Cybercriminal Operations

Overview

It has been assessed to be highly likely that financially motivated cybercriminal cartels will pose the greatest threat to the legal industry throughout 2024. This assessment has been made based on organisations within the sector having undergone significant digital transformation, thereby presenting greater attack surfaces for cyber threat actors to target.

Within this context, ransomware operations will likely remain as the top attack vector implemented against law firms due to the abundance of highly confidential and commercially sensitive data, as well as personally identifiable information (PII) that ransomware actors will likely attempt to leverage for extortion. Targeting will likely be intensified by the perceived lack of cyber security awareness amongst the associated workforces.

Finally, it has been assessed to be likely that “hack-for-hire” services offered by private sector offensive actors (PSOAs) will be in demand to conduct offensive operations with the purposes of exfiltrating data that could be leveraged within ongoing legal disputes.

Risk Intelligence Assessment

Due to the potential for successful extortion attempts and the resulting financial gain, it has been assessed that financially motivated cybercriminals will pose a severe risk to the legal sector throughout 2024.

Nation State-Sponsored Campaigns

China

Overview

China-affiliated advanced persistent threat (APT) units pose the greatest nation state-level threat to the legal sector, due to dealings with intellectual property (IP) rights within the litigation process.

Risk Intelligence Assessment

Cybercriminals are attempting to steal IP in alignment with the People’s Republic of China’s (PRC) “Made in China 2025” objectives of advancing its technology. Chinese state-sponsored threat actor groups will therefore pose a substantial risk to the legal sector because IP theft will allow Beijing to compete with the West by introducing innovative products to the marketplace thereby strengthening the Chinese economy.

Russia

Overview

With Moscow-backed cyber operators focusing on sabotaging NATO-based entities in response to their support for Ukraine, it is likely that Russian sponsored offensive operations will spill over into the legal sector with high-profile government bodies, such as the Ministry of Defence, having dedicated legal departments.

Risk Intelligence Assessment

With the potential to sabotage high-profile rival entities, it has been assessed that Russia-affiliated cyber aggression will pose a substantial risk for the legal sector throughout the calendar year.

North Korea

Overview

With a substantial portion of law firms conducting business protocols within wider supply chains, they will likely become exposed to North Korea-aligned cyber aggressions with a primary initial ingress mechanism leveraged by Pyongyang-directed state actors being that of software vulnerabilities.

Risk Intelligence Assessment

Due to the potential for financial gain, it has been assessed that North Korean threat actors will pose a moderate risk to the legal sector throughout 2024.

Iran

Overview

Due to rising tensions, there is a realistic possibility that Iran-affiliated cyber operations launched against Western organisations perceived to be hostile to the regime could spill over into the law sector with a substantial portion of target companies operating in alignment with legal advisors.

Risk Intelligence Assessment

It has been assessed that Tehran-aligned threat actors will pose a moderate risk to the legal sector as the calendar year progresses.

Hacktivist DDoS Attacks

Overview

Intelligence indicates that hacktivist collectives are launching distributed denial-of-service (DDoS) operations against law firms at increasing rates. Legal organisations acting on behalf of clients at odds with hacktivist ideological agendas will likely emerge as targets. Those engaged with energy sector affairs will likely be of particular interest to hacktivist threat actors due to the affiliation with critical national infrastructure (CNI), therefore providing the greatest potential for disruption.

Risk Intelligence Assessment

It has been assessed that ideologically driven hacktivist collectives will pose a moderate risk to the legal sector throughout 2024.

Elections

Overview

Finally, with a packed agenda of political elections scheduled for 2024, nation state-sponsored espionage units will likely launch campaigns with the objective of exfiltrating information that could be leveraged to degrade the reputation of politicians and state officials perceived to be in opposition to sponsoring state agendas. Law firms representing such figures, or their affiliates, will likely be at increased risk of such targeting.

Risk Intelligence Assessment

Sophisticated cyber espionage campaigns will pose a substantial risk to the legal sector throughout the calendar year as nation state-level threat actors will likely seek to sway public opinion by altering the perception of voters that could support electoral candidates perceived to be in opposition to sponsoring state agendas.