Best Lawyers logo
 
Insight

Targeted Cyber Attacks Are Rapidly Increasing in 2019

Targeted cyber attacks, spear-phishing attacks, and ransomware attacks are increasing and could put your business's security on the line.

Paper fish in a net with username and password in a blue background
James L. Pray

James L. Pray

May 22, 2019 10:34 AM

Your company, your vendors and suppliers, and your customers are currently under the biggest wave of cyber attacks that I’ve seen since the internet was created. If you have not noticed this latest wave of attacks, your vendors and customers have or your company may simply not be aware that it has already been attacked.

Along with being a practicing attorney with the BrownWinick law firm, I have managed the firm’s IT department, including its IT security operations. I work on behalf of the firm to maximize its security and to provide legal services to businesses that are under attack. During the past two weeks, I have seen a dramatic increase in calls from clients asking for advice on what to do after falling victim to cyber attacks.

Sophisticated Attacks and "Spear Phishing"

Two new sophisticated attacks have risen to pandemic proportions; both are using spear phishing emails to begin the exploit. The most common attack is launched after the hacker researches potential corporate targets so that a corporate executive will be more likely to click on a link in an email, which will either load malware or steal the executive’s Office 365 log-in credentials. This is known as a spear-phishing attack. The attacking email will likely be from a familiar customer or contact, and will contain information that would fit with the target’s business. Once the hacker obtains those credentials, the hacker modifies the Outlook rules so that their emails are not seen by the actual company officer. The hacker is then free to launch very sophisticated invoice fraud attacks—not only on the company itself but also on both its customers and suppliers. The hacker will impersonate someone with authority to submit fake invoices using the company’s own email system and order the company’s accounting department to wire funds to bank accounts that the hacker controls. The hacker may also send fake invoices to the company’s clients with faked wire instructions. The hacker may also steal vendor and customer information so that the hacker can target those companies for a second round of attacks.

A more sinister attack is to use the stolen credentials to launch a ransomware attack. MegaCortex Ransomware Crypto ransomware appeared globally on May 1 and was aimed at selected companies that would be highly motivated to get back online as quickly as possible. The MegaCortex software is highly sophisticated and attempts to shut down numerous security processes on a system in order to maximize the damage. I reviewed a video of an attack underway I noticed numerous well-known security products that are sent orders by the software to shut down. Because the software launches itself from an exploited corporate account, it is quite possible that as with the invoice fraud attacks, the hackers will obtain customer and vendor information that can be used to launch a second round of attacks.

What Should Your Company Do to Protect Itself?

  • Use two-factor authentication to log onto any company system.
  • Have strong and continuous backups of all company systems.
  • Educate all employees on the dangers of clicking on any link in any email and to be suspicious of any unusual request or email.
  • Install strong security software, hardware, and logging software and hire someone to continuously review the logs.
  • Hire security specialists to install a robust defense against these new generation attacks.
  • Adopt strong IT and HR policies to increase security and employee awareness.
  • If your firewall is four years old, it is likely time to replace it.
  • Consider installing a SIEM to collect and manage security information.
  • Require verbal or in-person approvals of all wire transfers by the company.
  • Require verbal confirmation of any change in address or bank wire information by a vendor.

It is a well-known adage in the IT security field that it is not a matter of whether your company will be hacked, but when. In this current environment, for any company without strong security and support from senior management, that day will be tomorrow, and the next day, and the day after that.

-------------

James Pray is an attorney and member of the BrownWinick Law Firm in Des Moines, Iowa. He also serves as Chief Technology Officer. When he is not working with companies that have suffered data breaches or internet-based thefts, he specializes in assisting clients with environmental compliance matters and renewable energy projects.

Related Articles

Cybersecurity Awareness for Lawyers

by Jordan Donich

Law firms are at an even greater cybersecurity risk as they move more into the digital age of working from home. Here are some methods of attack and ways to reduce and prevent such attacks to your firm.

Cybersecurity breach and digital lock becoming unlocked on a blue background

ECIJA on Revolutions in Spanish Information Technology Law

by Best Lawyers

Alejandro Touriño looks at the policy changes impacting information technology law in Spain in this 2019 "Law Firm of the Year" interview with Phillip Greer.

Close up of hands holding a phone with graphics around it

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

An Allied Front Against Ransomware

by Patricia Brown Holmes, Georgia N. Alexakis, Abigail L. Peluso and John K. Theis

With the world ever more digitally entwined—particularly as the pandemic has increasingly driven commerce and ordinary business activity more fully online—the threat of ransomware is here to stay. Here’s a primer on the federal government’s response and how the private sector can help.

Man holding tablet simulating holographic 3D Fish with a neon blue background

The Future of German Technology

by Best Lawyers

How Germany's 2020 Law Firm of the Year in Information Technology is leading the way.

Black background with lock being unlocked with information symbols protruding from the lock

Technology and the Changing IP Climate in Mexico

by Best Lawyers

Roberto Arochi discusses Arochi & Lindner’s 2019 “Law Firm of the Year” award for Intellectual Property Law in Mexico in an interview with Best Lawyers.

The Mexican flag illuminated behind a glowing light bulb

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Graphic of court building with Portuguese symbol at the top and a blue dollar icon

Central Intelligence

by Françoise Gilbert

To truly flourish, the smart cities of tomorrow must harness their data—but make sure they are doing so legally, ethically, and securely.

Blue background with cartoon city with cars driving and sound symbol

Legal Highlights from Georgia: Noteworthy 2018 Recognitions

by Nicole Ortiz

A summary of newsworthy content from Georgia lawyers and law firms.

A cartoon version of the city of Atlanta, Georgia

Insurance Coverage to Protect the Health Care Industry from the Increasing Risks Associated with the Internet of Things

by Meghan Magruder and Amy Dehnel

While this connectivity can provide great benefits to patients and physicians, the security issues inherent in these devices are critical.

Rendered pixelated man with iPad showing heart with pulse and data with a purple and green tech back

Virtual Worlds: A Legal Wild West

by Tam Harbert

As these technologies develop and their use becomes more widespread, attorneys expect to encounter novel legal challenges.

Animated images appear on the streets of a city one is a cowboy on a horse and the other is Pikachu

Trending Articles

2026 Best Lawyers Awards: Recognizing Legal Talent Across the United States

by Jamilla Tabbara

The 2026 editions highlight the top 5% of U.S. attorneys, showcase emerging practice areas and reveal trends shaping the nation’s legal profession.

Map of the United States represented in The Best Lawyers in America 2026 awards

Gun Rights for Convicted Felons? The DOJ Says It's Time.

by Bryan Driscoll

It's more than an administrative reopening of a long-dormant issue; it's a test of how the law reconciles the right to bear arms with protecting the public.

Firearms application behind jail bars

2026 Best Lawyers Awards in Canada: Marking 20 Years of Excellence

by Jamilla Tabbara

Honoring Canada’s most respected lawyers and spotlighting the next generation shaping the future of law.

Shining Canadian map marking the 2026 Best Lawyers awards coverage

Revealing the 2026 Best Lawyers Awards in Germany, France, Switzerland and Austria

by Jamilla Tabbara

These honors underscore the reach of the Best Lawyers network and its focus on top legal talent.

map of Germany, France, Switzerland and Austria

Best Lawyers 2026: Discover the Honorees in Brazil, Mexico, Portugal, South Africa and Spain

by Jamilla Tabbara

A growing international network of recognized legal professionals.

Map highlighting the 2026 Best Lawyers honorees across Brazil, Mexico, Portugal, South Africa and Sp

How to Sue for Defamation: Costs, Process and What to Expect

by Bryan Driscoll

Learn the legal standards, costs and steps involved when you sue for defamation, including the difference between libel and slander.

Group of people holding papers with speech bubbles above them

Build Your Legal Practice with Effective Online Networking

by Jamilla Tabbara

How thoughtful online networking supports sustained legal practice growth.

Abstract web of connected figures symbolizing online networking among legal professionals

Algorithmic Exclusion

by Bryan Driscoll

The Workday lawsuit and the future of AI in hiring.

Workday Lawsuit and the Future of AI in Hiring headline

Blogging for Law Firms: Turning Content into Client Connections

by Jamilla Tabbara

How law firms use blogs to earn trust and win clients.

Lawyer typing blog content on laptop in office

Reddit’s Lawsuit Could Change How Much AI Knows About You

by Justin Smulison

Big AI is battling for its future—your data’s at stake.

Reddit Anthropic Lawsuit headline

How to Choose a Good Lawyer: Tips, Traits and Questions to Ask

by Laurie Villanueva

A Practical Guide for Your First-Time Hiring a Lawyer

Three professional lawyers walking together and discussing work

The 2026 Best Lawyers Awards in Chile, Colombia and Puerto Rico

by Jamilla Tabbara

The region’s most highly regarded lawyers.

Map highlighting Chile, Colombia and Puerto Rico for the 2026 Best Lawyers Awards

Common-Law Marriage in Indiana: Are You Legally Protected?

by Laurie Villanueva

Understanding cohabitation rights and common-law marriage recognition in Indiana.

Married Indiana couple in their home

Why Jack Dorsey and Elon Musk Want to 'Delete All IP Law'

by Bryan Driscoll

This Isn’t Just a Debate Over How to Pay Creators. It’s a Direct Challenge to Legal Infrastructure.

Elon Musk and Jack Dorsey standing together Infront of the X logo

AI Tools for Lawyers: How Smithy AI Solves Key Challenges

by Jamilla Tabbara

Understand the features and benefits within the Best Lawyers Digital Marketing Platform.

Legal professional editing profile content with Smithy AI

Alimony Explained: Who Qualifies, How It Works and What to Expect

by Bryan Driscoll

A practical guide to understanding alimony, from eligibility to enforcement, for anyone navigating divorce

two figures standing on stacks of coins

By using our website, you consent to our use of cookies. We use essential cookies to enhance your browsing experience. You may opt out of non-essential cookies. Read our Cookie Policy to learn more.