BEC attacks on law firms spike as cyber criminals bypass MFA

Law firms are facing a surge in business email compromise (BEC) attacks with threat actors finding new ways to circumvent multi-factor authentication (MFA) measures. That’s according to cyber security risk consultancy S-RM which found that, in the last few months, legal organizations have been increasingly targeted by cybercriminal groups that specialize in BEC campaigns.

Along with detecting novel MFA evasion tactics, S-RM also identified several key developments in recent BEC cases targeting law firms. These include new methods to go undetected and deliver phishing emails.

Earlier this year, a report by the UK National Cyber Security Centre (NCSC) warned that law firms are facing increasing cyber threats. Cyber criminals, nation states, hacktivist and insider threats pose specific risks to law firms that routinely handle highly sensitive information, significant funds and rely on external IT services providers, the Cyber Threat Report: UK Legal Sector read.

BEC threat actors adopting new tactics to attack law firms

Threat actors have found ways to bypass multi-factor authentication, such as stealing session cookies and utilizing advanced phishing techniques, wrote S-RM. They are also pursuing persistent access, meaning that one breach bypassing MFA allows for long-term access.

Threat actors are also deploying new techniques around manipulating IP addresses and geolocation data to avoid detection after compromising a law firm mailbox, S-RM added. As for advancements in phishing, emails are becoming increasingly sophisticated, making them harder to recognize as fraudulent, the firm said. Threat actors are increasingly targeting remote-working platforms such as Microsoft Teams and using QR codes, in addition to traditional email attacks.

The ramifications of these attacks, when successful, are far-reaching and include not only reputational damage and financial loss, but increased regulatory scrutiny and impacts on insurance and professional indemnity premiums at the point of renewal, S-RM warned.

Law firms increasingly in the crosshairs of BEC attacks

Law firms are increasingly finding themselves in the crosshairs of BEC attacks, said Jamie Smith, global head of cyber security services at S-RM. “Cyber criminals’ ability to bypass MFA and evade detection is alarming. It’s a stark reminder that the traditional defense methods are no longer enough. Adaptation is crucial.”

The rise in targeted email compromise attacks against law firms is a pressing concern for the legal industry, added Dan Caplin, director of cyber security at S-RM. “The attackers’ evolving tactics, from session cookie theft to increasingly convincing phishing, challenge our conventional defenses. Law firms must prioritize advanced security measures, detection and cyber resilience to protect their clients, reputation and bottom line.”