find the latest legal job
Senior Associate - Litigation & Dispute Resolution
Category: Litigation and Dispute Resolution | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Come work for a firm ranked in Lawyers Weekly Top 25 Attraction Firms
View details
Associate - Workplace Relations & Safety
Category: Industrial Relations and Employment Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Employer of choice · Strong team culture
View details
Freelance Lawyers
Category: Banking and Finance Law | Location: All Perth WA
· Freelance opportunities through Vario from Pinsent Masons
View details
Freelance Lawyers
Category: Other | Location: All Adelaide SA
· • Qualified lawyer with a strong academic background
View details
Freelance Lawyers
Category: Other | Location: All Melbourne VIC
· • Qualified lawyer with a strong academic background
View details
Claims hackers hit Victorian personal injury law firm

Claims hackers hit Victorian personal injury law firm

Hacking, cyber security

A boutique law firm based in Victoria is believed to be the latest local business to fall victim to this week’s global cyber assault.

Lawyers Weekly understands that Victorian firm Zaparas Lawyers has been stung by the high-profile cyber attack that began in Europe on Tuesday morning.

It is believed that the hack has sent emails out to contacts on behalf of the boutique personal injury law firm, with a hyperlink included in the contents of the fake email directing recipients to provide the login details for their own email account.

Lawyers Weekly was unable to obtain an official comment about the incident at the time of publication, however understands that the firm considers the email dispatch to have been part of the major cyber attack that hit companies, governments and airports worldwide, including global law firm DLA Piper.

According to a cyber crime expert from the University of New South Wales, companies and organisations have fair warning that a hack of this type is imminent.

Associate Professor Richard Buckland from the School of Computer Science and Engineering said he was surprised that people had not taken adequate precautions against the hack given that a patch to address the exposed security entry point had been made available on the market.

He added that people should have acted to protect themselves following the comparable cyber attack, known as ‘WannaCry’, in May.

“This is something that was patched publicly by Microsoft and then caught a whole lot of people out in WannaCry, and there were people standing by watching that scenario saying, ‘Look at that – we were lucky not to get caught’, but they still didn’t patch,” Professor Buckland said.

The academic said that once cyber criminals have found a way to infiltrate an organisation, they could quickly spread a ransomware attack across a network.  

He also suggested that while there are many ways for hackers to gain access to an organisation’s network, and once they have found a way into the system, their victim becomes vulnerable.

“This attack is an interesting one, like the last few we’ve seen, hackers use multiple ways of getting in,” Professor Buckland said.

“The cyber criminals were doing it to make money so they would try one way to gain access, and then they would try another and another. I guess that it was experimental in the sense that they didn’t know if it was going to work or how well,” he said.

Questions put to Zaparas Lawyers about the timing of the hack, the reach of the corrupt email and the firm’s response to the breach went unanswered.

The family business has four Victorian offices located in Oakleigh, Cranbourne, Preston and St Albans.

According to the Zaparas Lawyers’ firm website, husband and wife duo Peter and Lia Zaparas founded the company 36 years ago. Their three children who are all lawyers, Yianni, Paul and Zoe Zaparas, later joined the personal injury firm.

The hit taken by Zaparas is one example of how cyber attacks can catch small and large law firms indiscriminately. Irrespective of size, everyone is susceptible to being attacked, with Professor Buckland stressing that companies must do more than simply self-educate about the risk of a breach.

He said that implementing and rehearsing an incident response plan is critical.

“For example, this attack started on Tuesday in Europe and it was night time in Australia when this was being reported.

“Firms who are good and awake and switched on would have known not to turn on their machines the next day, they would have just gone and shut everything down. I imagine some people didn’t do that and so got caught,” Professor Buckland said.

DLA Piper, who has previously warned clients about the wide-ranging cyber security risks they face, appeared to act in the aftermath of this week’s attack just as Professor Buckland advised.

A statement posted to the firm’s website said: “We are currently dealing with a serious global cyber incident. We have taken down our systems as a precautionary measure which will mean you are currently unable to contact us by email or landline. Our people continue to be available on their usual mobile/cell phone numbers.”

Professor Buckland said that while it is clear the corporate world is beginning to take cyber security seriously, the latest breach shows that even sophisticated players are not properly covering themselves.

He also noted that the corporate world should look to how the military approaches its cyber security incident response plans and incorporate practice drills in the same way routine fire evacuations are carried out.

“There is a culture shift going among c-suite people thinking, ‘Actually this is core business, this is survival of the fittest sort of stuff,’” Professor Buckland said.

“This is going to catch you no matter what you do to prepare.

“But the shocking thing about this week’s attack is that people are not preparing themselves – not only preparing by putting in patches but by backing up all of their data,” he said.

Update: Zaparas Lawyers provided a statement to Lawyers Weekly on Friday 30 June, hosing down the assertion made by one of its personnel that an email phishing scam was connected to last week’s global cyber incident. Read more.

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

Claims hackers hit Victorian personal injury law firm
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
microphone
Oct 20 2017
Podcast: One of law’s most infamous alumni – in conversation with Julian Morrow
In this episode of The Lawyers Weekly Show, Melissa Coade is joined by The Chaser’s Julian Morrow....
protest
Oct 20 2017
High Court overturns ‘excessive’ anti-protest legislation
Bob Brown’s recent victory in the High Court over the Tasmanian government was a win for fundament...
Blocked
Oct 20 2017
Changes to Australian citizenship laws blocked
Attempts to beef up the requirements to obtain Australian citizenship were thwarted this week, after...
APPOINTMENTS
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
opinion
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
Help
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...