Lapsed domain names paint "hack me" target on law firms

Law firms are singularly bad at technology, yet present a singularly delicious target to hackers. One particular vulnerability comes from all their abandoned domain names, which Gabor Szathmari writes "pose a significant cyber risk to the legal profession."

Domain name abandonment allows cybercriminals to gain access to, or reset passwords for online services and profession-specific portals. These online services store documents, emails and other information relating to a legal practice, including financial details, personal information, confidential information and client-legal privileged information. ...

In short, bad actors can re-register an abandoned domain of a business and take full control of email services configuring it to:

receive email correspondence sensitive in nature; and
use the email accounts to reset passwords to online services.

Loading...