London Law Firm Cyber-Attack: Urgent Warning for Financial Organisations | GBAF

London Law Firm Cyber-Attack: Urgent Warning for Financial Organisations | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Finance > HOW FINANCIAL ORGANISATIONS CAN AVOID INFECTING CLIENTS AND PARTNERS WITH MALWARE

HOW FINANCIAL ORGANISATIONS CAN AVOID INFECTING CLIENTS AND PARTNERS WITH MALWARE

Published by Gbaf News

Posted on January 8, 2018

10 min read

Last updated: January 21, 2026

Moldovan leader discusses gas crisis in Transdniestria region - Global Banking & Finance Review — Image depicting the urgent gas supply crisis in Moldova's Transdniestria region, highlighting the call for assistance from the central government amid rising humanitarian concerns.

By Greg Sim, CEO, Glasswall Solutions

A cyber-attack on a London law firm just before Christmas stands as a stark warning for any financial organisation.

Greg Sim

Greg Sim

Would-be fraudsters penetrated the cyber defences of the London firm Anthony Gold Solicitors and sent out 1,600 phoney emails to clients, pretending to be from the company. With a subject line “Action Required – Matter for Attention” recipients were asked to open an “urgent” attachment in a bid to persuade them to reveal log-in details and thereby open themselves up to fraud.

While the company apologised and launched an investigation, clients were left feeling uneasy, even if nobody appears to have lost out.In the comments section of the Law Society Gazette following this attack, one of the Anthony Gold clients said he had been expecting an email about money the firm was due to pay him and so clicked on the link given. He also ran a scan (presumably after being contacted by the firm) and found his conventional anti-virus software detected nothing, which is hardly surprising since this type of technology cannot pick up new malware variants or the minute alterations to file-structures that cybercriminals now employ.

Another recipient, who had worked at Anthony Gold, described the quality of the emails as very realistic. Other clients went online to declare their unhappiness with the firm’s response. It was not a great day for the business and sadly, is a classic example of how cybercriminals are using professional organisations as hubs from which to defraud clients. Creating convincing emails, the hackers include attachments that have malicious code hidden either in the active elements of the file or, as is increasingly the case, in its structure.

The key question for any financial organisation is how can it avoid a similar fate? There was nothing unique to the legal world about this attack and it could just as easily have been perpetrated on a bank or insurer where email attachments flow in and out all day long.

All client lists and supply chains are being put at risk by old-fashioned anti-virus technology

It is important to recognise that cyber risk is moving much more heavily into the supply chain now. Criminals are fully aware that organisations are only as safe as their least-secure partners and that clients and their employees implicitly trust professional businesses.

If financial organisations continue to rely on traditional anti-virus technology, however, they run the risk of either being victims of cyber fraud or extortion, or of unknowingly dispersing malicious code to the thousands of client or supplier addresses the hackers want to target. Newly-written code can now sneak through anti-virus systems and trick their way through sandboxing applications by switching themselves off and on. No longer can traditional solutions detect these malicious pieces of code, since they have not been assigned the “signatures” on which the anti-virus industry depends.

If the financial sector continues to rely on a combination of anti-virus solutions and encryption to maintain security, it will have little or no defence against the millions of new malware variants being launched every year. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, but the biggest sources of danger are the zero-day attack triggers inside the structures of common files such as PDFs, Excel and Word. These are threats that traditional anti-virus technology cannot detect.

The upshot of all this is that the financial sector must wake up to the dangers and become more innovative about cyber security technology. The focus has to be on solutions that tackle the menace of phishing emails containing phoney attachments. We know that more than 90 percent of successful cyber-attacks commence when someone receives a cunningly personalised or disguised email and unknowingly opens a PDF, Word, PowerPoint or Excel file that has been subtly altered.

Innovation is the answer in the shape of file-regeneration technology

Experience shows that file-regeneration is the sole means by which organisations can prevent themselves being turned into malware hubs. Towards the end of last year Glasswall found that unexplained code was being written into some of the thousands of documents two law firms sent out to clients and business partners.

In the first incident, code was being inserted into documents by the law firm’s PDF-writing software. At the second firm, the document scanner was incorporating unauthorised code into the structure of digital files it was generating.

In the event it proved to be purely anomalous but it was only detected because each firm has installed file-regeneration technology that examines every out-bound file. This technology will conduct byte-level examinations of each document in fractions of second, generating a ‘known good’ clean and sanitised version that can be used in total safety.The technology has already detected a minute, two-byte change hidden by criminals inside a PDF file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack As a zero-day attack this would bypass traditional signature based security software.

Once files have been sanitised, email traffic continues in full confidence, having been cleaned of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.

