Cyber Threats to Law Firms: Understanding the 2020 Threat Landscape

Cyber security is one of the main concerns for the UK legal sector in 2020. In order for your firm to mitigate risk and maintain operational resiliency, you’ll need to understand the key cyber threats to law firms: who is attacking you, how are you being attacked, and how do you protect yourself?

Law firms are operating in an increasingly hostile digital landscape. Cyber security is now seen by UK law firms as the second greatest challenge behind COVID-19, and it’s not hard to see why – law firms are an attractive target for cybercriminals, who seek to steal the large amounts of money and sensitive client data they hold.

The legal sector’s gradual adoption of cloud-based services has brought a great deal of commercial and operational benefits, but has also increased the attack surfaces through which cybercriminals can target them. And with many lawyers now working remotely in response to the ongoing coronavirus pandemic, cyber threats will remain prevalent – 20 percent of businesses have suffered a breach due to the actions of a remote worker since lockdown was introduced.

2020 has already seen high-profile law firms fall victim to cyber-attack – in May, it was reported that law firm to the stars Grubman Shire Meiselas & Sacks suffered a ransomware attack that caused significant damage and disruption.

In this blog we will explore cyber threats to law firms: who is attacking them, why, and how? And what steps can law firms take to protect themselves from the cyber threats they face?

Who Is Attacking Me, and Why?

The risk of cyber-attack and data breach has never been more prevalent for law firms, and the potential consequences have never been higher. In an industry where trust is everything, the cyber threat to law firms needs to be considered in the context of the reputational damage a data breach could cause. Understanding who is attacking law firms and why is the first step towards mitigating the risks threat actors present.

Like all industries, law firms face a constant threat from cybercriminals.

Who they areCybercriminals
Motivations99 times out of 100, cybercriminals are motivated by financial gain.
Common attack methodsCybercriminals target law firms through the full playbook of cyber-attack methods, including ransomware, phishing emails, denial of service attacks, and sophisticated human persuasion and manipulation. Given their high value as targets, law firms are more likely to be hit with highly personalised attacks that involve a great deal of research and planning by the cybercriminals that launch them.
Real-life exampleIn May 2020, reported that at least seven law firms had been infiltrated by ransomware launched by the Maze and REvil hacker groups. Many of these ransomware attacks used double-extortion – a relatively new attack method that we’ll explain later in this blog.

Law firms hold valuable intellectual property, which can be targeted by insider threats.

Who they areInsider threats
MotivationsCurrent or former employees who attack law firms are often disgruntled, but more often than not their motivation is the same as that of cybercriminals – financial gain.
Common attack methodsEmployees will tend to use less sophisticated attack methods to target law firms. Often their methods are as simple as stealing confidential information from the firm through online storage tools or USB drives.
Real-life exampleIn March 2020, Help Net Security reported that 96% of IT leaders in the legal sector said insider breach risk was a significant concern. These data breaches could include employees sharing data to personal systems, leaking data to competitors, leaking data to cybercriminals, or taking data to a new job.

How Am I Being Attacked?

In 2020, ransomware is one of the most popular cyber-attack methods that cybercriminals use to target law firms. In a typical ransomware attack a target organisation’s network is penetrated by hackers, often by sending a phishing email (a fraudulent email sent by cybercriminals that mimics a legitimate communication from a trusted source, designed to steal information or deliver malware payloads) to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.

The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.

Last year’s Norsk Hydro attack, in which operations at the large aluminium manufacturer ground to a halt when cybercriminals launched a successful ransomware attack on the firm, demonstrated the massive financial and operational impact ransomware can have on businesses, as the firm suffered millions of pounds in lost revenue and several months of operational turmoil. However, a relatively new trend for double-extortion ransomware attacks introduces a significant reputational threat to businesses, too.

Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. In a double-extortion ransomware attack, the attackers threaten to leak stolen data onto the internet. The intention of double-extortion ransomware attacks is to shame target organisations into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.

Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there has been an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.

Cyber Threats to Law Firms: How Do I Protect Myself?

The cyber threat to law firms is real, and it’s getting worse. Cybercriminals are actively targeting UK law firms with phishing emails and double-extortion ransomware attacks, and will continue to do so as long as they remain a successful (and lucrative) attack method. In order to protect your law firm, you need to understand the risks you face. By understanding these risks, you can take steps to address them.

Six Degrees is a trusted cyber security partner to prominent law firms throughout the UK and beyond. We understand the cyber threat to law firms, and we regularly advise our legal clients on the hostile digital landscape in which they operate.

Our whitepaper, Cyber Security for Law Firms, provides an overview of high-profile incidents that have taken place in the past twelve to eighteen months, types of cyber-attack, information on hackers and some examples of how regulatory bodies are focussing on the threat of cyber-attacks.

You can download our new Cyber Intelligence Report that covers the latest trends in ransomware attacks against the legal and accountancy sectors for free here. We’ve also created a handy infographic that provides the information you need to protect your law firm from ransomware attacks.

If you’d like support in enhancing your law firm’s cyber security posture, schedule a call by visiting

Subscribe to the newsletter today