New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

  • implement secure controls for password changing and  MFA device configurations;
  • exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
  • remain vigilant when receiving requests from individuals and vendors regarding system access. 

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

  • Distinctions between common methods of social engineering employed by threat actors
  • Common indicators of malicious activity disguised as a legitimate communication
  • Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
  • Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon DonovanAriel SeidnerMilagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

The Internet Can Help When It Comes To The Coronavirus

Modern life of planes, trains and automobiles brings people together in close physical proximity like never before. Once upon a time, and actually not that long ago in human history, most people never saw anyone else outside of their own village or tribe. Those days are gone, and now we frequently are exposed to people from other cities, states, and countries. That is all well and good for the most part in terms of business and pleasure, except, of course, when it comes to the transmission of communicable diseases.

Just a couple months ago, most Americans had not even heard of the coronavirus which began in China and then started to spread. Now we are bombarded 24/7 with news, facts and fiction about the virus on television, radio, news sites, social media, podcasts and in everyday conversation. We are told that the coronavirus is highly contagious, is spreading exponentially, is a pandemic, could be with us for quite some time, and poses grave health dangers for at risk segments of populations. Continue reading “The Internet Can Help When It Comes To The Coronavirus”

What To Do About CDA Section 230 And ISP Immunity?

Section 230 of the Communications Decency Act (CDA) became law long ago when it comes to internet time, way back in the 1990s. The main thrust of the CDA was an effort by Congress to regulate indecent content posted online. Section 230 was included within the CDA to provide general immunity to Internet service providers with respect to third-party content posted on their sites. While the indecency regulatory aspect of the CDA was struck down by the United States Supreme Court as violating the First Amendment, Section 230 survives to this day and has been the critical legal backbone that has allowed a good part of the Internet to flourish, especially social media. Continue reading “What To Do About CDA Section 230 And ISP Immunity?”

Internet Companies Must Take Down Anti-Government Content in Vietnam

Question: How free is the internet? Answer: Less than free in certain countries. Further answer: And becoming even less free in other countries — witness Vietnam, discussed briefly below.

At the start of this month, a law went into effect in Vietnam that mandates removal of online content considered offensive to the Vietnamese government. According to SoyaCincau.com, the law was put on the books “under the pretenses” of Cybersecurity, but what it actually does is require the takedown of content deemed “toxic” by the government.

Continue reading “Internet Companies Must Take Down Anti-Government Content in Vietnam”

Internet Controls — Thwarting Terrorism or Silencing Dissent?

When the internet exploded beyond the early confines of US military and academic communications in the late-1990s, the US Congress believed that the internet should grow and flourish relatively unfettered by potential litigation and government regulation. This was reflected in Section 230 of the Communications Decency Act, which generally provides that internet service providers are not liable for content posted by third parties on their websites.

However, the pendulum may be swinging in the other direction in the US, as there have been concerns about false information posted online by foreign interests that has been intended to influence elections. There also has been worry about the ability of terrorists and other bad actors to organize and develop plans of harm and destruction by utilizing the internet to further those negative pursuits.

Other countries share the foregoing worries. And there have been some consequent tightening controls on the internet. Of course, there is a balance to be struck. On the one hand, there is a merit to seeking to prevent harm by terrorists. On the other hand, internet restrictions should not be implemented to thwart valid free speech, dissent and organization while seeking improperly to consolidate governmental societal control. Continue reading “Internet Controls — Thwarting Terrorism or Silencing Dissent?”

Tech Acumen: Many Companies Falling Behind

Corporate America and companies around the globe are spending vast amounts of money trying to keep up with all sorts of threats in this new digital age. So, how are companies really doing?

Unfortunately, not so well. Indeed, according to PwC’s 2017 Digital IQ Survey, as reported by PR Daily, barely more than half of IT executives from the US and 52 other countries reported that their companies have a “strong digital IQ.” This is down from 67 percent so reporting in 2016, and 66 percent in 2015. Continue reading “Tech Acumen: Many Companies Falling Behind”

Breaking Out of the Social Media Loop

Every single day, billions of people spend countless seconds, minutes, and hours on social media. Why?

This occurs in part because it is the business of social media companies to do their best to hold you captive. They want their sites to be “sticky,” so that you spend your time (and ultimately your money) there.

Thus, at bottom, as businesses that have as their appropriate mission the duty to maximize profits for shareholders, they compete fiercely for the attention of social media users.

Continue reading “Breaking Out of the Social Media Loop”

We Need Internet Stop Signs

Has our ability to stay present in the real world largely been destroyed by the internet? If so, how has that happened? If we erected internet “stop signs” would we be better off?

While we were saturated with different sources of information, news, and entertainment as recently as the Twentieth Century, those sources had naturally occurring stop cues that allowed us to pause and consider disengaging from the sources.  Continue reading “We Need Internet Stop Signs”

Addicted to the Internet?

When we think of addictions, we typically think of alcohol and drugs. But, are many of us addicted to the internet? The answer apparently is a resounding “yes.”

Indeed, according to a study conducted by scientists in Italy and the United Kingdom, habitual internet users often experience heightened heart rates and blood pressure when they go offline. And, according to an article posted on Scroll.in, these physical changes are similar to those found in people who cease their frequently used sedatives and opioid drugs.  Continue reading “Addicted to the Internet?”

Internet Freedom and Security Statistics Across Countries

All countries are not the same when it comes to online freedom and security issues. This is borne out by recent statistics published by Richard Patterson of Comparitech.

When it comes to the amount of freedom offered by countries on the internet, a scale of 1 to 100 is implemented, with 1 being the absolute best possible, and with 100 being the worst. While the United States comes in with a relatively low score of 18, the US is not ranked the most free. Indeed, both Iceland and Estonia have a very low score of 6, with Canada next at 16, then the US at 18. Other relatively free countries include Germany at 19, Australia at 21, Japan at 22, the UK at 23, and South Africa and Italy both at 25.

Continue reading “Internet Freedom and Security Statistics Across Countries”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress