A boutique law firm based in Victoria is believed to be the latest local business to fall victim to this week’s global cyber assault.
Lawyers Weekly understands that Victorian firm Zaparas Lawyers has been stung by the high-profile cyber attack that began in Europe on Tuesday morning.
It is believed that the hack has sent emails out to contacts on behalf of the boutique personal injury law firm, with a hyperlink included in the contents of the fake email directing recipients to provide the login details for their own email account.
Lawyers Weekly was unable to obtain an official comment about the incident at the time of publication, however understands that the firm considers the email dispatch to have been part of the major cyber attack that hit companies, governments and airports worldwide, including global law firm DLA Piper.
According to a cyber crime expert from the University of New South Wales, companies and organisations have fair warning that a hack of this type is imminent.
Associate Professor Richard Buckland from the School of Computer Science and Engineering said he was surprised that people had not taken adequate precautions against the hack given that a patch to address the exposed security entry point had been made available on the market.
He added that people should have acted to protect themselves following the comparable cyber attack, known as ‘WannaCry’, in May.
“This is something that was patched publicly by Microsoft and then caught a whole lot of people out in WannaCry, and there were people standing by watching that scenario saying, ‘Look at that – we were lucky not to get caught’, but they still didn’t patch,” Professor Buckland said.
The academic said that once cyber criminals have found a way to infiltrate an organisation, they could quickly spread a ransomware attack across a network.
He also suggested that while there are many ways for hackers to gain access to an organisation’s network, and once they have found a way into the system, their victim becomes vulnerable.
“This attack is an interesting one, like the last few we’ve seen, hackers use multiple ways of getting in,” Professor Buckland said.
“The cyber criminals were doing it to make money so they would try one way to gain access, and then they would try another and another. I guess that it was experimental in the sense that they didn’t know if it was going to work or how well,” he said.
Questions put to Zaparas Lawyers about the timing of the hack, the reach of the corrupt email and the firm’s response to the breach went unanswered.
The family business has four Victorian offices located in Oakleigh, Cranbourne, Preston and St Albans.
According to the Zaparas Lawyers’ firm website, husband and wife duo Peter and Lia Zaparas founded the company 36 years ago. Their three children who are all lawyers, Yianni, Paul and Zoe Zaparas, later joined the personal injury firm.
The hit taken by Zaparas is one example of how cyber attacks can catch small and large law firms indiscriminately. Irrespective of size, everyone is susceptible to being attacked, with Professor Buckland stressing that companies must do more than simply self-educate about the risk of a breach.
He said that implementing and rehearsing an incident response plan is critical.
“For example, this attack started on Tuesday in Europe and it was night time in Australia when this was being reported.
“Firms who are good and awake and switched on would have known not to turn on their machines the next day, they would have just gone and shut everything down. I imagine some people didn’t do that and so got caught,” Professor Buckland said.
DLA Piper, who has previously warned clients about the wide-ranging cyber security risks they face, appeared to act in the aftermath of this week’s attack just as Professor Buckland advised.
A statement posted to the firm’s website said: “We are currently dealing with a serious global cyber incident. We have taken down our systems as a precautionary measure which will mean you are currently unable to contact us by email or landline. Our people continue to be available on their usual mobile/cell phone numbers.”
Professor Buckland said that while it is clear the corporate world is beginning to take cyber security seriously, the latest breach shows that even sophisticated players are not properly covering themselves.
He also noted that the corporate world should look to how the military approaches its cyber security incident response plans and incorporate practice drills in the same way routine fire evacuations are carried out.
“There is a culture shift going among c-suite people thinking, ‘Actually this is core business, this is survival of the fittest sort of stuff,’” Professor Buckland said.
“This is going to catch you no matter what you do to prepare.
“But the shocking thing about this week’s attack is that people are not preparing themselves – not only preparing by putting in patches but by backing up all of their data,” he said.
Update: Zaparas Lawyers provided a statement to Lawyers Weekly on Friday 30 June, hosing down the assertion made by one of its personnel that an email phishing scam was connected to last week’s global cyber incident. Read more.