Law firms are not owning up to malware incidents ra2studio
In 2012, the Fried Frank website was subject to a 'watering hole' attack - through which malware is placed on the site and can then infect visitors. But Fried Frank information systems head Steve Lewis has said that the practice's data had 'never been breached and client information has never been compromised'. The site was hosted by an outisde consultancy and it contained no confidential information, he added.
Citigroup included the information in a report which has been written up in the media. The report suggests that there is frustration on the part of banks about the reluctance of law firms to be more open on cyber attacks they experience. The report says: 'Due to the reluctance of most law firms to publicly discuss cyberintrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise.' But the authors of the report expect law firms to remain as targets. It said they would 'continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications'.
Covington & Burling was also mentioned for a 2012 incident when the firm's name was used on fake emails - apparently by a group of Chinese hackers. Two other smaller law firms were also named.
However, Citigroup appears to regret finalising all the contents of the report. A spokeswoman said: 'The analysis relied on and cited previously published reports. We have apologized to several of the parties mentioned for not giving them an opportunity to respond prior to its publication in light of the sensitive nature of the events described.' Source: New York Times