FBI Announces Increased Focus on Illegal Financial Transactions Involving Cryptocurrency

Share

Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals.

In an effort to deter the use of cryptocurrencies in furtherance of criminal activity, the Federal Bureau of Investigation recently announced the formation of a Virtual Asset Exploitation Unit (VAXU). The VAXU will combine various investigatory, technical, and analytical resources, and the unit is charged with tracking the illicit use of cryptocurrencies and assisting in their seizure. This announcement follows close on the heels of the recent U.S. Department of Justice appointment of veteran federal prosecutor Eun Young Choi as the first director of the newly-created National Cryptocurrency Enforcement Team (NCET).

Continue reading “FBI Announces Increased Focus on Illegal Financial Transactions Involving Cryptocurrency”

FTC Warns Companies to Fix Vulnerabilities Associated with Log4j

Share

The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action.

Log4j is used to record activities in a wide range of systems, sites, and software found in online products and services. Recently, a serious vulnerability in this popular software was discovered. This vulnerability poses a severe risk to millions of users. Most importantly, the Log4j vulnerability is being widely exploited by a growing set of attackers.

Continue reading “FTC Warns Companies to Fix Vulnerabilities Associated with Log4j”

Capping Cyber Casualties: Steps to Avoid Cyberattacks Flowing From Hostilities in Ukraine

Share

Recognizing that cyberattacks have already commenced and could spread beyond the Russian-Ukrainian battlefield, organizations can take several steps to protect themselves. They can recognize the risk. Then organizations can assess likely cyber threats and vulnerabilities, build resilience and take preventive actions, to avoid becoming another casualty in a conflict that already has too many.

Continue reading “Capping Cyber Casualties: Steps to Avoid Cyberattacks Flowing From Hostilities in Ukraine”

U.S. Cybersecurity Officials Issue New Warning Regarding Threats to Critical Infrastructure

Share

On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint advisory, warning of an increasing cybersecurity threat posed by Russian state-backed threat actors to U.S. critical infrastructure.

Continue reading “U.S. Cybersecurity Officials Issue New Warning Regarding Threats to Critical Infrastructure”

Discerning Data Cyber Vulnerability Alert: Log4j

Share

According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library.

Read the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)’s guidance on the Log4j vulnerability here.

Continue reading “Discerning Data Cyber Vulnerability Alert: Log4j”

New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks

Share

With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor Authentication (MFA) and cybersecurity frameworks.

On December 7, 2021, NYDFS issued a formal Industry Letter entitled Guidance on Multi-Factor Authentication. According to the Industry Letter, MFA “is an essential part of cybersecurity hygiene . . . which is why it was one of the few technical controls explicitly required by” the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (the Cybersecurity Regulation). However, the Industry Letter goes on to note that “MFA weaknesses are the most common cybersecurity gap exploited at financial services companies,” most often due to MFA “being absent, not fully implemented, or configured improperly.” Specifically, NYDFS noted that, from January 2020 to July 2021, more than 18.3 million consumers were impacted by cybersecurity incidents reported to NYDFS that were linked to an MFA failure.

Continue reading “New York Department of Financial Services Issues New Guidance on Multi-Factor Authentication and Cybersecurity Frameworks”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy