hwl ebsworth

More

‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth

  • May 25, 2023

A HWL Ebsworth spokesman said the firm became aware on Friday of an unauthorised third-party claiming it had taken a significant amount of data from the firm.

“The privacy and security of our client and employee information is of the utmost importance to us,” he said.

“As soon as we learnt of this potential incident, we acted quickly to respond to the threat and have been working with third-party experts to determine the validity of the claims, and to ensure the ongoing safety and security of our systems.”

HWL Ebsworth has notified, and is working with, the Australian Cyber Security Centre.

“At this time, we are still determining the credibility of the claims made and the potential impact to any data,” the spokesman said.

“There is no evidence that any third party is currently accessing our systems and no signs of encryption have been detected.

“We will continue to provide updates to our stakeholders, as appropriate, as new information becomes available. While investigations are ongoing, our operations are not impacted, and our focus remains on providing exceptional service for our clients to the high standards of our firm.”

If ALPHV proves to have the documents it says it obtained, it would have access to some of HWL Ebsworth’s most sensitive and valuable data. It could have repercussions for other law firms that have faced HWL Ebsworth; one of the sample documents released by ALPHV, for example, appears to have been drafted by Ashurst.

Katherine Mansted, director of cyber intelligence and public policy at CyberCX, said ALPHV have a strategy of “big game hunting” with 40 per cent of the attacks it has executed in Australia being on professional services firms.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7″ data-srcset=”https://static.ffx.io/images/$zoom_0.236%2C$multiply_3%2C$ratio_1%2C$width_378%2C$x_500%2C$y_132/t_crop_custom/c_scale%2Cw_240%2Cq_88%2Cf_auto/2caa54263d70b7fab11e8ee0e03748bcc28c4616, https://static.ffx.io/images/$zoom_0.236%2C$multiply_3%2C$ratio_1%2C$width_378%2C$x_500%2C$y_132/t_crop_custom/c_scale%2Cw_480%2Cq_52%2Cf_auto/2caa54263d70b7fab11e8ee0e03748bcc28c4616 2x” data-pb-im-config=”{"aspectRatio":1,"type":"square1x1","width":240,"urls":["https://static.ffx.io/images/$zoom_0.236%2C$multiply_3%2C$ratio_1%2C$width_378%2C$x_500%2C$y_132/t_crop_custom/c_scale%2Cw_240%2Cq_88%2Cf_auto/2caa54263d70b7fab11e8ee0e03748bcc28c4616"," https://static.ffx.io/images/$zoom_0.236%2C$multiply_3%2C$ratio_1%2C$width_378%2C$x_500%2C$y_132/t_crop_custom/c_scale%2Cw_480%2Cq_52%2Cf_auto/2caa54263d70b7fab11e8ee0e03748bcc28c4616 2x"]}”/

Katherine Mansted, director of cyber intelligence and public policy at CyberCX. 

“They’re

Read the rest
More

Australian law firm HWL Ebsworth hit by Russian-linked ransomware attack | Data and computer security

  • May 10, 2023

The Australian commercial law firm HWL Ebsworth has fallen victim to a ransomware attack, with Russian-linked hackers claiming to have obtained client information and employee data.

Late last week, the ALPHV/Blackcat ransomware group posted on its website that 4TB of company data had been hacked, including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map.

The news was first reported by the Australian Financial Review.

Blackcat was one of the top three ransomware groups targeting Australia according to a recent study by cybersecurity firm Palo Alto Networks. The group operates as a “ransomware-as-a-service” product for hire, and has been active since late 2021. Cybersecurity company Sophos said that the group had consistently targeted large organisations.

The group previously hacked similar customer data from real estate firm LJ Hooker late last year.

Sophos said last year the attackers have broken into networks by exploiting vulnerabilities in unpatched or outdated firewall or virtual private network devices.

Professional and legal services is one of the top targeted industries for such attacks, the Palo Alto study stated, with Australia the most targeted in the Asia-Pacific region.

Guardian Australia has sought comment from HWL Ebsworth.

After the cyber-attacks on Optus and Medibank last year, the federal government has moved to beef up cybersecurity in Australia, including more resources for the Australian federal police and the appointment of a national cybersecurity coordinator.

In a speech earlier this month, the home affairs and cybersecurity minister, Clare O’Neil said the Australian government saw groups acting for financial gain as “public enemy No 1”.

skip past newsletter promotion
Read the rest