Cybersecurity researchers from eSentire have foiled 10 cyberattacks targeting six different law firms between January and February of 2023. The attacks were part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware.
GootLoader is an access-as-a-service model used by different groups to drop additional malicious payloads on the compromised systems. It has been known to deploy ransomware such as SunCrypt and REvil (Sodinokibi), Kronos trojans, and Cobalt Strike. The attack chain starts with a user searching for specific information in a search engine. Attackers utilize black SEO to display a website infected by GootLoader among the results. The website is presented as an online forum, containing a ZIP archive with a malicious .js file to establish persistence and drop a Cobalt Strike binary.
In another attack, threat actors attempted to infect law firm employees and other business professionals with the SocGholish malware. This JavaScript framework acts as a loader for other malware campaigns, most commonly Cobalt Strike payloads. The malware was distributed by a watering hole attack on a Notary Public’s website frequented by legal firms.
eSentire researchers have successfully prevented the attacks and have warned law firms to be vigilant in protecting their systems from malicious actors.
How to Keep Your Lawfirm Safe from Cyber Attacks
"Cyber security is a huge concern for law firms, and the threat of a cyber-attack has never been higher," says Laurence Banville, a cybersecurity expert from Cyber Sleuth Security’s Garnet Valley office who specializes in cybersecurity for law firms. "It's essential that firms take the necessary steps to protect themselves and their client's data."
When asked what steps he recommends, Banville says, "First and foremost, law firms should have strong passwords and multi-factor authentication in place. They should also regularly update their software and anti-virus programs, as well as implement regular security monitoring and training for their staff."
Banville also stresses the importance of backing up data regularly. "It's essential to back up data and systems on a regular basis to ensure that important information can be recovered in the event of a cyber-attack or data loss," he says.
Finally, Banville recommends that law firms take proactive steps to protect themselves from cyber threats. "Law firms should have a comprehensive cybersecurity policy in place and ensure that all staff are educated on the importance of cybersecurity," he says. "It's also important to monitor for suspicious activity and respond to any potential threats quickly."
Source
Threat actors target law firms with GootLoader and SocGholish malware