Some of the attorneys reading this article have been hacked, but don’t know it yet. Today’s criminals often lurk in your computer for weeks, months, or even years, monitoring your activity, stealing your data—even renting out access to your computer so other hackers can take advantage. This may sound like the stuff of spy novels, but it’s actually a quiet epidemic. According to Verizon’s 2019 Data Breach Investigations Report, “Once they are inside… their process is almost always the same: establish continued access… and exfiltrate the data undetected for as long as possible.”
For attorneys, this is especially bad news. All attorneys—from solo practitioners to partners at large firms to in-house corporate attorneys—have one thing in common: valuable repositories of data. Cybercriminals may not necessarily target you specifically. Perhaps you happened to click on a link in a phishing email or picked a weak password. But once a cybercriminal has access to your computer, they will do everything they can to turn your computer into their source of revenue.
Here are two ways that cybercriminals spy on you and turn your confidential data into their profit.
1. Email Account Takeover
Your email account is a gold mine for hackers. Attorney emails often contain valuable data, such as Social Security numbers, financial details, health information, passwords, and—of course—confidential client correspondence. Many of these details can be sold for cash quickly on the dark web. Your correspondence can also be used later for extortion or political gain. Here are a few things all attorneys should know about email hacks:
Criminals often download your entire mailbox as soon as they break into your account.
That way, even if you change your password or block access, they already have all your emails and can analyze them at their leisure. This can have dire consequences for attorneys and your clients: The moment you discover a hacker has gained access to your email account, there is a good chance that all your correspondence is already out the door.
Criminals monitor and forward your email.
Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment. They may also add a rule in your email account that automatically forwards all your email to a separate account that they control. Make sure to check for these rules if you think your account may have been hacked so that you can remove them.
Your contacts become the next victims.
Criminals often made a point of targeting related accounts, such as your colleagues, clients, or anyone listed in your account as a contact. This may be the first time you realize your account has been hacked—but all too often, it is the hacker’s last step.
How do criminals gain access to your email?
Phishing attacks are a very common method. Criminals set up fake web sites that look just like your email provider, bank, or other common web services. Then, they trick you into visiting it, using email, text, or social media. When you type your password into the fake web site, they capture it and use it to log in to your accounts.
Criminals may also purchase your password on the dark web. There have been so many data breaches that billions of passwords are now available for sale. If your password was stolen in the past, it may be sold to other criminals who will use it to log in to your accounts.
What should you do if your email gets hacked?
Reset your password immediately. If possible, activate two-factor authentication. Make sure to address the potential data breach by calling an experienced forensic examiner right away.
2. Banking Trojans
“Banking Trojans” are a kind of malicious software that was originally designed to steal your bank account password, but today, it is far more dangerous. Modern banking Trojans such as “Emotet” have evolved into sophisticated commercial software utilities, which cybercriminals use to:
- Automatically copy all of your files to the criminals’ servers
- Steal your password as you type it into a web site’s login page
- Capture payment card data as you type it into a web browser
- Copy any passwords that you have stored in your web browser
- Display detailed reports of your computer activity, including your web browsing history, login/logout times, and more
- Remotely login to your computer and manually rifle through your files
- Install any other software they want, including ransomware or other spyware
Criminals lurk in your computer for weeks, if not months, quietly gathering data and monetizing it. When the criminals are ready, they may “nuke” your computer with ransomware or other destructive software, either for fun or profit. Even after you pay a ransom fee, they can remain in your network, gathering data or holding you for ransom again down the road. The average time to detect a data breach is nearly 200 days, according to the Ponemon Institute. Today’s banking Trojans are particularly insidious and include advanced tactics to evade traditional antivirus programs.
How do you get infected with a banking Trojan?
Criminals infect your computer by enticing you to click on a link or open a malicious attachment. When you do, your computer may be infected with malware that monitors your keystrokes or steals your login information when you submit a web form.
The best defense is a good offense.
Don’t wait for an antivirus alert that may never come. Today, the best defense is to hire or outsource “threat hunting,” in which an experienced cybersecurity professional carefully combs your network for the subtle but telltale footprints of a hacker.
Protect Yourself and Your Clients
Here are three steps that you can take to thwart cybercriminals that want to spy on you:
- Think before you click: When you receive an email that prompts you to take an action, such as clicking on a link or opening an attachment, stop and check to make sure that it is legitimate.
- Use two-factor authentication! It’s easy to set up with many providers such as Office365 and Google.
- Take a proactive approach: Engage in threat hunting and similar proactive activities to detect sophisticated malware and minimize your risk.
About the Author
Sherri Davidoff is the CEO of LMG Security and BrightWise, Inc. She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and is the author of an upcoming book, Data Breaches. Contact her on Twitter @sherridavidoff.