Cyber threats to law firm finance teams

YOUR SPEAKER –
• 2016 CHIEF SECURITY OFFICER – PRAETORIAN CONSULTING INTERNATIONAL (CYBER SECURITY AUTOMATION)
• 2014 HEAD OF INFORMATION SECURITY – WORLDLINE (ATOS GROUP) (LEVEL ONE SERVICE PROVIDER)
• 2014 CISO LEVEL SECURITY, RISK & COMPLIANCE CONSULTANCY ACROSS EUROPE – DVV SOLUTIONS
• 2013 INFORMATION SECURITY & PCIDSS ASDA & GEORGE (LEVEL ONE MERCHANT)
• 2011 - 2013 INFORMATION SECURITY & PCIDSS MANCHESTER AIRPORTS GROUP (LEVEL THREE MERCHANT)
• 2006-2011 INFORMATION SECURITY & PCIDSS HOMELOAN MANAGEMENT LIMITED (LEVEL ONE SERVICE PROVIDER)
• 2006 ECOMMERCE SECURITY– THOMAS COOK SCHEDULED BUSINESS

SUMMARY–
• QUICK LOOK AT BUSINESS FRAUD ‘THE WHAT’
• WIRE TRANSFER
• CONVEYANCING
• QUICK LOOK AT WHAT HAPPENS ‘THE HOW’
• MALWARE
• MONEY MULES
• QUICK LOOK AT ‘THE FIGHT BACK’
• RIGHT PEOPLE
• RIGHT PROCESSES
• ANY REASONABLE TECHNOLOGY
In 2015, 62 per cent of law firms reported they had
suffered from a security incident, up from 45 per cent
in 2014, according to figures from accountants PwC.
Director of intelligence and investigations at the
Solicitors Regulation Authority (SRA), reveals cyber
criminals have caused substantial losses to 50 law
firms this in 2015, ranging from £50,000 to £2
million, and a further 20 firms had fallen victim to e-
mail redirection scams, involving very substantial
amounts of money.
Over the last couple of years, Action Fraud said there
have been 91 reports of the crime, which amounts to
more than £10million of losses.

CLASSIC – THE CEO WIRE TRANSFER
• NOT A NEW FRAUD, BUT IN THE NEWS
• AS AN ATTACK, THE CEO EMAIL WIRE FRAUD ATTACK
COULDN’T BE SIMPLER. THERE’S NO MALWARE TO
WRITE AND NO MALICIOUS CODE OR LINKS TO IMPLANT.
IT’S A TEXT ONLY EMAIL, PLAIN AND SIMPLE – BUT IT’S
THE SOCIAL ENGINEERING THAT MAKES IT WORK.

THE RISING COST OF CEO WIREFRAUD
• JAN 2016 – 54M USD
• FEB 2016 – 70M EURO

THE INDUSTRY SPECIAL – CONVEYANCING
• EXAMPLE 1 – TARGET THE SELLER
• “HACKING INTO EMAIL ACCOUNTS AND
IMPERSONATING THE OWNERS TO STEAL
MONEY, INFORMATION OR BOTH IS A
GROWING FORM OF CRIME THAT ALMOST
COST THIS FAMILY THE ENTIRE PROCEEDS
OF THEIR PROPERTY SALE.”
• NICOLE BLACKMORE, DAILY TELEGRAPH

• FIRST EXAMPLE
• TAKEOVER THE SELLERS EMAIL
ACCOUNT.
• WAIT FOR BANK INSTRUCTIONS TO
GO TO CONVEYANCING FIRM
• SEND NEW EMAIL SAYING THERE
HAS BEEN A MISTAKE AND THAT THE
PROCEEDS FROM THE SALE NEED TO
GO TO A DIFFERENT ACCOUNT
• FIRST EXAMPLE ISSUES
• SELLER RESPONSIBLE FOR THEIR MAILBOX SECURITY
• BANK ONLY USES SORT CODES AND ACCOUNT NUMBERS TO SET UP
FUNDS TRANSFER
• THERE IS A VERY SMALL WINDOW OF TIME TO FREEZE A BANK ACCOUNT
AND RESTORE FUNDS ON DISCOVERING THIS TYPE OF ATTACK. (<72HRS)

• EXAMPLE 2 – TARGET THE BUYER
• “SOLICITORS ARE CONTINUING TO EXPOSE HOME
BUYERS AND SELLERS TO THE RISK OF A GROWING
FORM OF FRAUD, EMAIL HACKING. THE PROCEEDS
OF PROPERTY TRANSACTIONS ARE AT RISK, IN
MANY CASES RUNNING TO HUNDREDS OF
THOUSANDS OF POUNDS.”
• NICOLE BLACKMORE, DAILY TELEGRAPH

