Learn why the legal industry is such a popular target and what common mistakes can be found at most firms. You'll also discover why it's important to have a plan in case your firm falls victim to a breach.

1. Legal Industry Security
Breaches

2. State of Legal Cyber Affairs
2016 ABA LegalTechnology Survey: 25% of firms with 10-49
Attorneys have experienced a data breach
37% of firms breached experienced downtime / loss of billable
hours
April 2016, Chicago’s top 48 firms targeted for M&A
information
August 2017 California firm Phishing attack results in $500k
loss to fraudulent class action settlement fund
LogicForce Law Firm Survey: 10k NW Intrusions daily, 1k
Invalid Login attempts, 40% unaware of breach
www.accellis.com

3. Targeting the Legal Industry
www.accellis.com

4. ABA
Recognizing
the Risks:
Model Rule 1.1[8]
Understanding Risks
• Benefits and risks associated
associated with relevant
technology
• Model Rule 1.6 [18] –
Reasonable Efforts
• Cost of employing
additional safeguards
• Difficulty of implementing
the safeguards and
• The extent to which the
safeguards adversely affect
the lawyer’s ability to
represent clients
www.accellis.com

5. Legal
Cybersecurity
Threat
Profiles
• Ransomware or Fraud
• Zero Day Attacks / Malware
• Website Spoofing
• Social Engineering
Financial
• Insider trading, extortion, activism
• Stolen / elevated access credentials
• Weak / unpatched computers and networks
• Weak LOB or secondary systems (CMS)
Data /
Information
• Secondary target
• Targeting trusted network / advisors
• Social Engineering / Phishing
• BotNets
Access
• Competitive situation
• Disgruntled employees
• Unfettered data / access
• Cloud storage systems
Insiders
www.accellis.com

6. • Confidential details of offshore accounts for 12 world
leaders and 128 public officials
• 11.5 million confidential documents and 2.6 terabytes of
data were stolen
• Sub domain for accepting payments was the target
• Firm’s main website was aWordPress website running
an outdated/vulnerable version of a plugin called
‘Revolution Slider’ - with same IP address as their mail
server
• Vulnerability exposed admin credentials in plain text
• Website used ALO EasyMail Newsletter plugin for list
management that required access to the email server
• Admin credentials for email server also stored in
Revolution Slider
• Firm only found out through an anonymous tip
• Targeted but not for anything specific – just data
• Criminals never found
www.accellis.com 6
Mossack Fonseca:
The Panama Papers
www.accellis.com

7. Cravath, Swaine &
Moore LLP and Weil,
Gotshal & Manges LLP
• 7 Law firms involved in the cyber attack
• 3 Chinese hackers, Lat Hong, Bo Zheng and Chin Hung,
installed malware targeting mail servers
• Criminals obtained documents relating to proposed
mergers and acquisitions targets involving
• With compromised user credentials, the targeted
partner emails accounts, 1 - hour increments
• In one week alone, able to obtain 10 gigabytes of
information
• Another 5 law firms were targeted with over 100,000
network breach / attack but failed to gain access
• Through a series of deals, officials believe that the trio
made upwards of $4 million in illegal profit through
insider trading
www.accellis.com

8. DLA Piper
• June 27th, DLA Piper was part of global
malware attack known at Petya
• 3,600 lawyers in 40 countries
• Software targeted email and phone
systems
• Petya appears to have started from a
Ukrainian accounting software
• Global network allowed malware to
rapidly spread to office across the globe
• Full shut down appears to have been
precautionary
• Not yet clear why DLA was affected
while other firms in the Ukraine were
not

9. Other Notables…
Oleras—In February 2016, an
alert went out to 46 U.S. law
firms and 2 U.K. law firms that
Ukraine-based hacker Oleras
was advertising phishing
services on a Russian website.
Thirty Nine Essex Street—On
Feb. 24 and 26, 2014, U.K.
Thirty Nine Essex Street was
cyber-attacked. Booz Allen
Hamilton reported attack was
likely Russian state-sponsored
group Energetic Bear.
Trust Account—In December
2012, Toronto-based law firm
was hit with a computer virus,
which stole a six-figure amount
from the firm’s trust account.
Wiley Rein—Also in 2012,
Wiley Rein was hacked, most
likely by Chinese state-
sponsored operatives targeting
information related to
SolarWorld
www.accellis.com

10. Lessons
Learned
• Targeting of Law Firms is big business
• Common mistakes:
• Underused Principle of Least Privilege
• Lack of consistent patching
• Assumption that end-user education is
enough
• Lack of vulnerability testing and
remediation
• Minimal use of encryption
• Visibility in the Network is critical
• Breaches are expected – so is a plan to
handle it
www.accellis.com

11. About Accellis
Technology Group
Specialized IT Services Company providing
• Managed IT Services
• Cybersecurity & Risk Management
• Software Consulting
• Application Development & Integration
Target market: small to mid-sized firms (5-250
users)
Target vertical markets: Legal, financial and non-
profits
20 Employees in Ohio and North Carolina Offices
www.accellis.com