SF Bay Area Law Firms hit by ransomware and hackers

Phishing Attacks Begin Leveraging Legal Threats From Local Law Firms

By far the most convincing email phishing and malware attacks come disguised as your “typical nastygram” from local businesses. These emails have grown in popularity with cyber-criminals. By making minor customizations to these campaigns, these phishing attacks are now being spoofed as though, local organizations are the culprits! These emails notify recipients that he/she is being sued and instructs them to review the following attached files, with a directive to respond within a specific time frame, or penalties will occur… Here’s a look at a recent phishing campaign that peppered more than 100,000 business executives. With the goal of phishing for employee personal information and exploiting data systems, by utilizing a local law firm’s system to send infected data to partners.

In May, two well-known anti-virus firms began detecting compromised files, specifically within Microsoft Word. Emails with attachments were sent with a simple variation of the message below. This exact kit is now being traded alongside others on the “dark web,” therefore we have numerous business names outlined in brackets below.

The original phishing kit included 5 trap Microsoft Word Documents to choose from. None of which would be detected as malicious by many systems today. A few weeks later, when anti-virus scanned these dormant files, nothing would stand-out about the Word Documents.

{Pullman & Assoc. | Wiseman & Assoc.| Steinburg & Assoc. | Swartz & Assoc. | Quartermain & Assoc.} <legal@wpslaw.com>

Hi,

The following {e-mail | mail} is to advise you that you are being charged by the city.

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}.

Please download and read the attached encrypted document carefully.

You have 7 days to reply to this e-mail or we will be forced to step forward with this action.

Note: The password for the document is 123456

These documents would typically include a trojan, that is used to drop additional malware on these business systems. Previous detections of this trojan have been associated with ransomware, enabling the attackers to choose what specific malware to install on what machines As far as phishing kits go, this one is simple, not overly convincing, with customization. But given the right tools, could this threat really have teeth? Legitimate-looking legal threats have a way of making people act before they think.

What makes this scarier for businesses is the fact that this exact phishing kit was also supplied with text files containing over 100,000 business email addresses, to Bay Area, C-level executives, prepare your employees for waves of phishing emails this summer. In May the law-firm spoofed in this scam had a website redirecting to a falsified legal entity, tricky stuff! Unfortunately, the law firm wasn’t aware any of this was happening until one of their own customers called to complain about the phishing emails they were receiving.

As a rule of thumb, never open attachments in emails you were not expecting – When in doubt, toss it out. Sometimes, these things can be legitimate, so research the purposed sender, and reach out through the phone. Resist the urge to respond to these criminals, doing so may encourage further malicious correspondence.

With today’s business’ being connected to technology in so many ways, small oversights leave security backdoors wide-open. It’s these gaps in your security, that allow hackers, the ability to go unnoticed for so long. Not only putting your employees at risk but your clients and reputation. Define your risk, begin securing your information technology by having one of our expert’s review where you stand today.

 

Provide Advanced Security at All Times with Netcentral Secure – Start Your Security Posture Evaluation Today