Best Lawyers logo
 
Insight

Targeted Cyber Attacks Are Rapidly Increasing in 2019

Targeted cyber attacks, spear-phishing attacks, and ransomware attacks are increasing and could put your business's security on the line.

Paper fish in a net with username and password in a blue background
James L. Pray

James L. Pray

May 22, 2019 10:34 AM

Your company, your vendors and suppliers, and your customers are currently under the biggest wave of cyber attacks that I’ve seen since the internet was created. If you have not noticed this latest wave of attacks, your vendors and customers have or your company may simply not be aware that it has already been attacked.

Along with being a practicing attorney with the BrownWinick law firm, I have managed the firm’s IT department, including its IT security operations. I work on behalf of the firm to maximize its security and to provide legal services to businesses that are under attack. During the past two weeks, I have seen a dramatic increase in calls from clients asking for advice on what to do after falling victim to cyber attacks.

Sophisticated Attacks and "Spear Phishing"

Two new sophisticated attacks have risen to pandemic proportions; both are using spear phishing emails to begin the exploit. The most common attack is launched after the hacker researches potential corporate targets so that a corporate executive will be more likely to click on a link in an email, which will either load malware or steal the executive’s Office 365 log-in credentials. This is known as a spear-phishing attack. The attacking email will likely be from a familiar customer or contact, and will contain information that would fit with the target’s business. Once the hacker obtains those credentials, the hacker modifies the Outlook rules so that their emails are not seen by the actual company officer. The hacker is then free to launch very sophisticated invoice fraud attacks—not only on the company itself but also on both its customers and suppliers. The hacker will impersonate someone with authority to submit fake invoices using the company’s own email system and order the company’s accounting department to wire funds to bank accounts that the hacker controls. The hacker may also send fake invoices to the company’s clients with faked wire instructions. The hacker may also steal vendor and customer information so that the hacker can target those companies for a second round of attacks.

A more sinister attack is to use the stolen credentials to launch a ransomware attack. MegaCortex Ransomware Crypto ransomware appeared globally on May 1 and was aimed at selected companies that would be highly motivated to get back online as quickly as possible. The MegaCortex software is highly sophisticated and attempts to shut down numerous security processes on a system in order to maximize the damage. I reviewed a video of an attack underway I noticed numerous well-known security products that are sent orders by the software to shut down. Because the software launches itself from an exploited corporate account, it is quite possible that as with the invoice fraud attacks, the hackers will obtain customer and vendor information that can be used to launch a second round of attacks.

What Should Your Company Do to Protect Itself?

  • Use two-factor authentication to log onto any company system.
  • Have strong and continuous backups of all company systems.
  • Educate all employees on the dangers of clicking on any link in any email and to be suspicious of any unusual request or email.
  • Install strong security software, hardware, and logging software and hire someone to continuously review the logs.
  • Hire security specialists to install a robust defense against these new generation attacks.
  • Adopt strong IT and HR policies to increase security and employee awareness.
  • If your firewall is four years old, it is likely time to replace it.
  • Consider installing a SIEM to collect and manage security information.
  • Require verbal or in-person approvals of all wire transfers by the company.
  • Require verbal confirmation of any change in address or bank wire information by a vendor.

It is a well-known adage in the IT security field that it is not a matter of whether your company will be hacked, but when. In this current environment, for any company without strong security and support from senior management, that day will be tomorrow, and the next day, and the day after that.

-------------

James Pray is an attorney and member of the BrownWinick Law Firm in Des Moines, Iowa. He also serves as Chief Technology Officer. When he is not working with companies that have suffered data breaches or internet-based thefts, he specializes in assisting clients with environmental compliance matters and renewable energy projects.

Related Articles

ECIJA on Revolutions in Spanish Information Technology Law

by Best Lawyers

Alejandro Touriño looks at the policy changes impacting information technology law in Spain in this 2019 "Law Firm of the Year" interview with Phillip Greer.

Close up of hands holding a phone with graphics around it

A Startup Accelerator Program Sets Cuatrecasas Apart

by Best Lawyers

Miguel de Almada and Frederico Bettencourt Ferreira from the Portuguese firm discuss their 2019 "Law Firm of the Year" award for Litigation and Arbitration.

Graphic of court building with Portuguese symbol at the top and a blue dollar icon

Cyber School

by Elizabeth S. Fitch and Theodore M. Schaer

Cybersecurity and the Claims and Litigation Management Alliance’s School of Cyber Claims

One red opened digital file that indicates a data breach on a computer

The Future of Family Law: 3 Top Trends Driving the Field

by Gregory Sirico

How technology, mental health awareness and alternative dispute resolution are transforming family law to better support evolving family dynamics.

Animated child looking at staircase to beach scene

Family Law Wrestles With Ethics as It Embraces Technology

by Michele M. Jochner

Generative AI is revolutionizing family law with far-reaching implications for the practice area.

Microchip above animated head with eyes closed

The Future of Canadian Law. Insights from Best Lawyers: Ones to Watch Honorees

by Jennifer Verta

Emerging leaders in Canada share their perspectives on the challenges and opportunities shaping the future of Canadian law

Digital eye with futuristic overlays, symbolizing legal innovation and technology

"Lawyer of the Year"

Lawyer in suit smiles for professional headshot

Kevin M. Levy

Technology Law

Miami, FL

2025

Tampa Hospital Suffers Recent Data Breach

by Gregory Sirico

Tampa General Hospital, a non-profit research based medical center, suffered a sizeable data breach that put 1.2 million patients' information at risk.

Laptop reading hacked with translucent medical model in foreground

Cybersecurity Awareness for Lawyers

by Jordan Donich

Law firms are at an even greater cybersecurity risk as they move more into the digital age of working from home. Here are some methods of attack and ways to reduce and prevent such attacks to your firm.

