Law Firms Increasingly Targeted by Cybercriminals

Author Avatar


Posted on December 14, 2021

Want to interview Nick?


Today, virtually every business is fair game for cyberattacks and data breaches. However, law firms are especially attractive targets for cybercrime due to the sensitive nature of their work, which requires them to handle large amounts of highly confidential client data.

In fact, in the case of Panamanian law firm Mossack Fonseca and Company, a data breach became an existential threat. The firm, which at one time was the world’s fourth largest provider of offshore financial services, shut its doors after a data breach revealed that it had helped 140 politicians from 50 countries evade taxes. Governments around the world recovered more than $1 billion using documents the hackers released to journalists. Forbes claims the firm had very weak information security, including running old versions of key software that was riddled with vulnerabilities.

Mossack Fonseca and Company appeared to have been operating on the wrong side of the law and may have deserved to be shut down, but many prestigious white-shoe law firms have also fallen victim to hackers.

Grubman Shire Meiselas & Sacks, a top entertainment law firm, lost an estimated 756 GB of sensitive client information to a cyberattack. The firm’s clients include Barbra Streisand, Lady Gaga, U2, Robert de Niro, Andrew Lloyd Webber and Sony, among many additional A-list firms and stars. The hackers released a portion of one of Madonna’s contracts to prove they had the data and give credibility to their ransom demand. In an interview with Variety, one security analyst characterized the release of Madonna’s information as “the equivalent of a kidnapper sending a pinky finger,” to show they have the goods and are serious about acting on their threats.

Law firms have also been victims of supply chain attacks, as we’ve mentioned in a previous post. One of the top law firms in the world, Jones Day, had many gigabytes of highly confidential data stolen via a breach at file transfer service Accellion. Jones Day refused to pay a ransom, and the hackers published gigabytes of confidential client information on the Dark Web. Members of former US President Donald Trump’s administration and his campaign were among the firm’s clients, although there is no information as to whether their files were stolen.

A 2017 ransomware attack on DLA Piper, one of the largest law firms in the world, crippled the company’s servers and email. The firm detected the malware quickly, before client data was believed to have been compromised. However, operations were severely impacted: Email was down for six days, and older documents were inaccessible for almost two weeks. Insurance industry brokers estimated the firm’s direct and indirect costs were “in the millions.” The firm’s IT department put in 15,000 hours of paid overtime to get back on track.

Why Law Firms?

There are several reasons that law firms are attractive targets for hackers:

  1. They have a treasure trove of sensitive data, which can be dangled for extortion or exploited for personal gain. For example, criminals have hacked into networks of several firms seeking inside information they could leverage for stock market trading.
  2. Confidential client information relating to a major lawsuit could be worth many millions of dollars to the opposite side.
  3. Litigation and legal filing requirements operate under very strict deadlines. Pressure for law firms to have their IT and email systems back up and running quickly is intense – making it more likely that they’d pay ransom rather than risk downtime that might cause important client deadlines to be missed and cases lost.
  4. Law firms often have access to trust accounts with substantial sums of client money as well as to their own business accounts. A phishing campaign netted $580,000 for hackers in Hong Kong when a shareholder in a Pennsylvania law firm fell for the scam. The firm tried to sue their bank, but courts held that the bank was not to blame. A Canadian firm lost over $100,000 to cybercriminals who managed to trick the firm’s bookkeeper into entering her login credentials on a phishing site.
  5. Even the largest law firms are much smaller than large enterprises. As a result, their cyber defenses may be less sophisticated and up to date than their counterparts in other sectors.