• SECOND EXAMPLE
• SHORTLY BEFORE COMPLETION THEY RECEIVED
AN EMAIL FROM THE SOLICITORS SAYING THAT
ITS LLOYDS BANK ACCOUNT WAS BEING
AUDITED, SO THE COUPLE NEEDED TO
TRANSFER THEIR FUNDS TO THE FIRM’S
NATWEST ACCOUNT.
• WANTING TO MAKE SURE THE REQUEST WAS
GENUINE, MR JOHN DOE REPLIED ASKING FOR
CONFIRMATION OF THEIR UNIQUE CLIENT ID
NUMBER. HE RECEIVED A REPLY WITH THE
CORRECT DETAILS AND SO, ON THE THURSDAY
BEFORE COMPLETION, THE COUPLE WENT TO
THEIR LOCAL BARCLAYS BANK AND
TRANSFERRED £299,000 TO THE NATWEST
ACCOUNT.
• SECOND EXAMPLE ISSUES
• SOLICITORS REFUSED TO ADMIT EMAIL HAD BEEN HACKED AND DENIED
ALL LIABILITY FOR THE EMAIL FROM THEIR DOMAIN ASKING FOR THE
CHANGE OF BANK DETAILS
• EXTRA FEES INCURRED BY SELLERS TRYING TO GET FUNDS BACK
• WHERE INSURANCE PAYOUTS INCREASE, THEN SO DOES THE COST OF
PROFESSIONAL INDEMNITY – WHICH IN TURN COULD INCREASE THE
COSTS OF CONVEYANCING

HOW –
• A SPOKESPERSON FOR THE GOVERNMENT AGENCY, ACTION FRAUD, SAID: "THROUGH MALWARE OR THROUGH INSECURE NETWORKS
THE FRAUDSTERS WILL BE ABLE TO VIEW A PERSON’S EMAIL EXCHANGES AND THEIR ACTIVITY ONLINE, THIS WILL ALLOW THEM TO
FIND OUT INFORMATION ABOUT PEOPLE, READ THEIR EMAILS AND ASCERTAIN THAT THEY ARE IN THE PROCESS OF BUYING A HOUSE."

COFFESHOP WIFI
• Q: HOW DO PEOPLES PERSONAL EMAIL ACCOUNTS GET COMPROMISED ?
• A: A CLASSIC WAY IS THROUGH INSECURE NETWORK CONNECTIONS, FOR EXAMPLE, FREE WIFI IN COFFEE SHOPS AND HOTELS

TELEGRAPH REPORTER’S ADVICE–
• USE A STRONG PASSWORD FOR YOUR EMAIL ACCOUNT THAT IS DIFFERENT FROM YOUR
OTHER ONLINE ACCOUNTS. CHANGE IT REGULARLY.
• PROTECT YOUR DEVICES WITH SECURITY SOFTWARE AND REGULARLY INSTALL UPDATES.
• CONSIDER USING ENCRYPTED EMAILS AND ASK YOUR CONVEYANCING SOLICITOR TO DO THE
SAME.
• MAKE IT CLEAR TO YOUR SOLICITOR THAT YOU HAVE NO INTENTION OF CHANGING YOUR
BANK ACCOUNT DETAILS. TELL THEM THAT ANY INSTRUCTIONS TO USE A DIFFERENT
ACCOUNT – THEIRS OR YOURS – MUST BE GIVEN IN PERSON

PEOPLE AND PROCESSES
• EDUCATED YOUR STAFF ON
• PHISHING IN GENERAL
• EMAIL FRAUD IN GENERAL
• WIRE FRAUD AND CONVEYANCING SCAMS
• HAVE EFFECTIVE INTERNAL PROCESSES THAT PREVENT
• USING CHANGES SUBMITTED BY EMAIL THAT HAVE NOT BEEN VERIFIED BY CONTACTING THE PEOPLE INVOLVED
• HAVE A TESTED “INCIDENT RESPONSE” PLAN FOR WHEN THINGS GO WRONG
• KNOW WHO TO CONTACT INTERNALLY AND EXTERNALLY
• BANKING TEAM, LAW ENFORCEMENT, ACTION FRAUD, PUBLIC RELATIONS, RISK DIRECTOR, INSURANCE COMPANY

