hacking – Duane Morris TechLaw

October 10, 2024October 10, 2024 by Michelle Hon Donovan

New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

implement secure controls for password changing and MFA device configurations;
exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
remain vigilant when receiving requests from individuals and vendors regarding system access.

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

Distinctions between common methods of social engineering employed by threat actors
Common indicators of malicious activity disguised as a legitimate communication
Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon Donovan, Ariel Seidner, Milagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

September 12, 2019 by Eric J. Sinrod

Your Smartphone: Friend or Foe?

Wherever we go these days, whether at work, at home, in restaurants, outside, or practically anywhere else, people reflexively go to their smartphones constantly.

Why? Because those little handheld devices can accomplish so much. We can send communications across various platforms, conduct business tasks, check on the news, shop, participate in social media, listen to music, watch videos, and the list goes on and on. Continue reading “Your Smartphone: Friend or Foe?”

September 25, 2018 by Eric J. Sinrod

U.S. Seeks to Thwart Foreign Cyber Adversaries

Concerns about foreign hackers have been heightened since the 2016 presidential election, given that various U.S. intelligence agencies reported foreign Internet efforts to influence that election. And with mid-term Congressional elections coming up, those concerns have not abated. Continue reading “U.S. Seeks to Thwart Foreign Cyber Adversaries”

September 12, 2017September 12, 2017 by Eric J. Sinrod

How to Respond to the Huge Equifax Hacking

By now, you likely have learned that Equifax suffered tremendous hacking. Specifically, as Equifax recently announced, hackers took advantage of a website application vulnerability to access records during a several-month period from May through July of this year. Not only did these hacking activities take place over an extended period of time, but as many as a whopping 143 million consumers in the United States may have been impacted. How so? Their personally identifiable information may have been compromised, including Social Security numbers, addresses, drivers license numbers, and birth dates.

So, what should U.S. consumers do in response to the Equifax hacking?

Continue reading “How to Respond to the Huge Equifax Hacking”

July 6, 2017July 6, 2017 by Eric J. Sinrod

Are Nuclear and Energy Sectors at Risk of Hacking?

Most of us are aware that our personally identifiable information, like our credit card numbers, are at risk when retailers are hacked. However, there may be even greater risks. Indeed, the U.S. government has issued a recent warning about a hacking campaign targeting nuclear and energy sectors. Continue reading “Are Nuclear and Energy Sectors at Risk of Hacking?”

January 10, 2017 by Eric J. Sinrod

The Coming Tech Year

We made it through 2016. So, what’s in store in 2017 when it comes to hot tech issues? There are many hot issues, such as big data, intellectual property disputes, the sharing economy, and drones. But this blog covers the three potential biggest issues. Drum roll please — here we go!

1. Security — Cybercrime & Cyberwarfare

Hacking, hacking, hacking …

Security on the internet is the first and foremost tech issue for 2017.

Hacking is penetrating all sorts of systems. For example, individuals are vulnerable to cybercrime, as their personally identifiable information is stolen when companies are hacked.

And cyberwarfare appears to be here and now, and not just some speculation about the future. Indeed, the Senate is preparing at this moment to hold hearings about the implications of apparent Russian hacking that meddled in our recent presidential election.

This year likely will be dominated by efforts to combat threats to internet security.

Continue reading “The Coming Tech Year”

October 18, 2016October 18, 2016 by Eric J. Sinrod

Politics and Elections in the Era of Cyberwarfare

Unless you are a hermit hiding out in an undiscovered cave, you are well aware that we have been in the thick of an acrimonious and difficult election cycle for the highest office in the land — the Presidency of the United States. Presidential campaigns and campaigns for other elected offices have been a struggle in prior years — given all the competing interests, priorities and strategies that constantly have to be juggled. If that were not enough, now candidates have to deal with the new reality of cyber warfare.

We have been learning from recent press reports that Russia apparently has been active in its efforts to disrupt the current presidential election in the United States. Indeed, according to a recent report by NBC News, Russia’s “cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people.” Continue reading “Politics and Elections in the Era of Cyberwarfare”

July 28, 2015January 12, 2016 by Eric J. Sinrod

Adultery Gone Awry on the Internet

The Ashley Madison site declares on its home page that “Life is short. Have an affair.” The home page goes on to state that “Ashley Madison is the world’s leading married dating service for discreet encounters.” The site also boasts “over 38,050,000 anonymous members!” But how anonymous are those members, really?

People engage in all sorts of communications and transactions on the Internet. Generally, they like to believe that their personal information is handled confidentially. For example, if someone buys an item from Amazon, she hopes that her name, credit card information, and address will not be publicly disseminated. Continue reading “Adultery Gone Awry on the Internet”

April 21, 2015 by Eric J. Sinrod

Internet-Connected Aircraft Potentially Subject to Hack Attacks

We keep hearing about new and different ways that data can be hacked in the online and wireless world. And, generally speaking, our concern tends to be that our personally identifiable information may be stolen and misused. But that may be just the tip of the iceberg when it comes to the negative consequences of hack attacks.

Indeed, the Government Accountability Office (GAO) now is concerned about the security of modern aircraft that are more and more dependent on the Internet, as reported by The Guardian. According to a recent GAO report: “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.”

Continue reading “Internet-Connected Aircraft Potentially Subject to Hack Attacks”

September 9, 2014May 20, 2016 by Eric J. Sinrod

When Does Cybercrime Become Internet Warfare?

Since the beginning of time, unfortunately, some people have been intent on causing harm to others for their own benefit. This, of course, has been true with respect to Internet conduct. Indeed, we now live in a world in which the “black hats” are actively hacking and causing other problems in cyberspace, while the “white hats” are trying to combat these efforts.

Cybercrime is not confined within the borders of sovereign states. What happens on the Internet goes beyond national borders. After all, we are dealing with the World Wide Web. Accordingly, cybercrime has international implications.

Continue reading “When Does Cybercrime Become Internet Warfare?”