29 November 2023

3 min read

Law firms facing a surge in business email compromise: S-RM reveals new trends in cyber attacks on the legal sector

Lawyer sitting in his office looking at emails
  • Multi-factor authentication no longer a sure thing as cyber criminals develop new ways to bypass and aim for persistent access

  • Phishing attacks expanding beyond just malicious emails, including into Microsoft Teams

29 November – London – Leading cyber security risk consultancy S-RM has  warned that over the last two months law firms have increasing becoming targets for cybercriminal groups that specialise in Business Email Compromises (BEC) in 2023. 

While BECs are not a novel cyber threat, the frequency and sophistication of these attacks have reached new heights, with law firms being disproportionately affected. Most concerning is that many new tactics employed by these threat actors effectively circumvent multi-factor authentication measures, making it increasingly difficult for firms to protect themselves through traditional means.

S-RM's analysis has identified several key developments in recent BEC cases targeting law firms, including:

  • Evasion of multi-factor authentication:
    Threat actors have found ways to bypass multi-factor authentication, such as stealing session cookies and utilising advanced phishing techniques. They are also pursuing persistent access, meaning that one breach bypassing multi-factor authentication allows for long-term access
  • Undetected breaches:
    Threat actors are deploying new techniques around manipulating IP addresses and geolocation data to avoid detection after compromising a law firm mailbox
  • An evolution in phishing:
    • Phishing emails are becoming increasingly sophisticated, making them harder to recognise as fraudulent. Threat actors are increasingly targeting remote-working platforms such as Microsoft Teams and using QR codes, in addition to traditional email attacks.
    • The ramifications of these attacks, when successful, are far-reaching and include not only reputational damage and financial loss, but increased regulatory scrutiny and impacts on insurance and professional indemnity premiums at the point of renewal.

To stay ahead of these threats, organisations should review their existing multi-factor authentication measures and ensure their method is aligned to the FIDO2 standard, which prevents most of the newer, more sophisticated types of phishing.

However, this alone is not enough – S-RM strongly advises reviewing security configurations and fine-tuning detection systems regularly to be resilient against new campaigns and techniques, in addition to updating awareness campaigns to emulate criminals’ changing methods.


Jamie Smith, Global Head of Cyber Security Services at S-RM, comments:

In this era of heightened cyber threats, law firms are more and more finding themselves in the crosshairs of sophisticated BEC attacks. Cybercriminals' ability to bypass multi-factor authentication and evade detection is alarming. It's a stark reminder that the traditional defence methods are no longer enough. Adaptation is crucial.”


Dan Caplin, Director, Cyber Security at S-RM, comments:

The rise in targeted email compromise attacks against law firms is a pressing concern for the legal industry. The attackers' evolving tactics, from session cookie theft to increasingly convincing phishing, challenge our conventional defences. Law firms must prioritise advanced security measures, detection and cyber resilience to protect their clients, reputation, and bottom line.”


Notes to Editors

Media Enquiries:
Tom Stewart-Walvin
+44 (0)7855 689 302

About S-RM

S-RM is a global intelligence and cyber security consultancy with expertise in insurance, cyber security and cyber response. Headquartered in London, S-RM works across nine international offices and advises companies ranging from blue-chip corporates to large financial institutions, and beyond.


Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.