The legal and professional services (LPS) sector continues to face heightened cybersecurity threats, according to new findings from QBE.
The white paper outlines how evolving tactics, geopolitical influence, and technology adoption are reshaping the sector’s risk landscape, particularly for firms operating across Asia Pacific.
Ransomware remains a key threat vector, with attacks frequently disrupting operations in the LPS space.
QBE noted an increase in the number of LPS entities named on dark web leak sites in 2024, although the overall value of ransom payments has declined from US$1.25 billion in 2023 to US$813 million this year.
The decline in payments may reflect both improved organisational resilience and the growing reluctance to negotiate with attackers.
Nonetheless, threat actors continue to focus on service providers within business ecosystems, aware that disruptions can cascade across multiple firms and clients.
The whitepaper highlighted how the sector’s dependence on managed service providers (MSPs) and other third-party vendors has made it vulnerable to indirect breaches.
A ransomware attack in late 2023 on UK-based MSP CTS, which supports legal practices, halted operations for numerous firms due to inaccessibility of case-related data.
These events underscore the systemic risk posed by critical suppliers, particularly in Asia-Pacific markets where outsourcing is prevalent.
QBE’s analysis revealed a growing reliance by cybercriminals on zero-day exploits, citing the MOVEit file transfer vulnerability that affected several global consultancies and insurers. These attacks often circumvent traditional defences due to their novel nature and lack of immediate patches.
Cloud infrastructure is another area of concern. Threat actors are increasingly leveraging credentials and misconfigured access to infiltrate cloud environments, exfiltrate data, or deploy ransomware using native platform features.
The paper also noted an increase in collaboration between criminal networks and state-backed actors. These hybrid operations often blur the distinction between espionage and financially motivated attacks.
Notably, North Korean and Iranian groups have been associated with ransomware deployments following data exfiltration.
Such activity complicates attribution and underscores the strategic value cyber attackers place on professional services as a vector for broader intelligence or monetary gains.
AI is significantly enhancing the ability of cybercriminals to conduct sophisticated phishing and impersonation schemes. Tools powered by AI have enabled attackers to craft credible business email compromise (BEC) messages at scale, increasing their reach and effectiveness.
According to QBE, firms in the LPS sector are particularly vulnerable due to their frequent financial interactions and trusted status with clients. In some cases, threat actors impersonate legal professionals or finance staff to intercept or redirect payments.
To address these evolving threats, QBE advises that firms operating in the region:
Firms are also urged to update their incident response plans and ensure these include guidance on ransomware, supply chain breaches, and AI-enabled threats.
