Silent Ransom Group Uses Fake IT Support Calls and In‑Person Visits to Target U.S. Law Firms
What Happened — The FBI has issued a warning that the criminal outfit known as Silent Ransom Group is conducting a multi‑vector social‑engineering campaign against U.S. law firms. Attackers combine phishing emails, spoofed “IT support” phone calls, and on‑site impersonation of technology staff to trick employees into revealing credentials and handing over sensitive client data, which is then leveraged for ransomware extortion.
Why It Matters for TPRM —
- Social‑engineering attacks bypass technical controls, exposing gaps in vendor‑managed access processes.
- Law firms often handle highly confidential client information; a breach can cascade to downstream vendors and partners.
- The use of physical impersonation expands the attack surface beyond digital channels, demanding broader security governance.
Who Is Affected — Professional services firms, specifically U.S. law practices and any third‑party providers (e.g., cloud hosts, document‑management platforms) that support them.
Recommended Actions —
- Verify all IT support requests through a pre‑established, out‑of‑band channel.
- Conduct phishing‑simulation training focused on “IT support” scenarios for legal staff.
- Review and tighten third‑party access policies, especially for remote support vendors.
- Deploy MFA for privileged accounts and monitor for anomalous privileged activity.
- Incorporate physical‑security checks for any unscheduled on‑site visits claiming to be technical staff.
Technical Notes — Attack vector: PHISHING combined with social engineering (spoofed phone calls and physical impersonation). No known software vulnerability or CVE is involved; the campaign relies entirely on human‑factor exploitation. Source: TechRepublic Security