FBI Alerts on Silent Ransom Group’s In‑Person Data Theft Targeting U.S. Law Firms
What Happened – The FBI’s latest flash alert warns that the Silent Ransom Group (SRG) is now augmenting its phishing‑based extortion campaigns with physical‑presence data theft. Actors pose as IT staff, obtain remote‑desktop access, and if that fails they dispatch a “field operative” to the victim’s office to plug a USB or external drive into a workstation and steal files.
Why It Matters for TPRM –
- Physical‑access attacks bypass many traditional network controls, exposing third‑party data that may be stored on on‑premise systems.
- Law firms handle privileged client information; a breach can trigger professional‑ethics violations, regulatory fines, and reputational damage for both the firm and its service providers.
- The hybrid social‑engineering/physical‑access model signals a broader trend: threat actors are blending cyber and “red‑team” tactics to overcome remote‑only defenses.
Who Is Affected – Professional services (law firms, legal departments) and their downstream vendors (e‑discovery platforms, cloud document repositories, payroll/HR providers).
Recommended Actions –
- Verify that all third‑party vendors enforce strict physical‑security policies (visitor logs, badge controls, escorted access).
- Conduct tabletop exercises that include a “USB‑drop” scenario to test employee response to unsolicited IT support calls.
- Deploy endpoint protection that blocks unauthorized removable‑media usage and alerts on anomalous remote‑desktop sessions.
Technical Notes – Attack vector combines phishing/social engineering (impersonation of IT staff) with physical USB insertion to exfiltrate data. No specific CVE is cited; the threat hinges on human trust and lax physical controls. Source: BleepingComputer