Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Professional Services Sector Under Attack - Trustwave SpiderLabs Report 2024

Recent research by Trustwave SpiderLabs, detailed in their newly published report "2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies," reveals a surge in ransomware, supply chain, and technologically sophisticated attacks aimed at the professional services industry.

This industry, encompassing consulting, business, management, accounting, and legal services, is particularly vulnerable to cyber threats due to its wealth of sensitive information. This information includes everything from intellectual property and legal documents to personal data of clients, all of which are lucrative targets for cybercriminals. Such data can be exploited for sale on the Dark Web or as a springboard for further malicious activities.

"In today's digital landscape, a cybersecurity breach for professional services firms isn't just an inconvenience, it can be catastrophic," said Trustwave Global CISO Kory Daniels. "The financial losses from recovery, legal fees, and potential fines are just the tip of the iceberg. The severe reputational damage can erode years of client trust and stall future business. Operational disruptions, employee stress, and increased regulatory scrutiny further compound these challenges. This is why robust cybersecurity is no longer optional, it's a critical priority for these information-rich firms.

The impact of a cyberattack extends beyond the immediate physical disruption or downtime of a firm; it carries the risk of significant reputational harm that could irreparably damage a business's operational capabilities. Moreover, professional services firms are often bound by stringent compliance mandates at various governmental levels. Violations or exploitations resulting from cyber incidents can lead to severe financial penalties and increased pressure on both the business and its executives.

 

The Threats Facing Professional Services

The Trustwave SpiderLabs report notes that many threats facing professional services providers overlap with those with which the healthcare, financial, manufacturing, and other sectors deal. However, each threat has a slightly different spin in this category.

  • Ransomware: Professional services and legal entities have experienced a significant surge in ransomware attacks, with at least 142 firms being victimized over the past year with the US being hardest hit. This is likely because professional services firms and legal companies from the US are often seen as prime targets for ransomware attacks due to their perceived financial resources compared to businesses in other regions. This supposed capability leads cybercriminals to believe these firms are more likely to pay larger ransoms to swiftly restore access to critical data and reduce operational disruptions, thereby increasing their attractiveness as targets for extortion.

  • Supply Chain Exposure: Cybercriminals are increasingly targeting trusted third-party vendors used by professional services and legal firms. This approach allows them to gain a backdoor into the target companies' data through a less secure vendor. Since these firms often act as third parties themselves and rely heavily on various external software, consultants, and contractors, it creates numerous potential entry points for attackers.

  • Emerging Technology: By adopting new technology or moving to the cloud, professional services firms have inadvertently opened themselves up to attacks. Trustwave SpiderLabs noted that merging technologies often lack a mature security track record, meaning vulnerabilities may not be fully understood or patched creating a larger attack surface for cybercriminals to exploit. For example, several professional services firms have experienced security issues after migrating to cloud platforms, often due to misconfigured cloud storage settings, inadequate access controls, or employee training on cloud security best practices.

Interestingly, Trustwave SpiderLabs found Lockbit and Blackcat/ALPHV among the most active threat actors, although this may change in the future as each was disrupted by recent law enforcement actions. These groups remain the top two most active ransomware operators, with only slight differences in the frequency of reported incidents. The third position is now occupied by the 8Base group.

All attack groups use the same bag of tricks for attacking professional service organizations as other sectors. Phishing, Business Email Compromise, exploiting vulnerabilities, various types of malware, and gaining access via access and data brokers who operate on the Dark Web. However, while the tactics are similar, threat groups put a special spin on them when used against a professional services firm.

For example, Trustwave SpiderLabs researchers have monitored attorney impersonation scams. Attorney impersonation involves pretending to be a legal representative of a vendor company or law firm to deceive victims with fake invoices, directing payments to attackers' bank accounts. Scammers use a similar method, pretending to be debt recovery officers, and esignature platforms like DocuSign and Adobe Sign, commonly used in professional services circles, luring people into clicking malicious links.

Additional examples, along with security recommendations and mitigations, are included in the report.

 

Trustwave SpiderLabs Industry Report Series

The professional services sector report is the latest in a series researched and published by Trustwave SpiderLabs. Please visit these for an in-depth analysis of the security issues facing each industrial sector:

Please download the 2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies for all the background details on these threats, the groups behind them, and how to properly defend your professional services firm.

Latest SpiderLabs Blogs

Cloudy with a Chance of Hackers: Protecting Critical Cloud Workloads

If you've been following along with David's posts, you'll have noticed a structure to the topics: Part I: The Plan, Part II: The Execution and now we move into Part III: Security Operations. Things...

Read More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More

Using AWS Secrets Manager and Lambda Function to Store, Rotate and Secure Keys

When working with Amazon Web Services (AWS), we often find that various AWS services need to store and manage secrets. AWS Secrets Manager is the go-to solution for this. It's a centralized service...

Read More