Malware is a serious threat to organizations and individuals alike, and this is especially true for law firms. In early 2021, two separate malware variants targeted around 6-7 law firms, with the malicious software GootLoader and SoCGholish being discovered by cybersecurity firm eSentire.
These malware families typically involve strategies such as luring employees of law firms into clicking on compromised links via blog posts laced with trending keywords. GootLoader can act as a data stealing toolkit, while SoCGholish can be used to spread additional malevolent payloads, including Cobalt Strike and LockBit Ransomware.
Lawyers and staff of reputed legal service offering firms are warned to be very careful while sieving the internet for information, as malicious actors are using malware laced web-domains to spread malicious tools. Google is playing a part in squashing such threats, issuing 3.8 million browser warnings between January and August 2022.
The 2022 State of Cybersecurity report from ISACA reveals that nearly 69% of organizations in the United States believe their organizations are understaffed to deal with cyber threats. However, 49% of them who took part in the survey claimed to boost their security staff potentials by mid-2023, either by training the current lot or hiring new talent. Netherlands is top in the list of being under prepared from attacks targeting government agencies, especially law firms.
In conclusion, it is important for law firms to be extra vigilant when searching the internet and to take the necessary precautions to protect against cyber threats. Google is playing an important role in helping to identify these threats and organizations are taking steps to increase their security staff. It is also important to be aware of the risk posed by malicious actors in certain countries, such as those in the Netherlands.
Key Points:
• Two new malware variants targeted law firms in early 2021.
• GootLoader and SoCGholish can be used for data stealing and additional malicious payloads.
• Employees of law firms are warned to be extra vigilant when searching the internet.
• Google is providing browser warnings to identify threats.
• Organizations are taking steps to increase their security staff.
• High risk of malicious actors in countries such as the Netherlands.