Prominent Law Firm Used as Watering Hole to Launch Attack on Energy Sector Targets

Last month we told you lawyers and law firms are prime targets for hackers, and the week before that we told you watering hole attacks show hackers for the cunning predators they are. Well, it looks like at the end of February those two stories collided in the real world, with a law firm that works with the energy sector serving as the watering hole to launch attacks against other industry targets. Today we’ll have a look at how it all came together and some steps you can take to help avoid becoming the source of major headaches in the industries you deal with.

Turning friends into enemies

It all started with hackers compromising the network of a law firm in the UK, Thirty Nine Essex Street, one of the largest and most respected Barrister’s chambers in the country. With their many energy sector associations, hackers knew they would be an excellent conduit to gain access to wide variety of powerful industry targets. The researchers at Zscaler, who studied this particular attack, did not go into many details about how the initial compromise of the law firm took place, but whether it was a successful phishing or spear phishing campaign, which are responsible for a majority of successful intrusions, or launched with an infected USB stick, compromised applications/software, or a variety of other possibilities, once the “watering hole” was under their control, they could leverage the firm’s industry trust and reputation to infect visitors to their site at 39essex[dot]com.

LightsOut for the energy sector?

When visitors went to the compromised site, they would unknowingly be redirected to a third party site which hosted an exploit kit, appropriately named LightsOut because of the industry it was designed to target. The first thing LightsOut does is check the setup of the visitor’s system, like whether or not the user is running Internet Explorer and what version, if Java is installed and running, and even what version of Adobe Reader is installed. Armed with this information, LightsOut determines if the user is a valid target, and if so, utilizes the appropriate exploit designed to deliver the malware payload, in this case, a JAR file which would give the hackers the ability to initiate remote access to the now infected visitor’s system and/or network. By picking and compromising the right site to use as a watering hole, hackers can significantly boost their chances of acquiring access to the industry targets they are after without raising much suspicion.

Lost trust means lost clients

Discretion, confidentiality, privilege - they are all cornerstones of the legal profession. Once it comes to light that any of these vaunted principles have been breached by a cyber attack, the consequences to any victimized law firm can prove dire, especially if your cyber security posture is found to be severely lacking, or your cyber emergency response policies and procedures aren’t up to snuff. This is why having a professional cyber security solutions provider like GDF in your corner at all times is paramount in today’s digital world.

Before, during and after

From regular cyber vulnerability assessments and penetration testing, to proven and effective emergency incident response services, GDF can help you significantly fortify your entire data eco-system, and the earlier we are involved to help protect your valuable digital assets, the more we can do to help you stay safe in the long run. Our security specialists are experts at identifying weaknesses early and offering industry-best solutions to help clients remediate them. From our arsenal of tools designed to weed out and eliminate today’s most sophisticated malware threats from your systems and/or network(s), like our Data Breach Response Toolkit (DBRT), and solutions to help combat dangerous insider threats, like our C-All User Activity Monitor|Recorder, to our unparalleled emergency response services, we can help every step of the way. So even if the unthinkable does happen and you are breached, we can help minimize the costly aftermath, help you maintain or regain client, vendor and investor trust, and help ensure you are on the right side of any regulatory compliance issues you may face.

At GDF, we are constantly looking around the next corner in the world of cyber security, and working with our consultants, we’ll always keep you ready for what we see coming.

Call today!

With Global Digital Forensics, legal professionals can have an invaluable ally, formidable on both the cyber security and eDiscovery fronts. So call us today at 1-800-868-8189 for a free consultation with one of our specialists and let us help to tailor solutions that will satisfy your unique needs.