Small Texas Law Firm Used in International Cyberattack

It started a couple of days ago. The folks at the James Shelton law firm in Clarendon, Texas, about 60 miles east of Amarillo, began receiving calls. Thousands of calls from all over the place, including Canada and the U.K.

According to what’s known so far, cybercriminals apparently gained access to and used a law firm email account to email an unknown number of recipients with the subject “lawsuit subpoena.” The subject is company specific, and it asks if the “legal department” has received it yet. The email says the matter is, of course, “urgent,” and it includes a Word document attachment.

Actual email used in the cyberattack, intended to deceive recipients into clicking the attachment and downloading a malware infected payload.

In fact, the email (one was sent to our company here in Dallas) contains malware that is, according to sources, “a variant of Dridex… [It is a] virus [that] relies on macros in MS Office to propagate.”  “Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.” (emphasis added) (Source: Webopedia).

The law firm’s website now displays a warning banner about the cyberattack.

I spoke with Jim Shelton in Clarendon late this afternoon, who confirmed the attack. Working with his provider, they have disabled the email account and placed a bright red warning  banner on their website directing folks “not to click any links or download any attachments.” Jim told me he was also contacted by the State Bar of Texas, which had received calls about the email.

This attack is a serious one with the potential to cause significant damage and harm to folks who receive it and the companies they work for. If you or anyone you know receives an email like the one posted above, please do not open it and do not click on any attachments. Please do pass along word of this attack so that others might be made aware of and avoid it at all costs.

People are Worried about IoT, and that’s a Good Thing….

Apparently not everyone is super jazzed about the Internet of Things (IoT), a world in which billions of devices are ‘talking’ to one another, autonomously, silently, in the hidden background of our everyday lives.

Consumers dont trust IoT
“Even though consumers see tangible benefits of the Internet of Things (IoT) adoption, many have their doubts regarding security, trust and safety…”

According to a recently released study, “60 percent of consumers [globally] are worried about [the Internet of Things]…The biggest concerns are [privacy] (62 percent) and security (54 percent), followed by physical safety (27 percent), and not being able to fix the technology (24 percent).” (Source: betanews, “Consumers do not trust Internet of Things,” by Sead Fadilpašić, April 8, 2016, citing Mobile Ecosystem Forum (MEF)’ study entitled, “The Global Consumer Survey.”)

In the United States, the percentage of those concerned about the IoT is even higher than the global average, at 63%.

Other study findings revealed that:

  • Women are more concerned about the IoT then men (64% of women are concerned about a world where everyday objects are connected to each other and the Internet, compared to 57% of men concerned about the same);
  • Privacy is the biggest concern among those polled in the United States (70%, compared to a global average of 62%); and,
  • Of all the IoT connected devices, the smart home was of most concern to those polled (30% were concerned about connected home security and 15% about connected house doors, followed by cars, tv’s and ‘smart’ irons, 3rd – 5th on the list of concerns).
IoT Journal
“Consumers are increasingly aware of the value of the personal data they share via smart-home devices and platforms, and are wary of the security robustness of those systems…”

Another recent study seems to support these findings of consumer concern and mistrust of the IoT. “In July 2015, Intel Security hired Vanson Bourne, an independent market research provider specializing in the technology sector, to interview 9,000 consumers,” including 2,500 from the United States, regarding topics related to smart-home technology. “66 percent said they were very concerned about the security of their home being compromised by cybercriminals, while 92 percent said they are concerned about the security of their personal data that is collected and shared via smart-home platforms.” (Source: IoT Journal, “Smart Homes, Cybersecurity and Personal Data: What Consumers Care About,” by Mary Catherine O’Connor, March 31, 2016).

While it’s clear that concern about and mistrust of the Internet of Things is real and may slow adoption of the technology, that may well be a good thing, as more and more cybersecurity professionals and privacy advocates warn that the growth in IoT tech is far outpacing the security and regulation of the same. For only if we are all deliberate and careful going forward can we be sure to realize the many valuable and even life-saving solutions a world of connected devices (see connected cars, by way of example) has to offer without, at the same time, creating a vast platform for those seeking to abuse it.