The Silent Ransom Group is targeting U.S. law firms through social engineering attacks, including fake IT support calls, to gain access to sensitive data and demand ransoms. Cybersecurity firm Mandiant warns that these attacks can lead to data theft within hours and emphasize the need for strict verification procedures and employee training to combat such threats.
The Silent Ransom Group's latest tactics involve sophisticated social engineering attacks on law firms, using invoice-themed phishing emails and follow-up IT support calls to gain access to sensitive data. For cybersecurity professionals, it is crucial to implement strict verification processes for IT interactions, restrict tools that allow remote access, and train employees to recognize phishing attempts. These steps are vital to safeguarding against data theft and extortion, especially given the aggressive nature of the Group's operations and their quick turnaround on ransom demands.