Three Chinese criminal hackers made $4 million by gaining access to insider information from law firms. The firms that were infiltrated have yet to be disclosed by prosecutors.
Malware was used to hack into the email accounts of several legal firms, where the criminals could access emails that contained confidential information about upcoming mergers and acquisitions of several large organizations. With this valuable insider information, the three men were able to strategically purchase and trade stocks to gain maximum returns.
One of the emails revealed a deal between Intel and Altera, a global provider of logic devices and digital circuits. The men purchased more than 200,000 shares in early February 2015, which they sold when the stock price peaked with the release of the acquisition, making around $1.4 million in profit. In total, the hackers made over $4 million from the information they stole.
Law firms are prime targets
“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” U.S. Attorney Preet Bharara said.
Firms must take actions to protect themselves and their clients. Clients need to be able to trust their information is confidential and protected at all costs. Having a strong information security management system (ISMS) with cybersecurity controls is not just a necessity but gives firms an advantage over their competitors.
Protect your firm
Attacks not only occur because of system vulnerabilities but the human error factor also plays a role. The international standard ISO 27001 offers a holistic approach to information security that encompasses people, processes, and technology. It provides an ISMS framework that ensures security measures cover the entire organization. Having a technological solution only works if you can rely on employees not to open phishing emails and click on malicious attachments.
Click here for more free information on information security and ISO 27001 >>