Best Lawyers logo
 
Insight

Targeted Cyber Attacks Are Rapidly Increasing in 2019

Targeted cyber attacks, spear-phishing attacks, and ransomware attacks are increasing and could put your business's security on the line.

Cyber Attacks Are Increasing
James L. Pray

James L. Pray

May 22, 2019 10:34 AM

Your company, your vendors and suppliers, and your customers are currently under the biggest wave of cyber attacks that I’ve seen since the internet was created. If you have not noticed this latest wave of attacks, your vendors and customers have or your company may simply not be aware that it has already been attacked.

Along with being a practicing attorney with the BrownWinick law firm, I have managed the firm’s IT department, including its IT security operations. I work on behalf of the firm to maximize its security and to provide legal services to businesses that are under attack. During the past two weeks, I have seen a dramatic increase in calls from clients asking for advice on what to do after falling victim to cyber attacks.

Sophisticated Attacks and "Spear Phishing"

Two new sophisticated attacks have risen to pandemic proportions; both are using spear phishing emails to begin the exploit. The most common attack is launched after the hacker researches potential corporate targets so that a corporate executive will be more likely to click on a link in an email, which will either load malware or steal the executive’s Office 365 log-in credentials. This is known as a spear-phishing attack. The attacking email will likely be from a familiar customer or contact, and will contain information that would fit with the target’s business. Once the hacker obtains those credentials, the hacker modifies the Outlook rules so that their emails are not seen by the actual company officer. The hacker is then free to launch very sophisticated invoice fraud attacks—not only on the company itself but also on both its customers and suppliers. The hacker will impersonate someone with authority to submit fake invoices using the company’s own email system and order the company’s accounting department to wire funds to bank accounts that the hacker controls. The hacker may also send fake invoices to the company’s clients with faked wire instructions. The hacker may also steal vendor and customer information so that the hacker can target those companies for a second round of attacks.

A more sinister attack is to use the stolen credentials to launch a ransomware attack. MegaCortex Ransomware Crypto ransomware appeared globally on May 1 and was aimed at selected companies that would be highly motivated to get back online as quickly as possible. The MegaCortex software is highly sophisticated and attempts to shut down numerous security processes on a system in order to maximize the damage. I reviewed a video of an attack underway I noticed numerous well-known security products that are sent orders by the software to shut down. Because the software launches itself from an exploited corporate account, it is quite possible that as with the invoice fraud attacks, the hackers will obtain customer and vendor information that can be used to launch a second round of attacks.

What Should Your Company Do to Protect Itself?

  • Use two-factor authentication to log onto any company system.
  • Have strong and continuous backups of all company systems.
  • Educate all employees on the dangers of clicking on any link in any email and to be suspicious of any unusual request or email.
  • Install strong security software, hardware, and logging software and hire someone to continuously review the logs.
  • Hire security specialists to install a robust defense against these new generation attacks.
  • Adopt strong IT and HR policies to increase security and employee awareness.
  • If your firewall is four years old, it is likely time to replace it.
  • Consider installing a SIEM to collect and manage security information.
  • Require verbal or in-person approvals of all wire transfers by the company.
  • Require verbal confirmation of any change in address or bank wire information by a vendor.

It is a well-known adage in the IT security field that it is not a matter of whether your company will be hacked, but when. In this current environment, for any company without strong security and support from senior management, that day will be tomorrow, and the next day, and the day after that.

-------------

James Pray is an attorney and member of the BrownWinick Law Firm in Des Moines, Iowa. He also serves as Chief Technology Officer. When he is not working with companies that have suffered data breaches or internet-based thefts, he specializes in assisting clients with environmental compliance matters and renewable energy projects.

Related Articles

Cybersecurity Awareness for Lawyers

by Jordan Donich

Law firms are at an even greater cybersecurity risk as they move more into the digital age of working from home. Here are some methods of attack and ways to reduce and prevent such attacks to your firm.

Cybersecurity Tips for Lawyers and Law Firms

ECIJA on Revolutions in Spanish Information Technology Law

by Best Lawyers

Alejandro Touriño looks at the policy changes impacting information technology law in Spain in this "Law Firm of the Year" interview with Phillip Greer.

ECIJA Information Technology Law Interview

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

An Allied Front Against Ransomware

by Patricia Brown Holmes, Georgia N. Alexakis, Abigail L. Peluso and John K. Theis

With the world ever more digitally entwined—particularly as the pandemic has increasingly driven commerce and ordinary business activity more fully online—the threat of ransomware is here to stay. Here’s a primer on the federal government’s response and how the private sector can help.

Federal Government’s Response to Ransomware

How Russia's Global Policy Is Impacting Mergers and Acquisitions

by Best Lawyers

Alexei Zakharko and Mathieu Fabre-Magnan disscuss how they are preparing for emerging trends in the next couple of years.

