Professional firms targeted by cyber-attack gang

target hit by arrow

Ever searched online for a free template, to save time reinventing the wheel? We’ve probably all done it, even if just for an invitation template. But there are dangers, particularly for professional firms, as recently reported in Threatpost.

Cyber attackers have hijacked some websites offering business agreement templates for professionals, such as; solicitors and accountants.

Needing to create an agreement, the unsuspecting victim working for an organisation searches the web, finds a website offering free templates, clicks a link to download what they think is a template—but it is, in fact, ransomware. The ransomware encrypts the data on their system, so it can’t be accessed by the business, and the attackers demand a ransom before they’ll consider restoring the data.

Law firms and accounting firms are prime targets for this kind of attack, due to the nature of their work and of the highly sensitive data that they hold as a result.

This is a two-pronged attack: the attackers have used vulnerabilities in various WordPress websites to hijack them, replacing the intended download with the malicious one. Then they’ve used best practice search engine optimization techniques, to get these infected websites to the top of the search engine listings. This is for particular search terms that would be highly relevant to their targets. Meaning these sites are more likely to be clicked on by potential victims, as most people only look at the first page of search results.

To protect your business from this kind of attack, you should avoid downloading free templates if at all possible. If you must search for and download documents, you should have a vetting process in place for downloads.

For example, you could use the VirusTotal website to scan the file before you download it. Don’t download the file yourself until you know it is safe. Copy the download link by right-clicking and selecting ‘copy link/copy link address/copy link location’ (depending on your browser) and then paste it into the box on the URL tab at VirusTotal – Home. Then, VirusTotal will scan the file for you, and report on its findings.

Helpfully, some anti-virus products will also check files for malware before allowing you to open them. Check whether your chosen product will do this, and that if it does, that the feature is enabled.

To protect your own website from being hijacked in such a way that it poses a threat to others, you should make sure it is as secure as possible. We’ve outlined how to secure a WordPress website in a recent newsletter but you should talk to your own website developer too.

If you’d like more advice or help in securing your business, please contact us at Click and Protect via email or on 0112 733 6230.