Hackers increasingly exploiting vulnerabilities
New research has uncovered more than a million passwords linked to the IT systems of UK law firms on the dark web.
Researchers found that nearly three-quarters (72.2%) of the 5,140 law firms audited had employee username and password combinations that appeared in lists circulating in the darkest corners of the internet.
A total of 1,001,313 passwords were discovered, averaging 195 password combinations per firm or 1.27 per individual staff member.
Atlas Cloud, the IT outfit that conducted the research, warns that cybercriminals could use this information to infiltrate a firm’s IT systems, potentially gaining access to valuable data or intercepting transactions.
Last autumn, before its merger with Shearman, Allen & Overy confirmed that it had “experienced a data incident affecting a small number of storage servers” after reportedly being targeted by a hacking group with ransomware. Similarly, in 2017, Legal Cheek reported that hackers had taken DLA Piper‘s computer systems and phones offline using malicious software.
The latest study identified additional cyber threats, revealing that DMARC — a crucial security measure to prevent domain hijacking — has been implemented by less than half (46.2%) of firms. If a domain is hijacked, it allows criminals to send emails that appear to come directly from the firm, creating numerous opportunities for exploitation, the research warns.
Pete Watson, CEO of Atlas Cloud, said:
“The sheer volume of password combinations available to criminals is a stark reminder of the threat that cyber poses to a firm. You can minimise this risk by applying multi-factor authentication on your systems, which adds an additional one-time authentication token, but criminals have been known to find ways around this too.”
“It’s circumvented by tricking users to do something,” Watson continued. “That means the only true way to eliminate this threat is ensuring everyone representing your firm has a strong awareness of the tactics criminals are using today.”
Separate research from earlier this year reveals that the number of UK law firms reporting cyber attacks has risen sharply, with breaches surging 36% from 166 to 226 in the year ending September 30.