chevron-down Created with Sketch Beta.

GPSolo eReport

GPSolo eReport December 2023

Can My Computer Get Infected with Malware Just by Surfing the Web?

Wells Howard Anderson and Ashley Hallene

Summary

  • Ransomware criminals are targeting legal professionals by poisoning search results on the web.
  • Solo and small law firms have modest budgets for cybersecurity and may not have the protection against website landmines.
  • Remote browser isolation (RBI) technology can automatically isolate suspicious email links to prevent users from being exposed to potentially malicious web content.
  • Aria is an artificial intelligence browser tool created by the browser developer Opera, which can be trained to write in your style.
Can My Computer Get Infected with Malware Just by Surfing the Web?
Steve Cicero via Getty Images

Jump to:

Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.

This month, we answer readers’ questions about how you might be putting your confidential data at risk just by surfing the web, and how to train AI to write documents in your own style.

Q: I’ve Heard That My Computer Could Get Infected Just by Surfing the Web. What Should I Watch Out For?

A: In a new 2023 campaign, ransomware criminals began targeting legal professionals by poisoning search results on the web. Let’s say you search for useful forms using a legal term and click on a top-ranking search result. You risk downloading both the form and ransomware.

Attacking Legal Organizations of All Sizes

The Blackcat ransomware gang floods the Internet with malicious web pages and infected advertisements. They stuff their phony pages with 3.5 million occurrences of targeted search words and phrases. Most of them are legal terms.

The gang effectively poisons legal search results. Their pages rank high in search engines such as Google. So, legal organizations of all sizes become targets, not just the big law firms whose data breaches make the headlines.

For example, clicking on a search result takes a legal professional to what appears to be a forum page. On the page is a download link offering a document relevant to the search term. Clicking that link triggers the malware Gootloader. It brings down a ZIP file containing a hidden JavaScript file. The hidden file launches ransomware or opens a back door to the computer.

Targeting Legal Professionals

Half of the Gootloader attacks strike the legal sector.

Joe Stewart, a principal security researcher at eSentire, observed, “This [is] what I call a landmine approach. They’re just mining the entire web with these search keywords and just waiting for somebody in the legal profession, or somebody who needs this legal document, to just stumble on it and open it up. . . .”

The vast majority of files dropped by Gootloader set off ransomware.

Small Firm Risks

Ilia Kolochenko, chief architect at ImmuniWeb, observed that law firms are often small, composed of one or two people, so they lack the cybersecurity knowledge of the larger firms. “Solo practitioners and small law firms are usually poorly protected, having very modest budgets for cybersecurity,” said Kolochenko.

Protection Against Malicious Web Pages

Antivirus companies do their best to keep up with the criminals, quarantining known bad files and blocking malicious programs based on behavior. You need antivirus protection to detect those known dangerous files and behaviors. But, sadly, the hackers keep winning. Large numbers of their continually altered files make it through antivirus services to cause harm.

Cloudflare, a web performance and security company, advises, “remote browser isolation (RBI) technology . . . can automatically isolate suspicious email links to prevent users from being exposed to potentially malicious web content.”

RBI integrated into web browsers offers the same protection against both infected search results and phishing emails. If you click on a bad link, whoa!, you see a warning screen and maybe an option to safely view a screenshot of the dangerous webpage.

The features and pricing of RBI products vary. Researchers at the RBI companies are constantly updating and expanding their analytic technologies. They identify never-before-seen threats based on the techniques used by criminals to design their phony websites.

Examples of RBI subscription services include:

Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120, www.securemyfirm.com—we protect small firms from cyber threats with affordable, multiple layers of defense.

Q: How Can I Train AI to Write Documents in My Own Style?

A: Did you know that Aria, an artificial intelligence browser tool created by the browser developer Opera, can be trained to write in your style? You can ask Aria to write emails, tweets, or any other type of text in the specific style you want. Aria’s My Style feature allows users to submit to Aria examples of their writing that reflect their tone and voice. The AI then processes them as it would text defined as Shakespeare, Poe, or other authors, giving the AI program the ability to reproduce an individual’s natural style for tasks such as reviews or professional emails. If you prefer not to upload samples of your own writing style, you can specify the style that you would like Aria to adopt.

To do this, open your Opera browser. On the left edge of the browser, you will see a column of menu icons; click the Aria icon. In the top right corner, you will find a bluish-purple box with a “+” in the center; click that to start a new chat. At the bottom of the chat window is a box waiting for your prompt. To the left of it is a pen icon. Click on that to adjust the Compose settings. Here, you can define the writing task as a blog post, email, essay, presentation, social post, speech, or article. Next, you will put a description in for the writing task (similar to the prompt that you enter in the main window). Then, you can select the tone you are going for (formal, informal, neutral, academic, business, or funny). The next option is the customized My Style setting. You will see the words Define My Style followed by a “+” icon on the same line. Clicking the “+” opens the My Style window. Here, you can train Aria AI by completing these tasks:

  1. Write a formal letter of complaint (to a restaurant, hotel, cinema, etc.) expressing your displeasure in five to ten sentences.
  2. Write a product review about an item you recently purchased in four to eight sentences.
  3. Write a casual text message to a friend about your plans for the weekend.

Copy and paste the requested number of sentences that reflect your style and click Save. You may have to do this again when you reset the AI, so you should save your answers in a place where you can easily copy them again to paste them back into the window. You can also set the length of what you are looking for (short, medium, or long.)

When everything is ready, click Generate and be amazed! (But be sure to proofread the resulting text carefully. AIs are known to “hallucinate,” making up statements that are false.)

Techie: Ashley Hallene, JD, GPSolo eReport Editor-in-Chief ([email protected]).

What’s YOUR question?

If you have a technology question, please forward it to Managing Editor Rob Salkin ([email protected]) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Ashley Hallene, Al Harrison, and Matthew Murrell. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.

Please send in your questions today!

    Authors