Cybersecurity breach and digital lock becoming unlocked on a blue background

Southern California “Lawyer of the Year”

by Best Lawyers

John E. Wehrli is honored as 2022 "Lawyer of the Year" in Biotechnology and Life Science Practice in San Diego.

Photo portrait of John Wehrli

Best Lawyers: A Technology Powerhouse in the Legal Industry

by John Ettorre

Best Lawyers, a legal publishing company, is paving the way in the industry as a tech-first giant.

Woman looking at computer of Best Lawyers website with tech rating at five gold stars

Insuring the Future

by Best Lawyers

Thomas Heitzer discusses how new technology advancements are impacting the insurance realm.

Attorney Thomas Heitzer speaks on Noerr LLP's, 2020 “Law Firm of the Year” recognition

The Future of German Technology

by Best Lawyers

How Germany's 2020 Law Firm of the Year in Information Technology is leading the way.

Black background with lock being unlocked with information symbols protruding from the lock

Breaking Up Is Hard: Antitrust Perspectives on Big Tech

by Douglas C. Ross

As antitrust prosecutors look at “Big Tech,” one size doesn’t fit all

Planning Your Digital Estate Plan

Why Cariola Díez Pérez-Cotapos Developed Its Own Legal Tech

by Best Lawyers

Juan Pablo Matus of Cariola Díez Pérez-Cotapos, 2019 "Law Firm of the Year" award for Corporate and M&A Law in Chile, discusses his firm's joint venture with Cognitiva in creating Lexnova, a legal AI system.

Two small figures on a surface reaching toward a puzzle piece held by a hand above them

Baraona Fischer & Cia on the Changes Coming to Tax Law in Chile

by Best Lawyers

Juan Manuel Baraona of the 2019 "Law Firm of the Year" award-winner for Tax Law in Chile discusses forthcoming regulations, career highlights, and his secrets to success in an interview with Best Lawyers CEO Phillip Greer.

A man in a suit jumping off a platform with the Chilean flag displayed behind him

Trending Articles

The Family Law Loophole That Lets Sex Offenders Parent Kids

by Bryan Driscoll

Is the state's surrogacy framework putting children at risk?

family law surrogacy adoption headline

Algorithmic Exclusion

by Bryan Driscoll

The Workday lawsuit and the future of AI in hiring.

Workday Lawsuit and the Future of AI in Hiring headline

Best Lawyers 2026: Discover the Honorees in Brazil, Mexico, Portugal, South Africa and Spain

by Jamilla Tabbara

A growing international network of recognized legal professionals.

Map highlighting the 2026 Best Lawyers honorees across Brazil, Mexico, Portugal, South Africa and Sp

Unenforceable HOA Rules: What Homeowners Can Do About Illegal HOA Actions

by Bryan Driscoll

Not every HOA rule is legal. Learn how to recognize and fight unenforceable HOA rules that overstep the law.

Wooden model houses connected together representing homeowners associations

Holiday Pay Explained: Federal Rules and Employer Policies

by Bryan Driscoll

Understand how paid holidays work, when employers must follow their policies and when legal guidance may be necessary.

Stack of money wrapped in a festive bow, symbolizing holiday pay

Reddit’s Lawsuit Could Change How Much AI Knows About You

by Justin Smulison

Big AI is battling for its future—your data’s at stake.

Reddit Anthropic Lawsuit headline

Florida Rewrites the Rules on Housing

by Laurie Villanueva

Whether locals like it or not.

Florida Rewrites the Rules on Housing headline

US Tariff Uncertainty Throws Canada Into Legal Purgatory

by Bryan Driscoll

The message is clear: There is no returning to pre-2025 normalcy.

US Tariff Uncertainty Throws Canada Into Legal Purgatory headline

Alimony Explained: Who Qualifies, How It Works and What to Expect

by Bryan Driscoll

A practical guide to understanding alimony, from eligibility to enforcement, for anyone navigating divorce

two figures standing on stacks of coins

UnitedHealth's Twin Legal Storms

by Bryan Driscoll

ERISA failures and shareholder fallout in the wake of a CEO’s death.

United healthcare legal storm ceo murder headline

Can a Green Card Be Revoked?

by Bryan Driscoll

Revocation requires a legal basis, notice and the chance to respond before status can be taken away.

Close-up of a U.S. Permanent Resident Card showing the text 'PERMANENT RESIDENT'

The 2026 Best Lawyers Awards in Chile, Colombia and Puerto Rico

by Jamilla Tabbara

The region’s most highly regarded lawyers.

Map highlighting Chile, Colombia and Puerto Rico for the 2026 Best Lawyers Awards

New Texas Family Laws Transform Navigating Divorce, Custody

by Bryan Driscoll

Reforms are sweeping, philosophically distinct and designed to change the way families operate.

definition of family headline

Why Skechers' $9.4B Private Equity Buyout Sparked Investor Revolt

by Laurie Villanueva

Shareholder anger, a lack of transparency and a 'surprising' valuation.

Skechers shareholder lawsuit headline

What Is the Difference Between a Will and a Living Trust?

by Bryan Driscoll

A practical guide to wills, living trusts and how to choose the right plan for your estate.

Organized folders labeled “Wills” and “Trusts” representing estate planning documents

How Far Back Can the IRS Audit You?

by Bryan Driscoll

Clear answers on IRS statutes of limitations, recordkeeping and what to do if you are under review.

Gloved hand holding a spread of one-hundred-dollar bills near an IRS tax document

By using our website, you consent to our use of cookies. We use essential cookies to enhance your browsing experience. You may opt out of non-essential cookies. Read our Cookie Policy to learn more.