasing and could put your business's security on the line.

Cyber Attacks Are Increasing
James L. Pray

James L. Pray

May 22, 2019 10:34 AM

Your company, your vendors and suppliers, and your customers are currently under the biggest wave of cyber attacks that I’ve seen since the internet was created. If you have not noticed this latest wave of attacks, your vendors and customers have or your company may simply not be aware that it has already been attacked.

Along with being a practicing attorney with the BrownWinick law firm, I have managed the firm’s IT department, including its IT security operations. I work on behalf of the firm to maximize its security and to provide legal services to businesses that are under attack. During the past two weeks, I have seen a dramatic increase in calls from clients asking for advice on what to do after falling victim to cyber attacks.

Sophisticated Attacks and "Spear Phishing"

Two new sophisticated attacks have risen to pandemic proportions; both are using spear phishing emails to begin the exploit. The most common attack is launched after the hacker researches potential corporate targets so that a corporate executive will be more likely to click on a link in an email, which will either load malware or steal the executive’s Office 365 log-in credentials. This is known as a spear-phishing attack. The attacking email will likely be from a familiar customer or contact, and will contain information that would fit with the target’s business. Once the hacker obtains those credentials, the hacker modifies the Outlook rules so that their emails are not seen by the actual company officer. The hacker is then free to launch very sophisticated invoice fraud attacks—not only on the company itself but also on both its customers and suppliers. The hacker will impersonate someone with authority to submit fake invoices using the company’s own email system and order the company’s accounting department to wire funds to bank accounts that the hacker controls. The hacker may also send fake invoices to the company’s clients with faked wire instructions. The hacker may also steal vendor and customer information so that the hacker can target those companies for a second round of attacks.

A more sinister attack is to use the stolen credentials to launch a ransomware attack. MegaCortex Ransomware Crypto ransomware appeared globally on May 1 and was aimed at selected companies that would be highly motivated to get back online as quickly as possible. The MegaCortex software is highly sophisticated and attempts to shut down numerous security processes on a system in order to maximize the damage. I reviewed a video of an attack underway I noticed numerous well-known security products that are sent orders by the software to shut down. Because the software launches itself from an exploited corporate account, it is quite possible that as with the invoice fraud attacks, the hackers will obtain customer and vendor information that can be used to launch a second round of attacks.

What Should Your Company Do to Protect Itself?

  • Use two-factor authentication to log onto any company system.
  • Have strong and continuous backups of all company systems.
  • Educate all employees on the dangers of clicking on any link in any email and to be suspicious of any unusual request or email.
  • Install strong security software, hardware, and logging software and hire someone to continuously review the logs.
  • Hire security specialists to install a robust defense against these new generation attacks.
  • Adopt strong IT and HR policies to increase security and employee awareness.
  • If your firewall is four years old, it is likely time to replace it.
  • Consider installing a SIEM to collect and manage security information.
  • Require verbal or in-person approvals of all wire transfers by the company.
  • Require verbal confirmation of any change in address or bank wire information by a vendor.

It is a well-known adage in the IT security field that it is not a matter of whether your company will be hacked, but when. In this current environment, for any company without strong security and support from senior management, that day will be tomorrow, and the next day, and the day after that.

-------------

James Pray is an attorney and member of the BrownWinick Law Firm in Des Moines, Iowa. He also serves as Chief Technology Officer. When he is not working with companies that have suffered data breaches or internet-based thefts, he specializes in assisting clients with environmental compliance matters and renewable energy projects.

Related Articles

Cybersecurity Awareness for Lawyers

by Jordan Donich

Law firms are at an even greater cybersecurity risk as they move more into the digital age of working from home. Here are some methods of attack and ways to reduce and prevent such attacks to your firm.

Cybersecurity Tips for Lawyers and Law Firms

ECIJA on Revolutions in Spanish Information Technology Law

by Best Lawyers

Alejandro Touriño looks at the policy changes impacting information technology law in Spain in this "Law Firm of the Year" interview with Phillip Greer.

ECIJA Information Technology Law Interview

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

An Allied Front Against Ransomware

by Patricia Brown Holmes, John K. Theis, Georgia N. Alexakis and Abigail L. Peluso

With the world ever more digitally entwined—particularly as the pandemic has increasingly driven commerce and ordinary business activity more fully online—the threat of ransomware is here to stay. Here’s a primer on the federal government’s response and how the private sector can help.

Federal Government’s Response to Ransomware

How Russia's Global Policy Is Impacting Mergers and Acquisitions

by Best Lawyers

Alexei Zakharko and Mathieu Fabre-Magnan disscuss how they are preparing for emerging trends in the next couple of years.

An Interview With Dentons Russia

The Future of German Technology

by Best Lawyers

How Germany's Law Firm of the Year in Information Technology is leading the way.

Isabell Conrad Schneider Schiffer Weihermulle

Technology and the Changing IP Climate in Mexico

by Best Lawyers

Roberto Arochi discusses Arochi & Lindner’s 2019 “Law Firm of the Year” award for Intellectual Property Law in Mexico in an interview with Best Lawyers.

