Powered by
MOMENTUM
MEDIA
The FBI warns that what law firms are currently seeing in terms of traditional cyber attacks is just the beginning, with attackers increasingly moving beyond purely digital methods to target firms in the physical world.
Law firms have been under growing pressure from cyber attacks in recent years, but the threat is no longer confined to the digital world alone.
The FBI has warned that a more aggressive and increasingly sophisticated wave of physical intrusion tactics is now emerging, blurring the line between cyber crime and real-world access.
Hackers are now blending social engineering with on-the-ground deception to bypass digital defences, at times simply walking into offices under false pretences and gaining direct access to systems onsite.
The CEO of Acre Security, Kumar Sokka, expressed how these recent FBI warnings highlight a shift in attacker behaviour that firms can no longer afford to view through a purely digital lens.
He explained that the advisory is not a broad warning about rising cyber risk, but a more targeted and concerning development involving attackers who combine impersonation and social engineering to gain access to systems – and escalate to physical entry when digital attempts fail.
“The detail in the FBI’s advisory is what makes it worth paying attention to,” he said.
“This isn’t a general ‘law firms are at risk’ message; it describes a specific group running callback phishing and impersonating a firm’s own IT department, and then, when the remote route fails, physically sending someone to the office to plug a device into a machine and walk the data out.”
“That escalation from screen to street is the part firms should sit up for.”
While law firms have spent years strengthening their defences against traditional cyber attacks, he warned that the rise of physical intrusion tactics represents a fundamental shift in the nature of risk facing professional services firms.
“It’s significant because it changes where the attack happens, not just how,” he said.
“Phishing, ransomware, and data breaches all assume a remote adversary, someone on the other side of a connection you can, in principle, monitor and cut off. An in-person intrusion collapses that distance entirely.”
Sokka stressed that the key concern is that these attacks now operate outside the traditional digital perimeter, while most firms remain underprepared to detect or respond to physical breaches in the same way they would a cyber incident.
“The adversary is standing in your reception area, and almost no firm has a detection layer for that. Your security operations team will never get an alert for a stranger being waved through to a meeting room,” he said.
With technology advancing rapidly, why are cyber attacks on law firms increasingly spilling out of the digital world and into physical, on-the-ground intrusions?
He explained that the shift is being driven by attackers who have become more adept at identifying the weakest points in law firms – not within their networks, but in their physical entry points and everyday staff interactions.
“What’s really shifted is the attacker’s read of where you’re weakest. They’ve correctly worked out that the lobby is easier to breach than the inbox,” he said.
“After years of cyber investment, the path of least resistance now runs through the front door and the people staffing it, not through a zero-day.
“That’s a meaningful reframe for an industry that has, understandably, spent its security money almost entirely on the digital side.”
Why law firms are prime targets
So why do law firms continue to be such attractive targets for cyber criminals, and why do they remain so vulnerable to attack?
Sokka pointed to three key factors driving the risk, beginning with the sheer concentration of high-value, highly sensitive information held within law firms.
“First, the data: a firm concentrates extraordinarily high-value, time-sensitive information, M&A positions, litigation strategy, client financials, in one place, so, to a criminal, a single firm is a door into dozens of clients’ secrets at once,” he said.
Beyond the value of the information itself, he highlighted the operational realities of legal practice as another major vulnerability, particularly the pace and pressure under which firms operate.
“Second, the deadline culture: when everything is urgent, people cut corners, and ‘I’m from IT, and I need to fix this before the filing’ is a very effective script,” he said.
“Third, the service culture: firms are built to be helpful and deferential; reception, paralegals, and after-hours staff are trained to accommodate, not to interrogate. For a social engineer, that’s close to ideal conditions.”
