New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fortune 500 Companies Affected After US Law Firm Suffers Ransomware Incident

After suffering a ransomware incident in February 2021, US law firm Campbell Conroy & O’Neil, P.C., which works with numerous Fortune 500 companies, have announced they’ve been affected by a data breach. After the discovery of a system disturbance and third party investigation, it was revealed that the entity behind the attack was able to access “certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords).” Due to the high-profile nature of the clients that they deal with, the law firm could be viewed as a lucrative target for threat actors. It’s not known at this time which group is behind the attack and if the information that was accessed was sold or misused. The type of information that was accessed by the attackers is highly sought-after in criminal marketplaces and can be used for identity theft fraud. As a preventative measure, the law firm will be offering free identity monitoring for two years.

Analyst Notes

When working with third-party vendors like the law firm it is important to make sure they are protecting data properly. It comes as a challenge sometimes, but a zero-trust approach when dealing with security should be a priority and can help lower the chances of suffering consequences from mistakes made by external partners. It is advised that companies pair a trusted antivirus software with some type of endpoint monitoring solution and 24/7 monitoring by security operations in order to better protect their systems from intrusions that can result in data breaches. Having tested back-ups along with a recovery plan will make dealing with the effects of ransomware attacks possible without resorting to paying the attackers for decryption keys.