Arochi & Lindner "Law Firm of the Year" Q&A

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

Central Intelligence

by Françoise Gilbert

To truly flourish, the smart cities of tomorrow must harness their data—but make sure they are doing so legally, ethically, and securely.

The Next City Will Be Smart

In the News: Georgia

by Nicole Ortiz

A summary of newsworthy content from Colorado lawyers and law firms.

In the News Georgia 2018

Insurance Coverage to Protect the Health Care Industry from the Increasing Risks Associated with the Internet of Things

by Meghan Magruder and Amy Dehnel

While this connectivity can provide great benefits to patients and physicians, the security issues inherent in these devices are critical.

Insurance for Health Care Industry

Virtual Worlds: A Legal Wild West

by Tam Harbert

As these technologies develop and their use becomes more widespread, attorneys expect to encounter novel legal challenges.

Virtual Worlds

Trending Articles

2025 Best Lawyers Awards Announced: Honoring Outstanding Legal Professionals Across the U.S.

by Jennifer Verta

Introducing the 31st edition of The Best Lawyers in America and the fifth edition of Best Lawyers: Ones to Watch in America.

Digital map of the United States illuminated by numerous bright lights.

Unveiling the 2025 Best Lawyers Awards Canada: Celebrating Legal Excellence

by Jennifer Verta

Presenting the 19th edition of The Best Lawyers in Canada and the 4th edition of Best Lawyers: Ones to Watch in Canada.

Digital map of Canadathis on illuminated by numerous bright lights

Discover The Best Lawyers in Spain 2025 Edition

by Jennifer Verta

Highlighting Spain’s leading legal professionals and rising talents.

Flags of Spain, representing Best Lawyers country

Unveiling the 2025 Best Lawyers Editions in Brazil, Mexico, Portugal and South Africa

by Jennifer Verta

Best Lawyers celebrates the finest in law, reaffirming its commitment to the global legal community.

Flags of Brazil, Mexico, Portugal and South Africa, representing Best Lawyers countries

Presenting the 2025 Best Lawyers Editions in Chile, Colombia, Peru and Puerto Rico

by Jennifer Verta

Celebrating top legal professionals in South America and the Caribbean.

Flags of Puerto Rico, Chile, Colombia, and Peru, representing countries featured in the Best Lawyers

Prop 36 California 2024: California’s Path to Stricter Sentencing and Criminal Justice Reform

by Jennifer Verta

Explore how Prop 36 could shape California's sentencing laws and justice reform.

Illustrated Hands Breaking Chains Against a Bright Red Background

Tampa Appeals Court ‘Sends Clear Message,” Ensuring School Tax Referendum Stays on Ballot

by Gregory Sirico

Hillsborough County's tax referendum is back on the 2024 ballot, promising $177 million for schools and empowering residents to decide the future of education.

Graduation cap in air surrounded by pencils and money

Find the Best Lawyers for Your Needs

by Jennifer Verta

Discover how Best Lawyers simplifies the attorney search process.

A focused woman with dark hair wearing a green top and beige blazer, working on a tablet in a dimly

Paramount Hit With NY Class Action Lawsuit Over Mass Layoffs

by Gregory Sirico

Paramount Global faces a class action lawsuit for allegedly violating New York's WARN Act after laying off 300+ employees without proper notice in September.

Animated man in suit being erased with Paramount logo in background

The Human Cost

by Justin Smulison

2 new EU laws aim to reshape global business by enforcing ethical supply chains, focusing on human rights and sustainability

Worker wearing hat stands in field carrying equipment

Introduction to Demand Generation for Law Firms

by Jennifer Verta

Learn the essentials of demand gen for law firms and how these strategies can drive client acquisition, retention, and long-term success.

Illustration of a hand holding a magnet, attracting icons representing individuals towards a central

Social Media for Law Firms: The Essential Beginner’s Guide to Digital Success

by Jennifer Verta

Maximize your law firm’s online impact with social media.

3D pixelated thumbs-up icon in red and orange on a blue and purple background.

ERISA Reaches Its Turning Point

by Bryan Driscoll

ERISA litigation and the laws surrounding are rapidly changing, with companies fundamentally rewriting their business practices.

Beach chair and hat in front of large magnify glass

How Client Testimonials Fuel Client Acquisition for Law Firms

by Nancy Lippincott

Learn how client testimonials boost client acquisition for law firms. Enhance credibility, engage clients and stand out in a competitive legal market.

Woman holding blurb of online reviews

Critical Period

by Armelle Royer and Maryne Gouhier

How the green-energy raw materials chase is rewriting geopolitics

Overhead shot of mineral extraction plant

Best Lawyers Expands With New Artificial Intelligence Practice Area

by Best Lawyers

Best Lawyers introduces Artificial Intelligence Law to recognize attorneys leading the way in AI-related legal issues and innovation.

AI network expanding in front of bookshelf

We use cookies to enhance your browsing experience. By continuing to use our website, you accept our cookies. Read our Cookie Policy to learn more.