How hackers attacked a celebrity law firm and how it can be prevented

How hackers attacked a celebrity law firm and how it can be prevented

The celebrity law firm Grubman Shire Meiselas & Sacks, which is used by stars such as Rod Stewart, Madonna, Robert De Niro and Elton John, has been hacked.

At the time of writing their website is down and hackers claim to have 756 gigabytes of data including contracts and personal emails, which has been proven by screenshots they have shared online.

The law firm has over 200 high profile clients, which also includes Barbra Streisand, Barry Manilow, Lady Gaga, Andrew Lloyd Webber, Priyanka Chopra and Sony Corp.

The hackers have also posted an image they claim shows the stolen data directory with folders named under certain clients. This is a tactic these kinds of criminals use to put pressure on their victims to pay a ransom.

How did this happen?

Current media coverage has indicated that the hacking group behind this attack could be the same as the cyber criminals who targeted Travelex earlier in 2020 using a ransomware as a service attack known as REvil or Sodinokibi. This is yet to be confirmed, although if true the finger points to a sophisticated and organised professional cyber-criminal outfit.

Such groups have now evidently turned their attention to exploiting the current coronavirus pandemic, leaving firms more vulnerable than ever before to a cyber-attack. In this case, the successful attack against the law firm has led to the hackers gaining access to part, if not all, of the firms file repository and has taken the company website offline, either as result of the breach or in order for the law firm to try and mitigate the issue.

Possible attack vectors include both phishing and ransomware, with the law firms remote access to work systems likely to have been targeted. Indeed, just recently, some of our colleagues in the cyber sector discussed a vulnerability in VPN systems used by remote workers to access work files from home. Groups are actively targeting known vulnerabilities in these systems, with malware specifically coded to exploit remote working services which have been implemented since COVID changed working practices.

How can it be prevented?

The key to preventing breaches like this lie in two areas – the education of staff and the configuration of systems.

Whilst always a target in any organisation, staff are at even more risk of cyber attack than usual in this current climate. A great starting point to prevent this from happening is making sure staff are aware of the way that hackers will target them and sticking to basic ‘do’s and don’t’s’, such as not clicking on links or entering credentials into web pages they are sent as links. Vigilance is key, and staff should be encouraged to seek expert advice if they are not sure what to do with an email they have received. If a member of staff does identify a suspicious email, then this should be highlighted across the business as soon as possible as it is likely that other staff have also been targeted. 

Company systems are also under greater pressure. The need to quickly implement remote working facilities means that many companies have not had the time to consider the security risks they have brought into their organisation. We suspect that it was a successful exploitation of remote working systems in some capacity that has led to the hack of Grubman Shire Meiselas & Sacks.

By default, all systems that hold company information should be protected by multi factor authentication where possible, with particular focus on services that allow workers to remotely access the corporate network. We have mentioned VPN solutions and how they may be targeted, so taking the time to make sure that these systems are security configured is essential. There are many more digital doors allowing access to company networks at this moment in time, so each needs to be locked down accordingly.

We have recently written a simple guide on how to protect your staff and company with the new world of remote working risks, which we are happy to share with anyone so please give us a call.

About us

Marclay is a London-based cyber security firm that specialises in the protection of high-profile individuals and organisations. CREST certified for cyber incident response, our skilled team of ex-UK Government cyber professionals are experts in helping businesses deal with and recover from a cyber-attack.

If you’re concerned about a data breach or you’d like to mitigate these risks in your business, please give us a call.