Cyber Security Hub reported:
Cyber criminals, nation states, hacktivist and insider threats pose specific risks to law firms that routinely handle highly sensitive information, significant funds and rely on external IT services providers, the Cyber Threat Report: UK Legal Sector read.
Threat actors have found ways to bypass multi-factor authentication, such as stealing session cookies and utilizing advanced phishing techniques, wrote S-RM. They are also pursuing persistent access, meaning that one breach bypassing MFA allows for long-term access.
Threat actors are also deploying new techniques around manipulating IP addresses and geolocation data to avoid detection after compromising a law firm mailbox, S-RM added. As for advancements in phishing, emails are becoming increasingly sophisticated, making them harder to recognize as fraudulent, the firm said. Threat actors are increasingly targeting remote-working platforms such as Microsoft Teams and using QR codes, in addition to traditional email attacks
Cyber criminals, nation states, hacktivist and insider threats pose specific risks to law firms that routinely handle highly sensitive information, significant funds and rely on external IT services providers, the Cyber Threat Report: UK Legal Sector read.
Threat actors have found ways to bypass multi-factor authentication, such as stealing session cookies and utilizing advanced phishing techniques, wrote S-RM. They are also pursuing persistent access, meaning that one breach bypassing MFA allows for long-term access.
Threat actors are also deploying new techniques around manipulating IP addresses and geolocation data to avoid detection after compromising a law firm mailbox, S-RM added. As for advancements in phishing, emails are becoming increasingly sophisticated, making them harder to recognize as fraudulent, the firm said. Threat actors are increasingly targeting remote-working platforms such as Microsoft Teams and using QR codes, in addition to traditional email attacks
Find the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat