New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

  • implement secure controls for password changing and  MFA device configurations;
  • exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
  • remain vigilant when receiving requests from individuals and vendors regarding system access. 

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

  • Distinctions between common methods of social engineering employed by threat actors
  • Common indicators of malicious activity disguised as a legitimate communication
  • Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
  • Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon DonovanAriel SeidnerMilagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

Embracing Artificial Intelligence in the Energy Industry

Last year, President Joe Biden signed Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” Since the issuance of the executive order, a lot of attention has been focused on the provision requiring “the head of each agency with relevant regulatory authority over critical infrastructure … to assess potential risks related to the use of AI in critical infrastructure sectors involved, … and to consider ways to mitigate these vulnerabilities.” Naturally, government agencies generated numerous reports cataloging the well-documented risks of AI. At the same time, nearly every company has implemented risk-mitigation guidelines governing the use of artificial intelligence. To be sure, the risks of AI are real, from privacy and cybersecurity concerns, to potential copyright infringements, to broader societal risks posed by automated decision-making tools. Perhaps because of these risks, less attention has been focused on the offensive applications of AI, and relatedly, fewer companies have implemented guidelines promoting the use of artificial intelligence. Those companies may be missing out on opportunities to reduce legal risks, as a recent report by the Department of Energy highlights.

Read The Legal Intelligencer article by Duane Morris partners Phil Cha and Brian H. Pandya

UK National Security & Investment Bill

Over the past decade, the UK has seen foreign direct investment worth three-quarters of a trillion dollars. One of the key elements of the UK government’s strategy for 2021 and beyond must inevitably be to maintain and enhance the UK’s attractiveness as a place to invest and conduct business.

To read the full text of this Duane Morris Alert, please visit the firm website.

We also direct your attention to another Alert discussing the issue of foreign direct investment in Europe in a broader context influenced by the COVID-19 pandemic.

Your Smartphone: Friend or Foe?

Wherever we go these days, whether at work, at home, in restaurants, outside, or practically anywhere else, people reflexively go to their smartphones constantly.

Why? Because those little handheld devices can accomplish so much. We can send communications across various platforms, conduct business tasks, check on the news, shop, participate in social media, listen to music, watch videos, and the list goes on and on. Continue reading “Your Smartphone: Friend or Foe?”

What Trends Are Shaping Blockchain In The Legal Industry? 7 Experts Share Their Insights

Photo of attorney Daniel Tarr
Daniel Tarr

Nobody should feel smarter than their lawyer. Whether you’re on death row or in a corporate boardroom, legal counsel should provide you with peace of mind. This becomes impossible with one sniff of incompetence or uselessness.

The need for relevancy will drive blockchain adoption in the legal industry. As customers learn how blockchain (and smart contracts in particular) improve security, they may seek out lawyers who understand it too.

[…]

“The biggest trend that will shape blockchain use and adoption in the legal industry is the increased use of artificial intelligence in the legal industry.  The rise of AI solutions and products to assist in contract drafting, litigation, and other legal services will require the use of secure tracking and storage systems that can be directly integrated with the AI solutions. Blockchain is well positioned to fulfill that requirement.”

To read the full text of this article quoting Duane Morris attorney Daniel Tarr, please visit the Disruptor Daily website.

 

Another State Passes Law to Protect Consumer Data

States are taking online consumer protection into their own hands given a perceived lack of sufficient protection at the federal level. Maine now has jumped in.

Indeed, Janet Mills, the Governor of Maine, just signed into law arguably one of the strongest privacy bills in the country. This law, called the Act to Protect the Privacy of Online Consumer Information and which goes into effect on July 1, prohibits internet service providers from using, selling, or distributing data from consumers without obtaining their consent. And, according to The Hill, this new state law bars internet service providers from refusing to serve consumers, penalizing consumers or offering them discounts to seek to gain their permission to sell their data.

Consumer Affairs and Privacy

This bold step by Maine follows in the footsteps of California, a state which passed a complicated online privacy law last year. That law has been both applauded by privacy activists and criticized in certain respects by the tech industry.

At first blush, the new Maine law may be even more robust than the California law. The Maine law is opt-in in nature, requiring explicit consent from consumers before internet service providers can sell their data. The California law is opt-out in effect, making consumers affirmatively request that their data not be sold. Continue reading “Another State Passes Law to Protect Consumer Data”

Executive Order Addresses Foreign Threats to U.S. Information and Communications Technology and Services Systems

On May 15, 2019, President Donald Trump signed Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain” (Federal Register Vol. 84. No. 96, page 22689-92).

Supported by various laws and regulations, the president determined that the United States’ information communication technology systems are increasingly under threat from “foreign adversaries,” defined as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” These systems and services are targets for “malicious cyber-enabled actions, including economic and industrial espionage” as they “store and communicate vast amounts of sensitive information, facilitate the digital economy, and support critical infrastructure and vital emergency services.”

To read the full text of this Duane Morris Alert, please visit the firm website.

Emailgate — Here We Go Again!

Long before votes were cast for the 2016 Presidential election, this blogger discussed how Hillary Clinton’s government-related emails that were sent and received on private servers could become a thorn in her political side.

Why?

Because government records must be maintained as government records so, among other reasons, they can be open and available to public review. Indeed, laws like the Freedom of Information Act maintain that to have a vital and truly functioning democracy, those who govern must be accountable to the governed; the workings of government must be transparent pursuant to “sunshine” laws. Sunshine is the best disinfectant when it comes to government affairs. Continue reading “Emailgate — Here We Go Again!”

Politicians Seek Greater Online Consumer Privacy Protections

The Congressional mid-term elections are coming up. There is ample current discussion about whether the Republicans can hold onto majorities in both the Senate and the House of Representatives. Many Democrats believe that they have a strong chance of taking over as the majority party in the House, and some think that they may even take the Senate majority, but that latter potential achievement will be far more difficult, as many more Democrat Senators are up for reelection than Republican Senators.

If the Democrats take over as the majority party in the House, CNET reports that they plan to urge broad internet privacy protections. Representative Ro Khanna from Silicon Valley has drafted an “Internet Bill of Rights.” At this point, this document is not a bill, but instead puts forward ten principles that Khanna reportedly wants to become part of a comprehensive legislative package that could be considered by Congress in 2019.  Continue reading “Politicians Seek Greater Online Consumer Privacy Protections”

Email Is Not Dead; Gmail Rolls Out New Features

Long ago in internet time, email was hip and was the next big thing. No longer did we have to shove paper into fax machines to send relatively quick communications, nor did we have to wait for the paper to spit out from such noisy machines when receiving fast-breaking information. Instead, in paperless fashion, we could send and receive emails right from our own computers, and then laptops, tablets, and phones.

But technology continues to evolve. And as internet time went by, email no longer was cool, and by some was considered to be a dinosaur. Why? Because along came texts and the vast assortment of social media means of communication, like instant messaging, Snapchat, WhatsApp messages, Facebook posts, Twitter tweets, and the list goes on and on. And there were concerns about email hacks and lack of security.  Continue reading “Email Is Not Dead; Gmail Rolls Out New Features”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress