Today, Bloomberg broke the story that three Chinese hackers made more than $4-million in illicit profits after breaking into the servers of top deals law firms in New York. The alleged hackers, Iat Hong, Bo Zheng, and Hung Chin, executed a deceptive scheme to hack into the networks of at least two high-profile law firms to steal confidential information pertaining to firm clients that were considering mergers or acquisitions.
According to the Securities and Exchange Commission (SEC) complaint, the hacking involved installing malware on the law firm’s networks, compromising accounts that enabled access to all email accounts at the firms, and copying and transmitting dozens of gigabytes of emails to remote internet locations. In particular, Hong and Zheng coveted the emails of attorneys involved in mergers and acquisitions as they exchanged a list of partners who performed the work at one of the law firms prior to the hack. The SEC, along with the U.S. Attorney’s Office for the Southern District of New York, have both announced criminal charges.
This is not the first attack to hit a law firm in 2016. In fact, at least 80 of the 100 biggest firms have been substantially hacked since 2011. Cyber criminals are also becoming more sophisticated and efficient, as seen in the recent phishing scam that hit lawyers in at least seven states. In fact, since 2009 the FBI, U.S. Secret Service, and other law enforcement agencies have warned managing partners of big U.S. firms that their computer files are targets for cyberspies and thieves in China, Russia, and other countries (including the U.S.) looking for valuable information on potential mergers, patents, and trade secrets, amongst others.
Attorneys and their employees are being targeted by hackers and criminal organizations at an unprecedented level. And the damage is unprecedented as well – the average cost of a hack to law firms is now over $7.01-million, or $221 per compromised record.
Like 2016, 2017 is going to be a difficult year for legal practitioners who have fallen behind the technology curve. Now, more than ever, is the time to invest in additional cyber security measures including the private cloud, which is a type of cloud computing that delivers scalability and self-service through a propriety architecture dedicated to a single organization. In other words, you know where and who has your data at all times.
As cyberattacks become more frequent it is imperative that your data is protected. A fully managed, 24/7 protected private cloud service is one of the many services that will ensure your data remains safe.
To learn more about the Abacus Private Cloud please visit https://www.abacusnext.com/products/abacus-private-cloud