Cyberattacks Against the Legal Sector Increase in 2022

Imperva Threat Research released new data that shows cyberattacks in Australia have grown significantly in both frequency and severity in 2022, at a rate that outpaces the global average.

Cyberattacks against law and government increased 27% in H1 2022 

Law and government are among the top sectors targeted in Australia. Incidents targeting law and government increased by 27% in the first half of 2022 (compared to H2 2021). The most common risks for Australian law and government organisations are automated threats and remote code execution (RCE) / remote file inclusion (RFI).

Cyberattacks against Australian organisations increased by 81% between July 2021 and June 2022

Imperva Threat Research found cyberattacks [1] against Australia have increased by 81% between July 2021 and June 2022. The severity of these attacks has also increased, with critical attacks [2] more than tripling (227%) between August 2021 and May 2022. Both increases are above the global trend during the same period of time.

The data suggests that cybercriminals consider Australia and its citizens as lucrative targets. This aligns with a recent Credit Suisse Research Institute (CSRI) report, which found Australia is the richest country in the world in terms of median wealth per adult.

“Cybercriminals are targeting the personal data of Australians for financial gain - to sell, to hold, to ransom, or to commit financial fraud and scams,” says Reinhart Hansen, Director of Technology, Office of the CTO, Imperva. “During the pandemic, many organisations inadvertently created more opportunities for these bad actors by rushing their online implementations and transformation projects. Often, shortcuts were taken that left applications, APIs and data vulnerable to exploitation.

“We’re seeing a large uptick in common, automated attacks that hackers are reusing against Australian targets. They are looking for known weaknesses and vulnerabilities in applications and APIs to gain access to the data repositories that sit behind them. Their ultimate aim is to exfiltrate data at a scale that will allow them to build citizen profiles that are used as the basis of their illegal activity.”

Automated threats are usually carried out by bad bots, software applications that run automated tasks with malicious intent. Bots are commonly used for attacks in all industries because it’s easy for attackers to aim bad bots at the information they want to steal. According to the 2022 Imperva Bad Bot Report, financial sites are heavily targeted by bad bots conducting account takeover attacks (ATO), carding, and other forms of financial fraud.

RCE allows attackers to execute malicious code on a targeted device and can be used to get a wealth of information out of a system. RCE can be modified to fit any target and can be combined with social engineering attacks, Multi-Factor Authentication (MFA) bombing, or malware to gain easier access to the target’s system.

The threats that have increased the most against law and government organisations in H1 2022 are protocol manipulation, authentication bypass and path traversal / LFI.

“These findings underscore the need for Australian organisations to invest in security that better aligns with the modern data-driven enterprise,” continued Hansen. “Today’s threat landscape requires data-centric security that spans from the network edge to applications and APIs and all the way down to the data itself. Only by protecting data and all paths to that data can organisations truly defend their critical systems and maintain trust with customers, both of which are essential for success in the digital economy.”

Additional Information

For more information and data, read this blog: Imperva Threat Research Show Cyber Attacks on the Rise in Australia. For further data and analysis on the global cyber threat landscape across data and applications, visit the Imperva Cyber Threat Index.

[1] Attacks cover any security incident – a cluster of security events triggered by any application security solution– that’s caught by Imperva Web Application and API Protection (WAAP).

[2] Imperva has three severity categories: critical, major, or minor. Critical incidents are determined based on the number of events, types of attacks used, URL attributes, and the attack tools used against a target.

About Imperva

Imperva is a comprehensive digital security leader on a mission to empower organisations to protect their data and all paths to it. Customers around the world trust Imperva to protect their applications, data, and websites from cyberattacks. Imperva Threat Research and the global intelligence community keep Imperva ahead of the threat landscape and seamlessly integrate the latest security, privacy, and compliance expertise into their solutions.

Also Read: Unstoppable Legal Industry Amid Sanctions (Part 2)

Subscribe to the Legal Practice Intelligence fortnightly eBulletin. Follow the links to access more articles related to the business of law and legal technology.    

Disclaimer:  The views and opinions expressed in this article do not necessarily reflect the official policy or position of Novum Learning or Legal Practice Intelligence (LPI). While every attempt has been made to ensure that the information in this article has been obtained from reliable sources, neither Novum Learning or LPI nor the author is responsible for any errors or omissions, or for the results obtained from the use of this information, as the content published here is for information purposes only. The article does not constitute a comprehensive or complete statement of the matters discussed or the law relating thereto and does not constitute professional and/or financial advice.

Back to blog