The legal sector is an increasingly targeted industry for cyber attackers. This is due to the sensitive and confidential information that the industry handles, including client data, financial information, and legal documents. This information is highly valuable to cyber attackers, who can use it for financial gain or to carry out other malicious activities. With the increasing use of technology in the legal industry, the risk of cyber-attacks has become even more pronounced.

Common cyber-attacks in the Legal Sector

Statistics show that 25% of all law firms have reported being the victim of a cyber-attack. One in ten of these cyber-attacks resulted in money being stolen.

,Ransomware

Ransomware is often a cyber criminals preferred weapon of choice for a cyber-attack. It is essentially a type of malicious software that encrypts a victim's files and demands payment in exchange for the decryption key. The attacker usually threatens to permanently delete the encrypted files if the ransom is not paid. It is often spread through phishing emails, exploiting vulnerabilities in software, or using malicious software downloads.

It can cause significant harm to individuals and organizations, as it can lead to the loss of important data and disruption of normal operations which is why it is important to regularly backup important files and to keep software up to date to prevent infection.

An example of a ransomware attack on the Legal sector:

• Leaked sensitive law documents found on dark web
• Contact made with law firm that confirms they are subject of ongoing ransomware attack – not reported to law enforcement.
• All regional criminal justice bodies suspend activity.
• Threat of more leaked documents leads to a 5-figure sum paid to criminals and 6 figure sum spent on repairing the network damage.

The significance of the increasing ransomware attacks led National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) to jointly write to the Law Society and the Bar Association. This letter urged them to reinforce the need for cyber resilience in every firm in the UK. The complete letter can be accessed here, and some of its critical points are summarized below.

“It has been suggested to us that a belief persists that payment of a ransom may protect the stolen data and/or result in a lower penalty by the ICO should it undertake an investigation. We would like to be clear that this is not the case.

Law Enforcement does not encourage, endorse nor condone the payment of ransoms. While payments are not usually unlawful, payers should be mindful of how relevant sanctions regimes (particularly those related to Russia) – and their associated public guidance - may change that position. More importantly, payment incentivises further harmful behaviour by malicious actors and does not guarantee decryption of networks or return of stolen data. UK data protection law requires organisations to take appropriate technical and organisational measures to keep personal information secure and to restore information in the event of an information security incident. As regulator, the ICO recognises in setting its response and any penalty level the actions taken to mitigate the risk of harm to individuals involved in a data breach.”

,Business Mandate fraud

Business mandate fraud is another popular cyber-attack in the Legal Sector. It involves a cybercriminal impersonating a senior executive or trusted third-party, such as a lawyer, to trick employees into making fraudulent wire transfers or releasing confidential information. For example:

• Local construction firm are seeking new commercial premises.
• They engage with a local law firm to assist with conveyancing.
• Cybercriminals hack law firm e-mail sever and intercept e-mails.
• Criminals then send the firm false bank details.

Resulting in the victim sending hundreds of thousands of pounds to criminal organised crime group.

It is a simple but effective fraud and is used a lot by cyber criminals as they can easily steal large amounts of money. In the legal sector, business mandate fraud can result in significant financial loss and reputational damage, if confidential client information is released. It is crucial for law firms to be aware of these types of scams and to implement proper security measures to prevent them.

Free Tools to help build your cyber resilience

The NCSC (National Cyber Security Centre) is the UK's leading authority on cyber security. With its advanced technical capabilities and expertise, the NCSC provides valuable insights and practical guidance to businesses and the general public. It is a trusted resource for the most up-to-date cyber security advice.

To make it easier for businesses to access these resources, the ECRC has compiled some of the best resources created by the NCSC, law enforcement agencies, and ECRC. Simply click on the headings for more information.

Non-technical free tools:

Considerations for Legal Firms

The ECRC has created free cyber security considerations for the legal sector that can be viewed here: Business Support Tools | Eastern CRC (ecrcentre.co.uk).

,Cyber Essentials

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network, that will help you put measures in place to protect your organisation, regardless of size or sector, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware, and phishing.

Funded Cyber Essentials Programme

The National Cyber Security Centre has established the Funded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.

The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.

To be eligible, you must be a micro or small business (1 to 49 employees) that offers legal-aid services

Unfortunately, funding for the current financial year has seized.

However, IASME are encouraging eligible Legal Firms to express their interest in obtaining funding for the Funded Cyber Essentials Programme by submitting their contact details on the ISAME website here - Funded Programme - Iasme

More details on the Funded Cyber Essentials Programme for next financial year will be released shortly.

NCSC Cyber Action Plan

Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security. This is a great place to start your resilience journey and quickly identify areas that need improvement.

Incident Response Plan

To help you minimise the impact of a cyber-attack

we have created a Cyber Incident Response Plan for you to use. Create a plan and then use Exercise in a box to test its effectiveness.

Membership with the Eastern Cyber Resilience Centre

Sign up for our free membership and receive our “Little Steps” emails giving easy to understand guidance about steps you need to implement to achieve Cyber Essentials. You can also access our a monthly newsletter, affordable student services and our Forum where you can meet other professionals with the same questions as yourself.

NCSC Board Toolkit

Boards are pivotal in improving the cyber security of their organisations.

The Board Toolkit has been designed to help board members get to grips with cyber security and know what questions they should be asking their technical experts.

Exercise in a Box

These are online tools which helps organisations test and practice their response to a cyber-attack. There are a range of scenarios to encourage discussion about how your company would react, to allow you to understand if the right policies and procedures are in place. If you are not comfortable with running this exercise yourself, your local police protect officer can guide you

through this for free and our affordable student service can conduct a policy review beforehand to ensure you are in the best place.

Chambers Cyber Security

Cyber Security questionnaire to be completed by Chambers to share with Legal Firms (as their clients) to provide assurance about the safety of data shared with Chambers.

NCSC Cyber Security Training for Staff

Your staff are your first line of defence against a cyber-attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices and reporting incidents.

Technical free tools:

Police CyberAlarm

The Police CyberAlarm is useful to help your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It detects and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses.

Early Warning

This is a NCSC service that sends you high level alerts, in daily and weekly summaries, based on your IP and domain names, containing:

• Incident notifications suggesting an active compromise of your system. This might be a host on your network being infected with malware.
• Network Abuse Events suggesting your assets have been associated with malicious or undesirable activity. This might be a client on your network found scanning the internet.
• Vulnerability and Open Port Alerts suggesting vulnerable services running on your network, or undesired applications are exposed to the internet. This might be an exposed Elasticsearch service.

Mail Check

Assesses email security compliance, helping implement anti-spoofing controls (SPF, DKIM and DMARC) and email confidentiality (TLS).

Web Check

Web Check provides regular automatic scan of your website and alerts you to common website security issues and advises on how to fix them. This can be used in conjunction with vulnerability testing by our affordable student services. You might ask what the difference between Web Check and a vulnerability test is. Our vulnerability assessment uses the OWASP methodology which is regularly reviewed for the top ten most common threats to web applications. Students use automated as well as manual tests to investigate the different processes such as looking at what file uploads were permitted.

NCSC Logging Made Easy (LME)

LME helps organisations to install a basic logging capability on their IT estate enabling routine end-to-end monitoring of Windows systems. Logging is crucial if you want to detect and catch cyber attackers. LME can:

• Tell you about software patch levels on enrolled devices.
• Show where administrative commands are being run on enrolled devices.
• See which users are using which machine.
• In conjunction with threat reports, LME allows you to search for the presence of an attacker in the form of Tools, Techniques and Procedures (TTPs)

NCSC Scanning Made Easy

This is a collection of NMAP Scripting Engine Scripts, designed to help system owners and administrators find systems with specific vulnerabilities. The script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. Running this script often and following the linked vendor advice will help to keep your network secure.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.

Our members can benefit from a range of services, from helping you improve your cyber resilience through our “little steps” programme to being notified about the threats relevant to you.

Why not join our community today?

How to report cybercrime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

Policing led – business focused.