Queensland law firms are facing increasingly sophisticated attacks from criminals that go beyond typical online threats.
Recent attacks have shown criminals maintaining regular communications with firms by posing as potential clients. Leaving the firms unaware they are falling victim to a social engineering attack.
These attacks are remarkable from typical online threats due to their brazenness and higher level of complexity.
The QLS and the Brisbane Times revealed in December that at least two Queensland firms have suffered actual monetary loss due to these attacks.
Smaller firms are particularly at risk. Unlike larger firms, they often don't have the resources to thoroughly vet potential clients.
How the attack works
- The criminal communicates with the firm as if they were a prospective client.
- As the relationship develops, they ask the firm to review documents. They send what appears to be a "protected" link or attachments. The "protected" documents ask for the firm member's email username and password. From this point, the criminal will have access to those credentials.
- The criminal then discreetly monitors the compromised member's mailbox.
- The criminal then plants new emails in the firm member's mailbox, posing as legitimate emails. These are obviously highly convincing however key elements will be altered. Particularly, bank account details, which will funnel any funds that were destined for legitimate bank accounts into the criminal's account.
- This behaviour may continue until the social engineering attack is detected by the firm.
Tell-tale signs remain a factor in any attack
Despite the unusually direct strategy in this type of attack compared to more common online threats, there are some common elements. At some point the attackers will want a file to be opened or credentials to be provided.
Be highly suspicious of any communication that requests your information or asks you to make an action. Ensure you only enter credentials into portals that you're familiar with or have confirmed to be safe.
If you're uncertain in a similar situation described as above, it is not unreasonable to request the documents in another form, or to have an in-person meeting.
More than funds at risk
Criminals are also trying to attack firms for more than just a quick cash payoff. Commercial information is also at risk. Furthermore, attacks where commercial information is stolen can be more difficult to detect, track and determine loss.
Firms may not realise that critical commercial information may have been compromised for months. Even then, they may not ever have certainty if it was ever actually.
This is a real risk if firm email accounts have been compromised.
Sensitive commercial information can be a target for corporate espionage but also nation-state espionage, as uncovered by ABC News late last year. Chinese hackers have been targeting corporate Australian law firms, though the attack method was not described.
This article was written with assistance from our Systems Engineer Alex Uhde.