From early this year, two malware variants targeted almost 6-7 law firms spread through two separate incidents, alerting whole of the world about the lurking cyber threat. Cybersecurity firm eSentire was the first to uncover the truth as its security analysts discovered that the two malicious software named GootLoader and SoCGholish were only infecting the servers used by employees of reputed law firms.
Both these malware families launched in January and February of this year, respectively. They discovered it could act as a data stealing toolkit, REvil Ransomware spreading drop-loader and Cobalt Strike implant that turns nasty.
The modus operandi is simple, attract the law firm employees, including lawyers, to click on WordPress websites having blog posts laced with compromised links as trending keywords.
When the visitor clicks the keyword, GootLoader malware directs them to download a PDF or a contract template.
Security researchers from eSentire suggest that GootLoader operations have now shifted from financial motivated attacks to political or cyber espionage related conspiracies.
SoCGholish lurking as fake chrome update, allows attackers to perform more complex tasks like additional malevolent payloads, including Cobalt Strike and LockBit Ransomware.
So, all lawyers and staff of reputed legal service offering firms are being warned to be very careful while sieving the internet for information. Malicious actors are using malware laced web-domains to spread malicious tools, including a web domain acting as a carbon copy of an online notary service in Miami.
NOTE 1- Google is playing an active part in squashing such threats by alerting online users when they visit dangerous websites. According to the Google Transparency Report for 2022, about 3.8 million browser warnings were issued to users between Jan-Aug’22.
NOTE 2- According to 2022 State of Cybersecurity report from ISACA, nearly 69% of organizations in United States believe their organizations are understaffed to deal with cyber threats. However, 49% of them who took part in the survey claimed to boost their security staff potentials by mid-2023, either by training the current lot or hiring new talent.
NOTE 3– Netherlands is top in the list of being under prepared from attacks targeting government agencies, especially law firms.