Tag Archives: cyber attack

A Risk-Based Approach to the SolarWinds Vulnerability Disclosures

By Andreas Kaltsounis and Adam Cohen on January 6, 2021 Posted in Cybersecurity

On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will likely become known as one of the most widespread and damaging cyber attacks in history, approximately 18,000 private and government organizations installed … Continue Reading

No More Tears: A Few Recommended Steps in Response to WannaCry Ransomware

By Erich Falke on May 13, 2017 Posted in Ransomware

On May 12, 2017, thousands of companies across the globe saw the first signs of a prolific malware outbreak. The malware, a ransomware variant labeled WannaCry, is capable of encrypting files on a device and moving laterally to encrypt files on associated file shares. On average, the ransom amount that is demanded is the equivalent … Continue Reading

Will the proposed “Countering Russian Hostilities Act” stop Russian cyberattacks?

By Randal L. Gainer and Carol Van Cleef on January 27, 2017 Posted in International Privacy Law

On Jan. 10, 2017, a bipartisan group of five Republican and five Democratic senators announced their support for the Countering Russian Hostilities Act of 2017. Lindsey Graham, one of the senators who announced the proposed legislation, told The Wall Street Journal that he is confident the bill will get overwhelming support.[1] One reporter agreed, stating … Continue Reading

What Can Be Learned From 2016 Security Incidents?

By Craig A. Hoffman on December 22, 2016 Posted in Cybersecurity

Cue the year-end articles saying that this was the worst year to date for data breaches. Follow that with more dire predictions for 2017. Layer in one-size-fits-all recommendations to mitigate these risks. And finish with technology solutions that you must have. If you read all of this you might come away thinking that if your … Continue Reading

$90 Million Cyber Thefts From Banks Using SWIFT Network Raise Security Issues

By Randal L. Gainer on July 7, 2016 Posted in Financial Privacy

In February 2016, attackers stole $81 million from the Bangladesh central bank’s account at the New York Federal Reserve Bank by hacking into the Bangladesh bank’s computer network and sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment network. In January 2015, attackers netted $9 million in funds from an Ecuadorian … Continue Reading

Colleges and Universities Are Prime Cyberattack Targets: What’s Behind the Threat?

By Eric A. Packel on October 29, 2015 Posted in Cybersecurity, Incident Response

When it comes to cyberattack targets, many think of retailers and associated credit card transactions or customer information, or perhaps healthcare providers with their ever-increasing storage and transmission of electronic information related to patients. But colleges and universities are increasingly under siege from hackers. In fact, the education sector, according to recent reports, comes in … Continue Reading

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

By Will R. Daugherty on September 28, 2015 Posted in Cybersecurity

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment advisers with information on the focus areas of its upcoming round of cybersecurity examinations. OCIE is building on its previous cybersecurity examinations to increase … Continue Reading

What You Should Be Doing Now to Prepare for Implementation of the Cybersecurity Executive Order

By Gerald J. Ferguson on February 25, 2013 Posted in Cybersecurity

Co-Authored by: Theodore J. Kobus III A tempting response to the Cybersecurity Executive Order (the “Order”), announced by President Obama at his State of the Union address, is to ignore it. It is vague in key particulars, such as which companies are part of the “critical infrastructure” and therefore subject to the Order. The only … Continue Reading

Hi-Tech & Low-Tech Social Engineering Used for Corporate Bank Account Takeovers

By Craig A. Hoffman on March 13, 2012 Posted in Identity Theft, Information Security

Hi-Tech Corporate bank accounts continue to be targeted by criminals who use various forms of malware to gain access to the account and then wire money out of the account. One variation of these cyberattacks occurs in the form of a virus that captures corporate online banking credentials combined with a DDoS attack against the … Continue Reading

The Cybersecurity Act of 2012–What Does It Mean?

By Theodore J. Kobus III on February 15, 2012 Posted in Federal Legislation

Yesterday, Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn.), Ranking Member Susan Collins (R-Maine), Commerce Committee Chairman Jay Rockefeller (D-W.Va.), and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca. introduced The Cybersecurity Act of 2012. The press release can be found here. We are seeing an increasing number of attacks targeting government secrets, trade … Continue Reading