Making a case for DNS-based security in the legal sector

Law firms have historically not been early adopters of technology, but as more and more organizations digitize their assets and embrace online ways of working, they’re becoming more exposed to the threat from cyberspace. And as more data goes online and new investments in cloud infrastructure and collaboration tools increase the corporate attack surface, remote attacks will become even easier.

Attackers in the dock – cyber security and law firms

The key threats facing law firms start with data theft. Getting hold of sensitive client information can mean a major payday for hackers. In 2017, three Chinese nationals were indicted after using data stolen data from US law firms in a $4m insider trading scam. Sensitive information could also be sold on the dark web to the highest bidder, or even stolen as part of nation state intelligence gathering missions designed to give governments a geopolitical advantage. Very often, data stealing raids begin with phishing emails, targeting inexperienced staff with social engineering tactics designed to trick them into clicking on a malicious link, opening a malware-laden attachment or handing over their login details.

Law firms are also exposed to ransomware. DLA Piper suffered major losses following NotPetya attacks, for example. Although it didn’t lose any data the impact on operations lasted weeks and the firm had to pay 15,000 hours in IT staff overtime to get systems up and running again. This touches on another major threat: from the supply chain. Partners and contractors are often singled out as being potentially weak on security. By compromising them, attackers could find a way to infiltrate the corporate network of the law firm itself. With GDPR penalties potentially running into the millions, the stakes couldn’t be higher for keeping customer and employee data safe and secure. (blog for whitepaper)

If you were in any doubt as to the possible impact of cyber incidents at law firms, just consider the headlines generated by major breaches at two firms: Mossack Fonseca and Appleby. These resulted in what came to be known as the Panama Papers and the Paradise Papers: huge leaks of sensitive financial information on the tax avoidance schemes of clients including world leaders, celebrities and business executives. Mossack Fonseca has since been forced to shut down.

Sometimes law firms can be their own worst enemy. Research from 2018 found over one million corporate email addresses and passwords belonging to staff at the UK’s top 500 law firms up for sale on dark web sites. These had been used by employees to register accounts with third-party sites like LinkedIn, which were then breached.

The key to regaining the initiative is to focus on DNS. It’s often an overlooked part of an organizations IT infrastructure, but by understanding how it can be abused by attackers, IT leaders can better calculate the threat to their firm. Then it’s a case of investing in DNS analytics tools to proactively tackle the threat.

The case for DNS analytics

The truth is that DNS is an essential part of every law firm’s IT environment, converting the domain names humans understand into the IP addresses that machines use to communicate with each other on the internet. Without it, employees, partners and customers wouldn’t be able to find the right websites and digital assets online.

However, DNS was built in an age before professional cyber crime, so it is saddled with flaws which could be exploited by attackers. For example, changing the answers to the queries stored in DNS servers could covertly redirect users to phishing or malware-laden web pages. DNS traffic is also used by attackers to hide command-and-control (C&C) server communications with infected hosts, and to exfiltrate data out of a breached organization via DNS tunnelling.

The good news is that because DNS is always-on, and plays such a key role in attacks, it can be used in a highly effective manner for incident detection and response. Nominet’s NTX platform uses advanced analytics to spot malicious traffic hiding in large volumes of legitimate DNS packets, allowing IT to automatically detect and block attacks before they can make an impact.

Law firms that want to improve the client experience and back-office efficiencies through more digital-centric ways of working must also mitigate the accompanying rise in cyber threats. DNS offers a great opportunity to steal a competitive advantage whilst staying secure and compliant.