Should The Legal Sector Be Worried About State Sponsored Cyber Warfare?

State sponsored cyber warfare covers an increasingly broad hybrid umbrella of activity such as; Propaganda, Spheres of influence, Media Manipulation & Population Inference.

The terms of engagement are becoming increasingly blurred and the groups involved have become obfuscated by sponsorship of private hacking groups.

When we are considering risk of cyber crime on law firms, ‘sponsorship of private hacking groups’ presents the biggest change in terms of engagement.

However, the actors in defence against these risks remains to be that of Governments, and the Legal Sector should pay attention to The Law Society, which will be an effective line of Government communication to the legal sector.

The Law Society continues to provide guidance on a raft of government legislation including Money Laundering Directives and the Proceeds of Crime Act 2002. In addition to this, ‘Unexplained Wealth Orders’ is an area of government legislation which comes under this umbrella. This tells us that the sphere of influence is likely to be impacting the legal sector but offers little insight to the infrastructure behind state sponsored cyber crime.

In the latest major headline on cyber crime, US authorities have filed charges against two Russian Nationals with one of which alleged to have worked for Russian intelligence.

They have been reported to have been alleged to be running a global cyber crime organisation called ‘Evil Corp’. The reported software used was a form of malware utilising macros in Windows Word which installs a keyboard listener and performs injection attacks, and it has been alleged this was used to steal at least £76m. It is not clear if the legal sector was a victim in these allegations however it is likely the legal sector could be vulnerable to these types of attacks.

As state sponsored cyber crime is likely to become more and more indiscriminate, it is important that it demonstrates itself to be a hard target. The legal sector can do this by following advice from bodies such as the ‘Law Society’ and the SRA, and by putting in place NCSC controls such as Cyber Essentials.