Connect with us

Hi, what are you looking for?


Incident Response

Why Are Law Firms Targeted by Cyberattacks?

Last week The Wall Street Journal reported that two major US law firms had been hacked in the summer of 2015. Why, by whom, and what was stolen is just conjecture.

Last week The Wall Street Journal reported that two major US law firms had been hacked in the summer of 2015. Why, by whom, and what was stolen is just conjecture. The most prevalent view is that it could be hackers seeking information to game the stock exchange–a view possibly started by WSJ’s own comment, “A case last year shows that hackers have gone after sensitive material to fuel illegal trading.” Knowing who is buying what, and what price they are willing to offer, could lead to some very quick and risk-free profits.

The biggest surprise about these hacks, however, is that there is any surprise at all. More than a year ago Bloomberg reported Stewart Baker commenting, “Virtually all of the biggest [law] firms have faced some sort of data breach.”

Since no company can be secure against targeted attacks, there can be no surprise that law firms will be breached once they are targeted. 

Law Firms Targeted by Cyber AttacksLaw firms, quite simply, have not been taking sufficient care. Yoram Golandsky, CEO at Israeli firm CybeRisk, gave an example last October. His firm had been asked to execute a red team attack against a prestigious law firm.

“Long story short,” he wrote, “in less than 48 hours we had full control of the network, all assets including servers and shares, and all of the users’ mail boxes. We managed to do this in three different ways or attack vectors: (1) we broke their WiFi encryption, (2) we used social engineering against the receptionist to run our malware, and (3) we used social engineering against one of the partners where he was convinced to open a malicious file sent via email.”

Golantsky put this in perspective with another example. “We were asked to red team one of the world’s top ten technology companies. It was hard. It took a team of three more than three weeks to get in. We succeeded and found M&A data. But we could have got that very same data in just a couple of hours if we had targeted the lawyers.”

The reality is we can expect more of these law firm hacks; and many of them may never be known. It’s not just random hackers and Chinese companies doing their own form of due diligence. SecurityWeek asked Golantsky if he thought one law firm might target another because of the multi-million dollar fees at stake in modern technology patent cases.

“I guarantee,” he commented, “that is already happening.” It would seem that not all business people play by good business rules. Golandsky explained that he attended what he thought was a standard business inquiry from a well-known and legitimate Russian businessman. He was given a suitcase full of banknotes; and was told that all he had to do was get the Inbox of a competitor. “There are not many talented young hackers who would turn down $100,000 to do what they enjoy doing,” he said.

Advertisement. Scroll to continue reading.

The FBI and the Manhattan U.S. attorney’s office are said to be investigating the incidents at the two firms, named by the WSJ as Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Forty cybersecurity-related M&A deals were announced in January 2023.


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek