A Free First Step for Your Law Firm
Sign up for a Free Security Vulnerability Scan. No obligation, no cost, all insights.
Cybercriminals target law firms to steal Intellectual Property—Here's why.
Hackers are known to target law firms for the large volume of sensitive financial, medical, and personal data stored in their networks and servers. But bad actors are equally hungry for Intellectual Property (IP)-- the proprietary data often shrouded in secrecy and held by trusted business partners like law firms.
Which types of law firms host intellectual property in their network?
Some law firms specialize exclusively in Intellectual Property law. These firms are likely handling matters and cases relating to:
- Contract enforcement and contract law
- Business law including sole proprietorship, LLCs, and enterprises
- Entertainment law
- Trademark, patent, copyright, and trade secret actions including:
- Registrations
- Violations
- And other matters pertaining to the use of IP
But, these are not the only firms in danger of being targeted by bad actors. Even law firms not specializing in IP typically encounter multiple types of intellectual property in the course of their work.
This can include trade secrets, protected artistic works-in-progress, device or invention schematics, proprietary corporate information, and more—all of which are stored in the law firm’s own technology environment. Typically, the following types of law firms store IP in large quantities:
- Entertainment law
- Corporate/business law, including industries like:
- Retail
- Consumer goods
- Food and beverage
- Automobiles
- Contract law
- Real estate/property law
- Medical law
- And more
What do hackers do with stolen Intellectual Property?
Bad actors who successfully steal intellectual property can carry out a number of attacks, scams, and illicit financial schemes using the IP as a tool. Here are a few examples.
Ransom or financial extortion
When secrets or sensitive information are leaked, the victim of the theft or originator of the intellectual property can be extremely willing to comply with a ransom or extortion demand—even more so than other cyberattack victims. This is because the cost of a ransom or demand seems small in comparison to what the victim stands to lose by allowing the leak or sale of the intellectual property itself.
Hackers leverage this fear and eagerness to financially extort victims of IP theft and often seek to facilitate a ransom payment to ensure the return of the IP. In especially nefarious cases, the bad actors may never even give the IP back to the victim—they could simply disappear with the money and go on to carry out another type of attack or scheme with the stolen intellectual property.
Corporate Espionage
Intellectual property theft can be tied to corporate espionage, a form of spying or stealing trade secrets and proprietary information to share with competitors for financial, social, or corporate gain. This can be carried out by bad actors paid by competing organizations or other motivated parties, but can also (and perhaps more commonly) be executed by disgruntled employees or former employees of the victim’s company.
It seems like a myth made for the big screen, but corporate espionage is common enough to raise concern. Here are some examples from real life events:
Deel and Rippling Face Off
Two payroll software startups have been locked in a long battle over alleged corporate espionage. A Silicon Valley startup, Deel, accused their competitor, Rippling, of directing a Deel employee to “’pilfer’ the company’s assets by posing as a customer”-- a follow-up to earlier claims that culminated as follows, per Yahoo Finance:
“After presenting the employee with a court order for his phone in March, he sent his phone down the bathroom pipes. The employee, who is no longer with the company, has since admitted to spying and is cooperating with Rippling’s lawyers. Deel filed to dismiss Rippling’s corporate espionage case.”
Malware Tool Warning Emerges at Kapersky Cyber Security Weekend
A highly evolved cyberattack tool dubbed GriffithRAT (Remote Access Trojan) has presented a sophisticated malware threat primarily targeting financial technology companies and online betting and trading platforms. The information gained from these targeted attacks may bring a new level of risk regarding corporate espionage.
MSN reports that “Kaspersky researchers have been following the evolution of GriffithRAT for over a year. Their analysis strongly suggests that this malware is being used by cyber mercenaries, hackers for hire who are contracted by third parties to carry out highly targeted attacks. These mercenary-led operations are often driven by financial or strategic motivations, particularly in competitive sectors like finance and tech.”
Though reporting around corporate espionage tends to be sensational, the subject matter is as risky as it seems—corporate espionage using IP happens in the real world, and third-party partners like law firms are at great risk of falling into the middle of these scandals.
.png?width=500&height=500&name=Icon%201%20(1).png)
An Easy, Free Security Scan
Our Free Security Vulnerability Scan is an assessment that helps law firms identify the greatest areas of risk in their technology. Here’s what’s included:
- Internal & External Vulnerability Assessment Scan
- Identify Security Weaknesses: Comprehensive scanning of your systems, applications, and network infrastructure to detect vulnerabilities.
- Assess Impact and Severity: Provide insights into which vulnerabilities pose the highest risk to your operations, data, and compliance.
- Results Reporting to Your Firm:
– Executive Summary Report
– Full Detail Report
– Assessment Report
Sale or auction
Turning stolen information into profit is the classic motivation behind cyberattacks—and in the case of intellectual property, the stolen information can turn a high profit.