An Interview With Dentons Russia

The Future of German Technology

by Best Lawyers

How Germany's Law Firm of the Year in Information Technology is leading the way.

Isabell Conrad Schneider Schiffer Weihermulle

Technology and the Changing IP Climate in Mexico

by Best Lawyers

Roberto Arochi discusses Arochi & Lindner’s 2019 “Law Firm of the Year” award for Intellectual Property Law in Mexico in an interview with Best Lawyers.

Arochi & Lindner "Law Firm of the Year" Q&A

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Cuatrecasas "Law Firm of the Year"

Central Intelligence

by Françoise Gilbert

To truly flourish, the smart cities of tomorrow must harness their data—but make sure they are doing so legally, ethically, and securely.

The Next City Will Be Smart

In the News: Georgia

by Nicole Ortiz

A summary of newsworthy content from Colorado lawyers and law firms.

In the News Georgia 2018

Insurance Coverage to Protect the Health Care Industry from the Increasing Risks Associated with the Internet of Things

by Meghan Magruder and Amy Dehnel

While this connectivity can provide great benefits to patients and physicians, the security issues inherent in these devices are critical.

Insurance for Health Care Industry

Virtual Worlds: A Legal Wild West

by Tam Harbert

As these technologies develop and their use becomes more widespread, attorneys expect to encounter novel legal challenges.

Virtual Worlds

Trending Articles

Introducing the 2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

by Jennifer Verta

This year’s awards reflect the strength of the Best Lawyers network and its role in elevating legal talent worldwide.

2026 Best Lawyers Awards in Australia, Japan, New Zealand and Singapore

Revealing the 2026 Best Lawyers Awards in Germany, France, Switzerland and Austria

by Jamilla Tabbara

These honors underscore the reach of the Best Lawyers network and its focus on top legal talent.

map of Germany, France, Switzerland and Austria

Effective Communication: A Conversation with Jefferson Fisher

by Jamilla Tabbara

The power of effective communication beyond the law.

Image of Jefferson Fisher and Phillip Greer engaged in a conversation about effective communication

The 2025 Legal Outlook Survey Results Are In

by Jennifer Verta

Discover what Best Lawyers honorees see ahead for the legal industry.

Person standing at a crossroads with multiple intersecting paths and a signpost.

The Best Lawyers Network: Global Recognition with Long-term Value

by Jamilla Tabbara

Learn how Best Lawyers' peer-review process helps recognized lawyers attract more clients and referral opportunities.

Lawyers networking

Jefferson Fisher: The Secrets to Influential Legal Marketing

by Jennifer Verta

How lawyers can apply Jefferson Fisher’s communication and marketing strategies to build trust, attract clients and grow their practice.

Portrait of Jefferson Fisher a legal marketing expert

Is Your Law Firm’s Website Driving Clients Away?

by Jamilla Tabbara

Identify key website issues that may be affecting client engagement and retention.

Phone displaying 'This site cannot be reached' message

A Guide to Workers' Compensation Law for 2025 and Beyond

by Bryan Driscoll

A woman with a laptop screen reflected in her glasses

Best Lawyers Launches CMO Advisory Board

by Jamilla Tabbara

Strategic counsel from legal marketing’s most experienced voices.

Group photo of Best Lawyers CMO Advisory Board members

Common Law Firm Landing Page Problems to Address

by Jamilla Tabbara

Identify key issues on law firm landing pages to improve client engagement and conversion.

Laptop showing law firm landing page analytics

Changes in California Employment Law for 2025

by Laurie Villanueva

What employers need to know to ensure compliance in the coming year and beyond

A pair of hands holding a checklist featuring a generic profile picture and the state of California

New Employment Law Recognizes Extraordinary Stress Is Everyday Reality for NY Lawyers

by Bryan Driscoll

A stressed woman has her head resting on her hands above a laptop

Turn Visitors into Clients with Law Firm Website SEO That Converts

by Jamilla Tabbara

Learn how to create high-converting law firm landing pages that drive client engagement and lead generation.

Laptop screen displaying website tools to improve client conversion rates

Best Lawyers Introduces Smithy AI

by Jamilla Tabbara

Transforming legal content creation for attorneys and firms.

Start using Smithy AI, a content tool by Best Lawyers

SEO for Law Firms: Overcoming Common Challenges

by Jamilla Tabbara

Tackle common SEO challenges and take the next step with our guide, How to Make Your Law Firm Easier to Find Online.

Graphic image of a phone displaying SEO rankings, with positions 1, 2 and 3 on the screen

Medical Malpractice Reform Trends in Texas, Utah, Georgia and SC

by Bryan Driscoll

A fresh wave of medical malpractice reform is reshaping the law.

Medical Malpractice Reform Trends hed

We use cookies to enhance your browsing experience. By continuing to use our website, you accept our cookies. Read our Cookie Policy to learn more.