National Security & Digital Crimes

Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents

January 12, 2021 By Kim Peretti

On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]

SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations

December 17, 2020 By Kim Peretti and Privacy, Cyber & Data Strategy Team

On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]

DOJ Announces Indictment of Russian Hackers for Destructive Cyber-Attacks, Including Deployment of NotPetya and Olympic Destroyer Malware

October 21, 2020 By Privacy, Cyber & Data Strategy Team

On October 19, 2020, the Department of Justice (DOJ) announced that six Russian GRU officers had been charged in connection with a series of destructive cyber-attacks that affected victims around the globe and caused billions of dollars of damage. The Russian hackers are alleged to be a part of the group known as Sandworm, which […]

State Financial Regulators Issue Ransomware Mitigation Tool

October 16, 2020 By Kim Peretti and Alysa Austin

On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]

FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks

October 2, 2020 By Alysa Austin and Privacy, Cyber & Data Strategy Team

With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]