In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and in the face of national security concerns, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has instituted extensive sanctions, including both economic and trade sanctions. Also, in response to the national security concerns, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up notice, urging companies to bolster their cybersecurity to protect themselves against the threat of a cyberattack.
As the conflict between Russia and Ukraine continues, the threat of a cyberattack, specifically ransomware and NotPetya-style attacks, remains top of mind. However, as entities continue to bolster their cybersecurity and protect themselves against these attacks, they should be cognizant of the implications that OFAC sanctions may have in connection with such an attack.
Continue reading “Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List”
On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary penalty against Carnival Cruise Line, Princess Cruise Lines, Holland America Line, Seabourn Cruise Line, and Costa Cruise Lines (“Carnival Companies”), for violations of NYDFS’s Cybersecurity Regulation, 23 NYCRR Part 500 (“Part 500”). In addition to the $5 million monetary penalty, the Carnival Companies also surrendered their insurance producer licenses and agreed to cease selling insurance to residents of New York.
According to the Consent Order, between 2019 and 2021, the Carnival Companies were the subject of four separate cybersecurity events, including ransomware and phishing attacks. All four of the cybersecurity events led to the exposure of nonpublic personal information (NPI) of both consumers and employees, including such information as names, addresses, birth dates, passport numbers, and in some instances, other sensitive information such as social security numbers and health information.
Continue reading “New York Department of Financial Services Announces $5 Million Penalty in Most Recent Cybersecurity Enforcement Action”
According to several recent media reports, malicious cyber actors have begun to utilize four new types of cyberattacks as part of their current destructive repertoire. The website www.databreachtoday.com noted that these new attacks are “significantly reshaping the threat landscape that CISOs have to deal with.”
These four new emerging cyberattacks are identified as:
- Defensive Evasion;
- Triple Extortion;
- Wiper Malware; and
- Accelerated Exploit Chain.
Continue reading “Discerning Data Cyber Vulnerability Alert: Four Emerging Cyber Threats”
Social engineering attacks are at the core of all cyberattacks, as threat actors use many different types of psychological manipulation to kick off their cyberattacks. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss welcomes Peter Baldwin — who focuses his practice in white collar criminal investigations and cyber-incident response — and they explore the ins and outs of social engineering attacks, how to identify them and how to defeat them.
In this episode with a special twist, Pete takes the “host microphone” and chats with Jason, who takes on the role of podcast guest tackling a number of questions, including:
- What are the main underlying pillars of a social engineering attack? What is their foundation and what makes them successful?
- How do the more common social engineering attacks work? Such as phishing, spear phishing, whaling, business email compromises, dumpster diving, smishing, vishing, catfishing, gas lighting and SIM swapping?
- What are the top targets in health care, financial services and manufacturing?
- What are some good defenses to help people prevent many of the more common social engineering attacks?
Russia’s invasion of Ukraine has created a host of challenges for the U.S. government to address, including the need to prepare for potential Russian cyberattacks and questions about how to handle Russian connections to supply chains and government contracts. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Faegre Drinker partners Dana Pashkoff and Jessica Abrahams to unpack the thorny issues at the nexus of Russia, cybersecurity and U.S. government activity.
Continue reading “Russia, Cybersecurity & Government Contracting – Faegre Drinker on Law and Technology Podcast”
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S. healthcare sector.
Continue reading “HHS Ransomware Report Details Revival of Dangerous LOTL Cyberattack”