New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

  • implement secure controls for password changing and  MFA device configurations;
  • exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
  • remain vigilant when receiving requests from individuals and vendors regarding system access. 

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

  • Distinctions between common methods of social engineering employed by threat actors
  • Common indicators of malicious activity disguised as a legitimate communication
  • Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
  • Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon DonovanAriel SeidnerMilagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

Webinar: Practical Impacts of the New EU AI Act

Duane Morris will present Get Smart with AI: Practical Impacts of the New EU AI Act, a webinar on risk mitigation strategies for AI use in business, presented by the Technology, Media and Telecom Industry Group’s Artificial Intelligence Team, on Thursday, May 16, 2024, from 11:00 a.m. to 12:00 p.m. Eastern time and 4:00 p.m. to 5:00 p.m. London time. REGISTER FOR THE WEBINAR. Continue reading “Webinar: Practical Impacts of the New EU AI Act”

District Court Reaffirms Dismissal of Wiretapping Claims Under California Invasion of Privacy Act

On the heels of holding that defendants’ use of session replay software did not constitute a violation of the California Invasion of Privacy Act, Judge William Alsup in Williams v. What If Holdings LLC and ActiveProspect Inc. has now denied the plaintiff’s request for leave to amend. In doing so, the court reaffirmed its previous holding that the plaintiff’s allegations only established that ActiveProspect’s use of session replay software functioned as a tool that supported What If’s management of its own website data, and not as a means of eavesdropping and aggregating information for ActiveProspect’s own purposes.

Read the full Alert on the Duane Morris LLP website.

Staying Ahead of Rampant Cyber-Attacks

Since the advent of the most rudimentary technology, criminal activity has followed. And in more recent times, the internet certainly has been no stranger to criminal enterprises. Indeed, governmental entities, companies and individuals are falling victim to all sorts of cyber-crimes on a constant basis. A look at just one criminal target drives home the rampant nature of online attacks.

Brace yourself for this – the City of London Corporation suffered almost one million cyber-attacks monthly for the first quarter of 2019, based on information obtained by Centrify as reported by info security-magazine.com. That indisputably is a phenomenal number of attacks on the local authority which oversees capital housing for a good portion of the financial center in London. Continue reading “Staying Ahead of Rampant Cyber-Attacks”

Another State Passes Law to Protect Consumer Data

States are taking online consumer protection into their own hands given a perceived lack of sufficient protection at the federal level. Maine now has jumped in.

Indeed, Janet Mills, the Governor of Maine, just signed into law arguably one of the strongest privacy bills in the country. This law, called the Act to Protect the Privacy of Online Consumer Information and which goes into effect on July 1, prohibits internet service providers from using, selling, or distributing data from consumers without obtaining their consent. And, according to The Hill, this new state law bars internet service providers from refusing to serve consumers, penalizing consumers or offering them discounts to seek to gain their permission to sell their data.

Consumer Affairs and Privacy

This bold step by Maine follows in the footsteps of California, a state which passed a complicated online privacy law last year. That law has been both applauded by privacy activists and criticized in certain respects by the tech industry.

At first blush, the new Maine law may be even more robust than the California law. The Maine law is opt-in in nature, requiring explicit consent from consumers before internet service providers can sell their data. The California law is opt-out in effect, making consumers affirmatively request that their data not be sold. Continue reading “Another State Passes Law to Protect Consumer Data”

Too Much Screen Time Adversely Impacting Teenagers?

We keep hearing about how teenagers have gone inward. They spend more and more time staring into their televisions, computers and handheld devices. Indeed, they can be online practically anywhere, anytime. We have been told that the failure of teens to engage as much in the real world around them is having negative affects, with increasing rates of depression and anxiety, as well as heightened risks of self harm and harm inflicted on others.

But are the reported risks and impacts of increased screen time by teenagers actually based in fact? Not so much, according to a recent study by Oxford University in the journal Psychological Science and as reported by The Guardian. The bottom line conclusion of the study is that screen time has very little correlation to the psychological well-being of teenagers. Surprised? Read on. Continue reading “Too Much Screen Time Adversely Impacting Teenagers?”

Involuntary Technological Encroachment

Once upon a time, the advent of the radio was considered a major advancement, and families in the evenings would huddle together and listen to favorite radio shows. Not that much later, television became the big thing. And with TV, it was easy to sit passively by as a couch potato watching one show after another.

Indeed, there is the following joke: A man says to his wife, “Honey, if I ever became a vegetable, please pull the plug.” So, the wife walks past her husband on the couch over to the television set and pulls its plug from the wall electrical socket.

Continue reading “Involuntary Technological Encroachment”

Will California Consumers Share in Wealth From Their Online Data?

Technology companies collect all sorts of data on their users. The terms of service located on their web sites spell out for users the types of data collected and how that data will be used. The data collected from users is extremely useful for tech companies in terms of how to market to them further, and accordingly, that data has tremendous economic value.

Along comes the Governor of California, Gavin Newsom, who according to APNews.com, has announced that California consumers should share in the billions of dollars that tech companies make on personal data they collect. Indeed, Governor Newsom reportedly has asked his aides to come up with a proposal for what has been referred to as a “data dividend” for California residents. However, it is not clear whether he envisions a tax on tech companies, refunds to users, or some other idea.

Continue reading “Will California Consumers Share in Wealth From Their Online Data?”

Stealing Your Online Face – Online Truth Suffers Another Blow

What is “real” and what is “fake” in terms of online content we review? This has become a major, if not dominant, concern with respect to the reliability of what we see on the internet. Are suggested “facts” really true? Do we really know the actual source of material posted on the internet?

And now our worry in this area should be heightened by the development of face-swapping videos. For example, FakeApp can be utilized to create altered videos by inserting faces of people into these videos, as reported in detail by Business Insider. This face-swapping technique has been used by many people just for fun. As an example, Nicholas Cage’s image was inserted to have him becoming Lois Lane in a Superman movie (perhaps Nicholas Cage was not amused).  Continue reading “Stealing Your Online Face – Online Truth Suffers Another Blow”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress