Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of active exploitation of DFS-regulated companies […]
National Security & Digital Crimes
FBI Releases IC3 2020 Internet Crime Report Showing Record Increase in Cybercrime
The FBI’s Internet Crime Complaint Center (“IC3”) recently released its annual report, the 2020 Internet Crime Report (“Report”), which gathers statistics from nearly 800,000 complaints of suspected cybercrimes that the department received in 2020. This is a record number of complaints—a 69% increase from 2019—with reported losses exceeding $4.2 billion. According to the FBI, the […]
Russia Sanctioned For Role In SolarWinds Supply Chain Attack
On April 15, 2021, the Biden Administration took a significant step in announcing sanctions against the Russian Government and private Russian entities for multiple internationally-destabilizing activities, including the Russian Foreign Intelligence Service’s (SVR) supply chain attack of the SolarWinds Orion platform and other technology infrastructures. In addition to the sanctions, the Administration also provided practical […]
U.S. Takes Unprecedented Action to Disrupt State-Sponsored Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
On April 13, 2021, a federal district court granted a motion to partially unseal an FBI application and search warrant following the successful conclusion of an FBI operation to eradicate malicious web shells placed on U.S.-based computers by Chinese state-sponsored actors. The FBI’s use of credentialed, remote access techniques to access, copy, and remove malware […]
NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules
On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to […]