In the absence of technologies such as file-regeneration,f inancial organisations are severely jeopardising themselves, their clients and their partners. One of those commenting on the Anthony Gold attack sympathised and speaking from experience said such incidents led to “days of hell”. For any financial organisation there could be innumerable “days of hell” unless it adopts a more innovative approach to email security.

By Greg Sim, CEO, Glasswall Solutions

A cyber-attack on a London law firm just before Christmas stands as a stark warning for any financial organisation.

Greg Sim

Greg Sim

Would-be fraudsters penetrated the cyber defences of the London firm Anthony Gold Solicitors and sent out 1,600 phoney emails to clients, pretending to be from the company. With a subject line “Action Required – Matter for Attention” recipients were asked to open an “urgent” attachment in a bid to persuade them to reveal log-in details and thereby open themselves up to fraud.

While the company apologised and launched an investigation, clients were left feeling uneasy, even if nobody appears to have lost out.In the comments section of the Law Society Gazette following this attack, one of the Anthony Gold clients said he had been expecting an email about money the firm was due to pay him and so clicked on the link given. He also ran a scan (presumably after being contacted by the firm) and found his conventional anti-virus software detected nothing, which is hardly surprising since this type of technology cannot pick up new malware variants or the minute alterations to file-structures that cybercriminals now employ.

Another recipient, who had worked at Anthony Gold, described the quality of the emails as very realistic. Other clients went online to declare their unhappiness with the firm’s response. It was not a great day for the business and sadly, is a classic example of how cybercriminals are using professional organisations as hubs from which to defraud clients. Creating convincing emails, the hackers include attachments that have malicious code hidden either in the active elements of the file or, as is increasingly the case, in its structure.

The key question for any financial organisation is how can it avoid a similar fate? There was nothing unique to the legal world about this attack and it could just as easily have been perpetrated on a bank or insurer where email attachments flow in and out all day long.

All client lists and supply chains are being put at risk by old-fashioned anti-virus technology

It is important to recognise that cyber risk is moving much more heavily into the supply chain now. Criminals are fully aware that organisations are only as safe as their least-secure partners and that clients and their employees implicitly trust professional businesses.

If financial organisations continue to rely on traditional anti-virus technology, however, they run the risk of either being victims of cyber fraud or extortion, or of unknowingly dispersing malicious code to the thousands of client or supplier addresses the hackers want to target. Newly-written code can now sneak through anti-virus systems and trick their way through sandboxing applications by switching themselves off and on. No longer can traditional solutions detect these malicious pieces of code, since they have not been assigned the “signatures” on which the anti-virus industry depends.

If the financial sector continues to rely on a combination of anti-virus solutions and encryption to maintain security, it will have little or no defence against the millions of new malware variants being launched every year. The threats within JavaScript, Flash, encrypted and embedded files may be well-known, but the biggest sources of danger are the zero-day attack triggers inside the structures of common files such as PDFs, Excel and Word. These are threats that traditional anti-virus technology cannot detect.

The upshot of all this is that the financial sector must wake up to the dangers and become more innovative about cyber security technology. The focus has to be on solutions that tackle the menace of phishing emails containing phoney attachments. We know that more than 90 percent of successful cyber-attacks commence when someone receives a cunningly personalised or disguised email and unknowingly opens a PDF, Word, PowerPoint or Excel file that has been subtly altered.

Innovation is the answer in the shape of file-regeneration technology

Experience shows that file-regeneration is the sole means by which organisations can prevent themselves being turned into malware hubs. Towards the end of last year Glasswall found that unexplained code was being written into some of the thousands of documents two law firms sent out to clients and business partners.

In the first incident, code was being inserted into documents by the law firm’s PDF-writing software. At the second firm, the document scanner was incorporating unauthorised code into the structure of digital files it was generating.

In the event it proved to be purely anomalous but it was only detected because each firm has installed file-regeneration technology that examines every out-bound file. This technology will conduct byte-level examinations of each document in fractions of second, generating a ‘known good’ clean and sanitised version that can be used in total safety.The technology has already detected a minute, two-byte change hidden by criminals inside a PDF file structure in order to crash the recipient’s reader so that malicious code would trigger a malware attack As a zero-day attack this would bypass traditional signature based security software.

Once files have been sanitised, email traffic continues in full confidence, having been cleaned of all malicious code. The intelligence derived from this technology also gives organisations vital insights into the nature of the threats they are facing and how criminals are adapting code or shifting vectors.

In the absence of technologies such as file-regeneration,f inancial organisations are severely jeopardising themselves, their clients and their partners. One of those commenting on the Anthony Gold attack sympathised and speaking from experience said such incidents led to “days of hell”. For any financial organisation there could be innumerable “days of hell” unless it adopts a more innovative approach to email security.