Law practices and lawyers are frequently the targets of cybercrime. There are many different ways in which cyber criminals undertake attacks. Here are some simple explanations of common cyber risks that are everyone should be aware of.
Malware (Malicious software) is any piece of software that is specifically designed to disrupt or damage a computer system. Commonly installed alongside quasi-legitimate software, malware can also be disseminated via email attachments, web browsing and file sharing. Once malware is on the system it can be difficult to detect and remove.
Phishing is a scam where criminals attempt to trick you into giving out sensitive information (like passwords). The scam often takes the form of fake emails that look like they’re from a legitimate organization, like a bank. The emails contain a link to fake website that replicates the real one. From here the criminals steal your information when you enter it, thinking you are on the real website.
Spear phishing is a more sophisticated version of phishing aimed primarily at businesses and organisations. In this exploitation technique the criminal will masquerade as a trusted person, usually someone within the organisation. The criminal will send instructions via a compromised email address seeking the release of confidential information or the transfer of funds.
Whale phishing is a phishing technique that target high worth individuals.
Ransomware is a type of malicious software that infects the victim computer or network. The program blocks you from some or all of your system/data. The program cannot be ‘unlocked’ until a financial figure is paid to the criminals, who then send the victim instructions on how to unlock the data. This is currently a very common exploitation due to its ease of implementation and its ability to extort funds directly from victims.
Web seeding techniques (such as malvertising): This technique seeks to exploit vulnerabilities in frequently visited web sites. The web sites are hacked and used to deliver malicious software through adverts and downloads.
DDoS (Distributed Denial of Services): Whilst not common with smaller entities directly, DDoS is when a service is made unavailable by flooding the target with requests. A DDoS attack is commonly seen taking out large services like email and websites, which has a follow-on effect to smaller entities.
Microsoft Office Macro infections: Cybercriminals are increasingly using Microsoft Office macros, a small program that runs in Microsoft Office applications, to infect a victim’s computer.
For more information on the current state of cyber risks visit the Australian Cyber Security Centre website and download the current ACSC Threat Report.