In one such case, a hacker from the United Kingdom managed to steal unreleased songs by hit music artists, including big names Coldplay and Shawn Mendes, pocketing roughly £42,000 (about $48,396.60 USD) by selling the stolen intellectual property on the dark web.
Reports The Independent, “The Recording Industry Association of America supplied evidence showing that Dalziel had purchased six music tracks on the dark web which were unreleased and not available for sale and linked to three different record labels. These purchases were made using Bitcoin.
A review of Dalziel’s PayPal account and bank account showed that she had received payments worth a total of £42,049 from April 2021 to January 2023, police said.
She was handed the suspended sentence at Luton Crown Court on Friday, having pleaded guilty to nine copyright offences and four computer misuse offences.”
Hackers who manage to obtain intellectual property can sell it to the public in a variety of ways, including on dark web marketplaces. Those who obtain trade secrets can sell them directly to competitors in the marketplace. In all cases, stolen intellectual property can be a lucrative prize for hackers—and they may target third parties, like law firms, who may not be protecting these IP items as ardently as the original owners.
Sabotage and other attacks
Sometimes, the goal of intellectual property theft is to sabotage the originator. Take, for example, Exxon Mobil’s cyberattack scandal.
An Exxon Mobil lobbyist is accused of orchestrating a series of cyberattacks between 2015 and 2018, which “targeted over 500 email accounts, with the apparent goal of undermining legal efforts against Exxon and its practices.”
The lobbying group, DCI Group, underwent an investigation that reignited outrage over the alleged espionage. Says Reuters in a 2024 report, “In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said.”
Sabotage can also be dangerous—or even deadly—when waged against organizations such as government entities. Attacks on institutions of public safety, governmental operations, or government-regulated entities including airlines and aeronautics organizations can lead to lethal consequences for civilians.
A Law Firm’s Role in Protecting Clients
When law firms enhance their cybersecurity posture, they empower the protection of their own business and personal information in addition to their clients’. All modern law firms should consider their own risk and how these risks can impact their clients, from corporations and government entities to entertainers and artists. This allows law firms to take a strong stance against cyberattacks that can damage their reputation, draw the firm into lengthy litigation, and burden them with the costs and consequences of remediation.
As clients become increasingly aware of the potential for IP theft, they look to the law firms they work with to provide protection of trade secrets and proprietary information. 37% of surveyed legal clients are willing to pay a premium for legal services from more cybersecure law firms, signaling the increasing priority of clients to protect their sensitive and proprietary information.
From Weakest Link to Strongest Safeguard: Enhancing law firm cybersecurity
It’s a well-known fact in the IT industry that vendors and partners—including law firms—can present the greatest amount of cyber risk for an organization. Law firms looking to elevate their reputation and protect their business are investing in cybersecurity practices that transform them from a vector for risk to a strong safeguard in their clients’ work and lives.
As an exclusively legal-focused IT Managed Services Provider (MSP), Strategic Technology Solutions remains committed to helping the law firms we partner with become cybersecure from the ground up, infusing cybersecurity best practices and robust safety measures into all aspects of our long-term engagements and IT projects alike.
Here’s where to start—take your first cybersecurity step for free
Locate the weak spots in your technology and secure your law firm against attacks.
At STS, we believe security is the foundation of a thriving business. That’s why we’re offering a free assessment to help support and protect law firms from threats targeting their business and clients.
Our Free Security Vulnerability Scan is an assessment that helps law firms identify the greatest areas of risk in their technology. Here’s what’s included:
- Internal & External Vulnerability Assessment Scan
- Identify Security Weaknesses: Comprehensive scanning of your systems, applications, and network infrastructure to detect vulnerabilities.
- Assess Impact and Severity: Provide insights into which vulnerabilities pose the highest risk to your operations, data, and compliance.
- Results Reporting to Your Firm:
– Executive Summary Report
– Full Detail Report
– Assessment Report
To claim your free assessment or learn more, click the button below.
How a security-focused MSP reduces risk and keeps law firms safe
Many law firms choose to engage with a Managed Service Provider (MSP), a technology partner that handles the firm’s IT strategy as well as day-to-day help, project planning and implementation, and more. But, not all MSPs are created equal—in fact, no MSP is required to stay in compliance with a larger regulatory standard or certification.
At Strategic Technology Solutions, we proudly elect to earn our SOC 2 Type II compliance, a globally renowned cybersecurity designation awarded after a rigorous auditing process. We have remained in compliance with this global standard for 5+ years, ensuring that we remain at the forefront of cybersecurity understanding and reduce our risk as much as possible to in turn reduce the risk of our clients.
We use this process as a means to continue our evolving defense against modern cyber crimes. This process reveals the timeliest best practices and security insights that we can use to educate and provide for our clients, helping reduce their risk from using a third-party vendor while mitigating their internal risk through best-in-class strategies,
The STS team is prepared to stand by your law firm long-term, helping you stay ahead of evolving threats and protect yourself from the devastating consequences of a breach. Get in touch today to learn how we can keep your law firm safe and secure.
