Thursday, July 16, 2015

Which type of law firm is seen as the best candidate to hackers?


Which genre of law that a firm may practice makes a law firm most highly targeted by Advanced Persistent Threat (APT) attacks to their computers?
It's intellectual property.
The motivations are cyber espionage and monetary gain.

An APT attack is a set of stealthy and continuous hacking processes orchestrated by human, targeting a specific entity. In many cases, a law firm.  http://en.wikipedia.org/wiki/Advanced_persistent_threat
This is nothing new. FBI has been warning of "spear phishing" attempts on law firms since 2009.
Only in 2014 did some firms finally seem to become proactive about protecting client's data.

Intellectual property firms maintain trade secrets, pending patents, and merger/acquisition plans.  Details of such information could prove invaluable to competitors, and catastrophic to clients of targeted law firms.

For example, Lunchables spent $25M on market preparedness before launching their product in retail. Hacking the intellectual property law firm which served Lunchables as a client would allow a competitor to steal their trade dress packaging design, begin manufacturing, and capture the market before Lunchables brand could establish distinctiveness or recognition of their product. This would ruin an opportunity for return on their $25M investment.

Merger and acquisition plans could end up intermeddled with or give competitors unfair advantages. Also, insider trading can become an issue that could lead to SEC investigations that would lead back to the leakage at the law firm.

Small IP law firms and large international IP firms alike are both prime candidates for APT attacks. Firms often feel that it either wont happen to them or that the firm cannot afford protection. Fact is, hacking any law firm is very advantageous and profitable based on the motivation. The information that IP firms hold seems to be the strongest motivation thus far.
https://www.aanval.com/docs/Legal_and_Law_Industry_Focus_Solutions_Guide.pdf

I'm Jamal, and I can help. Contact me if you would like to discuss further.