In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and in the face of national security concerns, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has instituted extensive sanctions, including both economic and trade sanctions. Also, in response to the national security concerns, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up notice, urging companies to bolster their cybersecurity to protect themselves against the threat of a cyberattack.
As the conflict between Russia and Ukraine continues, the threat of a cyberattack, specifically ransomware and NotPetya-style attacks, remains top of mind. However, as entities continue to bolster their cybersecurity and protect themselves against these attacks, they should be cognizant of the implications that OFAC sanctions may have in connection with such an attack.
Continue reading “Ransomware Payments Become an Even Riskier Choice Amidst the Ever-Growing Sanctions List”
According to several recent media reports, malicious cyber actors have begun to utilize four new types of cyberattacks as part of their current destructive repertoire. The website www.databreachtoday.com noted that these new attacks are “significantly reshaping the threat landscape that CISOs have to deal with.”
These four new emerging cyberattacks are identified as:
- Defensive Evasion;
- Triple Extortion;
- Wiper Malware; and
- Accelerated Exploit Chain.
Continue reading “Discerning Data Cyber Vulnerability Alert: Four Emerging Cyber Threats”
Russia’s invasion of Ukraine has created a host of challenges for the U.S. government to address, including the need to prepare for potential Russian cyberattacks and questions about how to handle Russian connections to supply chains and government contracts. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Faegre Drinker partners Dana Pashkoff and Jessica Abrahams to unpack the thorny issues at the nexus of Russia, cybersecurity and U.S. government activity.
Continue reading “Russia, Cybersecurity & Government Contracting – Faegre Drinker on Law and Technology Podcast”
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S. healthcare sector.
Continue reading “HHS Ransomware Report Details Revival of Dangerous LOTL Cyberattack”
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors” that targeted “U.S. and international Energy Sector organizations.” While CISA, the FBI, and DOE all responded to these campaigns “with appropriate action in and around the time they occurred,” the U.S. government determined that it was important to share information about the attacks “in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.”
Continue reading “U.S. Government Details Prolonged Cyber Scheme by Russian State Actors Targeting the Energy Sector”
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the federal government. The bill, also known as the “Strengthening American Cybersecurity Act of 2022,” passed the Senate by unanimous vote on March 1. It then passed the House of Representatives and was signed into law by President Biden on March 15, 2022.
Continue reading “Congress Passes New Cyber Incident and Ransomware Payment Reporting Legislation”