TECHNOLOGY – THE BASICS
• THE BASICS
• ANTIVIRUS
• ANTIMALWARE/SPYWARE
• WEBPROXY
• REMOVE LOCAL ADMIN ACCESS WHERE POSSIBLE
• PATCH APPLICATIONS
• PATCH OPERATING SYSTEM
• NSA HACKER ADVICE
• HTTPS://WWW.YOUTUBE.COM/WATCH?V=BDJB8WOJYDA

TECHNOLOGY – WHEN THINGS GO WRONG
• HAVE A TESTED “INCIDENT RESPONSE” PLAN FOR WHEN THINGS GO WRONG
• HTTPS://OTALLIANCE.ORG/SYSTEM/FILES/FILES/RESOURCE/DOCUMENTS/2016-OTA-BREACHGUIDE_UPDATE5-16.PDF
• HTTPS://OTALLIANCE.ORG/SYSTEM/FILES/FILES/INITIATIVE/DOCUMENTS/OTA-2014-EMAILINTEGRITYAUDIT.PDF

TECHNOLOGY – THE STANDARDS
• AUSDSD TOP 35 & CPNI TOP20
• HTTP://WWW.ASD.GOV.AU/INFOSEC/MITIGATIONSTRATEGIES.HTM
• HTTPS://WWW.CPNI.GOV.UK/ADVICE/CYBER/CRITICAL-CONTROLS/

WEB REFS–• HTTP://WWW.RAWSTORY.COM/2016/06/THIS-IS-HOW-HACKERS-CAN-STEAL-MILLIONS-FROM-YOUR-COMPANY-WITH-JUST-ONE-EMAIL/
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11605010/FRAUDSTERS-HACKED-EMAILS-TO-MY-SOLICITOR-AND-STOLE-340000-FROM-MY-PROPERTY-SALE.HTML
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11632304/EMAIL-HACKING-ANOTHER-HOME-SELLER-ROBBED-OF-270000.HTML
• HTTP://WWW.TELEGRAPH.CO.UK/FINANCE/PERSONALFINANCE/BORROWING/MORTGAGES/11715616/OUR-300000-HOUSE-BUYING-MONEY-WAS-STOLEN.HTML
• HTTP://WWW.EXPRESS.CO.UK/FINANCE/PERSONALFINANCE/632064/HOMEBUYERS-WARNED-OF-NEW-DEPOSIT-SCAM-AFTER-DEVASTATED-COUPLE-LOSE-45000
• HTTP://WWW.LANCASHIRETELEGRAPH.CO.UK/NEWS/14565802.JAIL_THREAT_TO_MAN_WHO_LAUNDERED_ALMOST___100K_INTO_BANK_ACCOUNT_IN_NATIONAL_SCAM/?REF=MR&LP=3
• HTTP://WWW.PROPERTYINDUSTRYEYE.COM/WARNING-NEW-CASES-COME-TO-LIGHT-ABOUT-EMAIL-HACKING-PROPERTY-SCAM/
• HTTP://WWW.THETIMES.CO.UK/TTO/NEWS/UK/CRIME/ARTICLE4521334.ECE
• HTTP://WWW.PCWORLD.COM/ARTICLE/3025391/AIRCRAFT-PART-MANUFACTURER-SAYS-CYBERCRIME-INCIDENT-COST-IT-54-MILLION.HTML
• HTTPS://WWW.BRUSSELSTIMES.COM/BELGIUM/4944/BELGIAN-BANK-CRELAN-HIT-BY-A-70-MILLION-EUR-FRAUD
• HTTP://LIFEHACKER.COM/5853483/A-GUIDE-TO-SNIFFING-OUT-PASSWORDS-AND-COOKIES-AND-HOW-TO-PROTECT-YOURSELF-AGAINST-IT
• HTTP://CODEBUTLER.COM/FIRESHEEP/
• HTTP://WWW.GLOCALVANTAGE.COM/PREVENT-REMOTE-ACCESS-TROJAN/
• HTTPS://WWW.PROOFPOINT.COM/US/IMPOSTOR-EMAIL-THREATS-INFOGRAPHIC
• HTTPS://WWW.IAD.GOV/IAD/CUSTOMCF/OPENATTACHMENT.CFM?FILEPATH=/IAD/LIBRARY/IA-GUIDANCE/ASSETS/PUBLIC/UPLOAD/TOP-10-IAD-MITIGATION-STRATEGIES-
2015.PDF&WPKES=AF6WOL7FQP3DJIXDXWFBTC2AV9XHQLYTZ6CUUG

Time is precious, thank you for yours
https://uk.linkedin.com/in/jmck4cybersecurity
@CisoAdvisor

Cyber threats to law firm finance teams

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (20)

Mais de James '-- Mckinlay

Mais de James '-- Mckinlay (12)

Último

Último (20)