Lapsed domain names paint "hack me" target on law firms
by Rob Beschizza from on (#3XJVD)
Law firms are singularly bad at technology, yet present a singularly delicious target to hackers. One particular vulnerability comes from all their abandoned domain names, which Gabor Szathmari writes "pose a significant cyber risk to the legal profession."
Domain name abandonment allows cybercriminals to gain access to, or reset passwords for online services and profession-specific portals. These online services store documents, emails and other information relating to a legal practice, including financial details, personal information, confidential information and client-legal privileged information. ...In short, bad actors can re-register an abandoned domain of a business and take full control of email services configuring it to: receive email correspondence sensitive in nature; and use the email accounts to reset passwords to online services.