Risk Update

(Security Week) Malware Edition — Potential Catastrophes and Actual “Panics”

Why Hidden Malware May Be Potential National Catastrophe” —

  • “Another class of company being targeted aggressively by these super stealthy offerings are law firms. Speculation is–given these are mostly very large firms that do lots of M&A–that the effort is to get insider trading information. This is less of a global threat, but it would potentially be a firm killer, because the Securities and Exchange Commission typically takes a very dim view of anyone who participates in insider trading.”
  • “The SEC clearly could source the compromised law firm that was the cause of an identified insider trading event. Thinking more broadly, what will the clients of that firm do if/when they find that all their confidential information on that firm’s servers was now public?”
  • “This not only could kill the law firm, but it could do massive damage to the firm’s clients. Since we are talking about some of the largest law firms in the U.S., that devastation could be massive.”

Also making news recently is the malware attack on Wolters Kluwer, which provides software (and houses data) for accountants, lawyers and other professionals. Vendors matter: “A malware attack against accounting software giant Wolters Kluwer is causing a ‘quiet panic’ at accounting firms” —

  • “A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.”
  • “Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site.”
  • “A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to ‘limit any possible exposure’ to the malware attack through the accounting giant’s technology connections to the software company.”