Cyber threats in the dock: why DNS-based security is the answer for legal firms

27th February 2019


Simon Whitburn
Senior Vice President Cyber Security Services

The UK’s National Cyber Security Centre (NCSC) plays a vital role in improving the cyber security of consumers and businesses. But it also has limited resources to spend on vertical-specific guidance for businesses. That’s why its recent decision to produce a report designed specifically for the legal sector is in itself highly significant: illustrative of the growing cyber threat levels facing the industry. This is true of law firms in the UK, the US and beyond.

With so much sensitive client data at risk, cyber security must be a priority. But the best way IT teams can gain crucial visibility into malicious traffic is by focusing specifically on protection based around the Domain Name System (DNS).

Attacked from all sides

Given that legal firms store large volumes of highly sensitive data on clients, it’s perhaps no surprise that law firms are an increasingly attractive target for hackers. These could be financially motivated cyber criminals, or even nation states looking to steal information which could help to fill the state coffers or give domestic enterprises a competitive advantage.

A global PwC report from 2017 claims that 60% of all law firms had reported an information security incident over the previous year. As more confidential data is deposited online, particularly into cloud systems which can be accessed remotely, the risks increase. These systems are vital to support productivity and meet rising client expectations in what is a highly competitive industry. But they also increase the opportunities for online attackers.

It takes just one misplaced click on a phishing link to potentially download ransomware or information-stealing malware. And law firms are increasingly opening their networks to contractors and other third-parties to support more collaborative working — further expanding the attack surface for hackers.

The key threats facing the sector can be roughly defined as:

Phishing: Targeting users with messages designed to get them to click on a malicious link, open a malware-laden attachment or else voluntarily hand over their log-in details.

Ransomware: While law firms may not be a major target in their own right, they could be unwitting collateral damage in larger campaigns. DLA Piper suffered badly from the NotPetya attacks of 2017, for example.

Data theft: Often, information-stealing raids are enabled first by a phishing email, providing a foothold into the corporate network. In 2017, three Chinese nationals were indicted after hacking two major US law firms for data that was allegedly used in a $4m insider trading scam.

Supply chain: Law firms may be viewed as the weakest link in the data supply chain, running insecure systems which can be hacked for sensitive client information. But that weak link may not be your organisation, it could be your partners and contractors. The entire chain needs vetting and regular auditing.

Regulation: With the GDPR now in full force, law firms can’t afford to slip up. A regulatory mauling would be disastrous for the corporate reputation. Extra attention must be paid to data security.

Nominet’s DNS-based security can help

Fortunately, there is an opportunity to improve threat detection and response, by plugging in security at the DNS. This is the part of your infrastructure that seamlessly converts domain names to IP addresses so that external users are directed to your web pages and employees can browse the web. The problem is that it’s riddled with systemic vulnerabilities which hackers are more than capable of exploiting. Many organisations also help them in this by whitelisting DNS traffic at the firewall level.

But while DNS is used in most cyber attacks — either to direct users to malicious or phishing sites, to help hackers communicate with infected machines on your network or to exfiltrate stolen information out of the organisation — it can also be used for security.

Nominet’s NTX platform is built on decades of experience securely managing the .uk domain. It enables organisations to find the signal in all of the noise — single out malicious packets hidden in huge volumes of legitimate traffic. That means you can detect infected machines on the network and disrupt attacks early on in the kill chain and stop DNS tunnelling used to exfiltrate data out of your firm. NTX protects your network against command-and-control malware, phishing, botnets, cryptomining, data exfiltration and other threats without impacting performance.

It’s available in two versions: cloud platform NTXprotect and the fully managed service NTXsecure.

For more information on cyber threats in the legal profession, download our whitepaper.

Cyber Threats in the Legal Profession

Download here