New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

  • implement secure controls for password changing and  MFA device configurations;
  • exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
  • remain vigilant when receiving requests from individuals and vendors regarding system access. 

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

  • Distinctions between common methods of social engineering employed by threat actors
  • Common indicators of malicious activity disguised as a legitimate communication
  • Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
  • Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon DonovanAriel SeidnerMilagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

Staying Ahead of Rampant Cyber-Attacks

Since the advent of the most rudimentary technology, criminal activity has followed. And in more recent times, the internet certainly has been no stranger to criminal enterprises. Indeed, governmental entities, companies and individuals are falling victim to all sorts of cyber-crimes on a constant basis. A look at just one criminal target drives home the rampant nature of online attacks.

Brace yourself for this – the City of London Corporation suffered almost one million cyber-attacks monthly for the first quarter of 2019, based on information obtained by Centrify as reported by info security-magazine.com. That indisputably is a phenomenal number of attacks on the local authority which oversees capital housing for a good portion of the financial center in London. Continue reading “Staying Ahead of Rampant Cyber-Attacks”

Internet Freedom and Security Statistics Across Countries

All countries are not the same when it comes to online freedom and security issues. This is borne out by recent statistics published by Richard Patterson of Comparitech.

When it comes to the amount of freedom offered by countries on the internet, a scale of 1 to 100 is implemented, with 1 being the absolute best possible, and with 100 being the worst. While the United States comes in with a relatively low score of 18, the US is not ranked the most free. Indeed, both Iceland and Estonia have a very low score of 6, with Canada next at 16, then the US at 18. Other relatively free countries include Germany at 19, Australia at 21, Japan at 22, the UK at 23, and South Africa and Italy both at 25.

Continue reading “Internet Freedom and Security Statistics Across Countries”

Politics and Elections in the Era of Cyberwarfare

Unless you are a hermit hiding out in an undiscovered cave, you are well aware that we have been in the thick of an acrimonious and difficult election cycle for the highest office in the land — the Presidency of the United States. Presidential campaigns and campaigns for other elected offices have been a struggle in prior years — given all the competing interests, priorities and strategies that constantly have to be juggled. If that were not enough, now candidates have to deal with the new reality of cyber warfare.

We have been learning from recent press reports that Russia apparently has been active in its efforts to disrupt the current presidential election in the United States. Indeed, according to a recent report by NBC News, Russia’s “cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people.” Continue reading “Politics and Elections in the Era of Cyberwarfare”

Are Election Systems Vulnerable to Upcoming Hacks?

One presidential candidate with the initials DT has claimed generally that “the system is rigged” and he has speculated in advance as to whether the election also might be rigged against him. At the first presidential debate, he did say that he would abide by the election result if the candidate with the initials HRC won the election.

But what does it mean to “win”? If the election result is a close one, and if she apparently tallies sufficient popular and electoral college votes to put her over the top, would he concede her victory if there are suggestions of hacking of voting systems? This question is posed because a recent Associated Press article asserts that hackers recently have targeted registration systems in greater than 20 states and cites a Homeland Security Department official for support for this assertion.

Continue reading “Are Election Systems Vulnerable to Upcoming Hacks?”

If Cyberwars Erupt, Will Damages Be Recoverable

Unfortunately, warfare has been part of the human experience for centuries and even millennia. Historically, wars were fought on the ground between individuals. Often, in more recent times, mass physical destruction has been caused from a distance, with bombs dropping from planes and missiles launched from remote locations.

And now, in the Internet age, wars can be waged electronically by purposely disrupting mission-critical systems of a perceived enemy state. Damages caused by such disruptions could be quite high, but there are potential international mechanisms by which such damages could be awarded.

Continue reading “If Cyberwars Erupt, Will Damages Be Recoverable”

Proposed White House Cybersecurity Incentives Could Pay Off

Cyber threats are real and they’re on the rise. In this climate, the White House is considering certain incentives for companies that follow government recommended cybersecurity measures.

While the Cyber Intelligence Sharing and Protection Act (CISPA) passed the House in April, the Obama administration’s cybersecurity program is only just taking shape, and its tentative concepts were recently unveiled.

Continue reading “Proposed White House Cybersecurity Incentives Could Pay Off”

White House Enlists Help To Get Hip To Cyber Legal Issues

Back in the day, President Bill Clinton touted the development of the “information superhighway,” and Vice President Al Gore not entirely accurately was reported to have stated that he had invented the Internet.

Since then, the Internet has exploded and grown exponentially. There have been many benefits, such as the potential to purchase a tremendous number of goods and services online, as well as the ability to communicate freely via social media portals such as Facebook and Twitter.

Continue reading “White House Enlists Help To Get Hip To Cyber Legal Issues”

Cybersecurity Bill Passes The House, But What’s Next?

The House has approved the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 624). CISPA allows private companies and the federal government to exchange information relating to cybersecurity threats.

The bill was passed in the face of some concerns that it might provide private consumer information to the government. According to Reuters, President Obama has threatened to veto the bill on the basis that it supposedly does not mandate that companies take the greatest efforts to remove personal information before providing it to the government.

Continue reading “Cybersecurity Bill Passes The House, But What’s Next?”

Lawyers Must Do More To Protect Cybersecurity

Lawyers should know how to protect information belonging to their firms and their clients, right? Well, perhaps they can do a better job, according to The Wall Street Journal. Indeed, it’s now more important than ever for lawyers’ cybersecurity skills to get up to speed.

According to the article, hackers intent on insider trading may target attorneys who handle merger and acquisition transactions. They could put links in text messages that, when clicked on smartphones, activate malware that could log keystrokes and record phone conversations.

Continue reading “Lawyers Must Do More To Protect Cybersecurity”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress