Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Thank you for signing up!

You will receive correspondence shortly regarding the that you have just registered for. We look forward to your attendance.

Until then, have a great one!

Bringing key security insights to Law firms through leading AI cyber defence technology

GMT (London) 14:00

CAT 16:00

Speakers

Maxwell Keay

Account Executive at Darktrace

Shabeer Ramsingh

Head of Strategic Business Development (Europe & USA) at Grove

[PAST WEBINAR]


Since July 2018, Darktrace has identified an increasing number of cyber-attacks targeting law firms. Concerningly, the attacks are emerging not from opportunistic malware, like banking trojans, but threat actors who actively conduct cyber-intrusions, seeking to exfiltrate data from these organizations.


Key issues Darktrace addresses for Law firms :

  • The potential risk to clients data and subsequent the reputational damage from a breach
  • Increasing number and variation of attacks
  • Lack of resources (IT Team) to protect new and novel threats


Perfect targets

  • Law firms are actively pursued because their systems contain the sensitive data of many other organizations.
  • The essence of a lawyer’s work involves managing confidential client information. Firms are privy to a huge variety of valuable data, from tax affairs to intellectual property.
  • Consequently, law firms’ ability to protect highly-sensitive information is critical; a successful cyber-attack might cause reputational damage resulting in the diminishing of their most valuable asset – clients’ trust.


Further challenges

  • As an industry, the law is structured around sharing revenues among a minimal number of highly qualified professionals. As such, they can rarely employ large IT teams – and even smaller IT security departments.
  • With the increased number of attacks seen in recent years, as well as the added risks of the cloud, and the Internet of Things, security teams lack the capacity to defend their networks against the sophisticated, machine-speed attacks which characterize today’s threat landscape.
  • In addition, lawyers often have to research obscure or potentially illegal activities, while communicating and receiving files from third parties. This complicates any attempt to impose and regulate highly restrictive security policies, placing a significant burden on small, overstretched security teams.

Living off the land

  • Interestingly, the recent surge of targeted attacks against law firms is unified by the methods used. The attacks were all performed using publicly available tools, including Mimikatz (for credentials dumping), Powershell Empire (for Command & Control communication), Dameware (additional C2/backdoor), and PsExec variants such as the Impacket Python variant of PsExec (for lateral movement).
  • Perhaps surprisingly, using generic methods against such high-level targets is actually beneficial to the attacker. Adopting mainly publicly available tools, rather than individually crafted malware, makes attribution much harder.
  • Although some of these tools, such as Mimikatz, have to be downloaded into the environment; the stealthiest, like Dameware or PsExec, are able to use the infrastructure within their environment. Known as ‘living off the land’, these tools are almost undetectable by traditional security approaches, as their malicious activity is designed to blend in with legitimate system administration work.


Case study

  • In July 2018, Darktrace discovered the illegitimate use of Powershell Empire – a code capable of ‘living off the land’. When monitored by human surveillance alone, this extremely stealthy tool would normally go undetected, camouflaged by system behaviour.
  • Unlike traditional security approaches, Darktrace does not use rules and signatures. Instead, it learns about the activity of the network, itself. This meant Darktrace was able to observe the initial download of the malware, subsequent reconnaissance and ensuing C2 traffic.
  • Consequently, Darktrace were able to report that an incident had occurred involving a probable Trickbot banking trojan infection and new use of a Remote Access Tool.

Join Grove and Darktrace on Thursday 24 January 2019 at 14:00 for this exclusive webinar, as we bring key security insights to law firms through leading AI cyber defence technology.
Tags: Darktrace

Recent Tweets