Recent Trends in Attacks on Law Firms

As desirable targets, law firms must safeguard their systems and resources against a wide range of attacks:

  1. Zero Day exploits. By definition, Zero Day exploits – new software vulnerabilities for which vendors have not taken corrective or protective action – usually have a short shelf life. Cybercriminals who must decide how to get the greatest returns on these soon-to-be-dealt-with exploits are increasingly choosing law firms as targets of choice.
  2. Data exfiltration targeting case matter. As mentioned above, case matter can be worth many millions of dollars to the opposition in a lawsuit. While most companies and law firms would shy away from buying stolen information, no doubt there are some that would pay dearly for information that could help them win a case worth tens of millions of dollars or more.
  3. Ransomware threats. This isn’t unique to law firms – ransomware is a growing threat to almost every business and organization.
  4. Files with malicious payloads. With law firms receiving countless numbers of documents every day, one loaded with malware may have a better chance of slipping past cyberdefenses than in some other types of firms.
  5. Credential theft and phishing targeting employees. Like ransomware, this is a tactic that threatens all organizations. But per example of the law firm bookkeeper cited above, law firms may have more to lose – for themselves and their clients – than many other organizations.

What Can Law Firms Do to Protect Themselves and Their Clients?

Shifting to a Zero Trust approach to network security should be a no-brainer for lawyers, who know the importance of verifying identities and privileges before bestowing trust.

The old network security model is focused on creating and maintaining a secure perimeter around the company data center. Once a user was verified, they were granted access. Greatest efforts went into protecting the perimeter.

But today, traditional perimeters are largely obsolete. Data and applications may be located partially or entirely in public and private clouds. Users may be working from home, the office or someplace else entirely. Email and always-on browsers add unprecedented permeability and risk to the equation.

Detection-based techniques cannot be relied on to protect against zero day threats and the millions of malicious websites continually spun up at new URLs.

Zero Trust is not a single security product or technique, but rather a global approach that operates on the principle that all traffic is dangerous unless proven otherwise.

A comprehensive Zero Trust platform, such as Ericom Software’s ZTEdge, protects against cyberthreats in numerous ways, including the following:

  • To safeguard organizations against ransomware and other malware delivered via phishing or malicious websites, Remote Browser Isolation (RBI) operates on the assumption that no web content should be trusted. RBI executes all web browsing in an isolated container in the cloud. Only safe, fully interactive rendering data reaches browsers on endpoints.
  • RBI opens unknown or newly created sites in “read only” mode to prevent users from entering credentials on phishing sites.
  • Content Disarm and Reconstruction sanitizes incoming files, disabling any malware in weaponized attachments in the cloud, before downloading files to the user device.
  • Zero Trust Network Access (ZTNA) provides secure, policy-based remote access that is simpler and way more secure than VPN-based approaches.
  • Microsegmentation and least privilege access restrict lateral movement and limit potential risk from breaches or malicious insiders.
  • The solution comes with built-in Identity and Access Management to ensure that users are properly authenticated using techniques like multi-factor authentication (MFA) before being connected to applications and data.


Zero Trust is the state-of-the-art approach for cybersecurity, as indicated by the recent White House executive order requiring US federal government agencies to adopt it, and encouraging the private sector to do so as well.

Law firms are especially attractive cybercrime targets due to the wealth of valuable confidential information they hold, which criminals can exploit in multiple ways. As such, responsible law firms should lead in proactively moving to Zero Trust approaches to cybersecurity with easy-to-implement platforms like the ZTEdge Cloud Security Platform.

Share this on:

Author Avatar

About Nick Kael

A cybersecurity expert with over 20 years of experience in web technologies, architecture, infrastructure, networking and dev environments, Nick is responsible for solution management, technology strategy and technology partnerships. Nick was previously Symantec Group CTO for Global Service Providers, following his tenure as Director of the Chief Architect Team for Channel and Service Providers at Zscaler and an earlier position in the Symantec CTO organization. His certifications include CEH7, CCSK, BCCPP, Bluecoat Blue Knight, MCSE + Security, CCDP, CCNA, CCSA, VTP5 and VTSP5.

Recent Posts

Air Gapping Your Way to Cyber Safety

Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.

Motion Picture Association Updates Cybersecurity Best Practices

The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.

FTC Issues Cybersecurity Warning for QR Codes

QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.