top of page
Abstract Background_edited_edited.jpg

Cyber Criminals Target Law Firms

Updated: May 6, 2023

Cyber-criminals are focusing their campaigns on law firms. Cyber threat intelligence, as recent as December 2022, shows that law firms face an increased risk of cyber-attacks through watering hole websites, posing a significant threat to their clients and their sensitive information.

This attack is often difficult to detect by the website owners and the victims, and the victims may not even know their computers are infected.

A watering hole attack is a type of cyber-attack where attackers target a specific group of people by infecting websites that are commonly visited by such professional groups.

The attackers use sophisticated techniques to infect these websites, often exploiting website code vulnerabilities. Once the website is infected, the attackers created malicious content on vulnerable websites, such as unauthorized blog posts, download links to documents, etc.

The attacker then improved the Internet search engine results to the infected website content. The attackers then waited for the victims to visit the infected site content to download malicious documents such as agreement templates, legal filings, etc. Once downloaded, the victim opens the file, executing malicious code on their computer or network.

This attack is often difficult to detect by the website owners and the victims, and the victims may not even know their computers are infected.

Recent threat intelligence specifically identified watering hole websites frequented by lawyers, legal assistants, or other legal professionals. The types of websites infected included legal news sites, legal research sites, legal blogs, notary public services, court filing repositories, and more.

Content downloaded from seemingly legitimate websites may still contain malicious documents.

With the malicious content executed, the victim's computer now contained a Remote Access Trojan (RAT) — the initial phase of a cyber-attack, which gives the attacker remote access to the victim's computer.

This is quickly followed by attacker with installing additional toolsets to steal confidential information, such as client data, passwords, case files, and financial information, or initiate a ransomware attack.

By utilizing proactive measures and deliberately implementing reasonable cyber risk mitigation efforts, you contribute significantly to protecting sensitive information.

Proactive Discovery has made it its mission to put a cyber security resource in your corner so you can focus on your business. Proactive Discovery provides a fully managed cyber risk mitigation service that operates on a 24x7x365 monitor and response model. Our team of cyber security professionals is focused on preventing, detecting, and removing cyber threats. Before now, this level of cyber risk mitigation was only available to large corporations with big security budgets and departments. We are now making the same enterprise-level cyber risk mitigation capabilities a reality for boutique firms and small businesses.

We're all vulnerable to cyber-attacks.

Start your cyber risk mitigation journey by scheduling a free consultation at or visit our fully-managed RESOLUTE cyber risk mitigation service page for more details.

Stay safe and secure out there!



RESOLUTE is a fully-managed cyber risk mitigation service that helps boutique and SMB (small to medium-size business) organizations protect, mitigate, and prepare against constantly evolving cyber threats.

bottom of page