We have written on previous occasions about the rise in frequency and severity of Business Email Compromise (BEC) cyberattacks. As explained in other posts, BEC attacks are a type of phishing scam typically targeting companies in order to fraudulently direct payments of money to accounts associated with the attackers. Attackers typically target high-level executives or employees with access to financial systems. After the BEC attack, victims have typically had difficulty recovering the fraudulently misdirected funds, which are usually moved to offshore accounts very quickly.
However, a recent court decision in Virginia may have provided a roadmap for some BEC victims to seek compensation from the financial institutions that facilitate the fraudulent transfers of money. In Studco Bldg. Sys. US, LLC v. 1st Advantage Fed. Credit Union, WL 1926747 (2023), a United States District Court Judge held that one of the financial institutions involved in facilitating a BEC payment did not act in a commercially reasonable manner in allowing the transaction to take place. Because the financial institution acted negligently, the victim of the BEC was awarded a judgment of $558,868.71
Continue reading “Federal Court Holds Bank Liable For Business Email Compromise Losses”
In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and in the face of national security concerns, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has instituted extensive sanctions, including both economic and trade sanctions. Also, in response to the national security concerns, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up notice, urging companies to bolster their cybersecurity to protect themselves against the threat of a cyberattack.
As the conflict between Russia and Ukraine continues, the threat of a cyberattack, specifically ransomware and NotPetya-style attacks, remains top of mind. However, as entities continue to bolster their cybersecurity and protect themselves against these attacks, they should be cognizant of the implications that OFAC sanctions may have in connection with such an attack.
Continue reading “Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List”
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S. healthcare sector.
Continue reading “HHS Ransomware Report Details Revival of Dangerous LOTL Cyberattack”
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the federal government. The bill, also known as the “Strengthening American Cybersecurity Act of 2022,” passed the Senate by unanimous vote on March 1. It then passed the House of Representatives and was signed into law by President Biden on March 15, 2022.
Continue reading “Congress Passes New Cyber Incident and Ransomware Payment Reporting Legislation”
Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals.
In an effort to deter the use of cryptocurrencies in furtherance of criminal activity, the Federal Bureau of Investigation recently announced the formation of a Virtual Asset Exploitation Unit (VAXU). The VAXU will combine various investigatory, technical, and analytical resources, and the unit is charged with tracking the illicit use of cryptocurrencies and assisting in their seizure. This announcement follows close on the heels of the recent U.S. Department of Justice appointment of veteran federal prosecutor Eun Young Choi as the first director of the newly-created National Cryptocurrency Enforcement Team (NCET).
Continue reading “FBI Announces Increased Focus on Illegal Financial Transactions Involving Cryptocurrency”
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action.
Log4j is used to record activities in a wide range of systems, sites, and software found in online products and services. Recently, a serious vulnerability in this popular software was discovered. This vulnerability poses a severe risk to millions of users. Most importantly, the Log4j vulnerability is being widely exploited by a growing set of attackers.
Continue reading “FTC Warns Companies to Fix Vulnerabilities Associated with Log4j”