It shouldn’t be a surprise that law firms are an attractive target for cybercriminals, as firms frequently work with critical and confidential information, intellectual property, and legal documents associated with large global corporations.
Instead of zeroing in on the clients themselves or other tangentially related parties, threat actors see large law firms and private practices as a softer and easier way to access vital information. They could search through terabytes of data within a multibillion-dollar pharmaceutical company, for example, or gain access to the information at the legal firm representing that company.