Cybersecurity

LockBit Takedown Indicates Shifting DOJ Cyber Strategy and Has Implications for Ransomware Victims

May 15, 2024 By Kim Peretti, Seol Namgoong and Colton Jackson

On May 7, 2024, the United States unsealed an indictment against Dmitry Yuryevich Khoroshev, one of the leaders of the Russian-based ransomware group LockBit, for his alleged involvement in developing and distributing the LockBit ransomware. According to the indictment, Khoroshev performed both administrative and operational roles for the cybercrime group, including upgrading the LockBit infrastructure, […]

CISA Posts Notice of Proposed Rulemaking Under CIRCIA

April 7, 2024 By Kim Peretti and Kristen Bartolotta

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]

FBI and CISA Warn of Chinese Cyberattacks on U.S. Critical Infrastructure

February 21, 2024 By Seol Namgoong, Kim Peretti and Lance Taubin

Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, […]

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

January 23, 2024 By Kim Peretti, Kate Hanniford, Lance Taubin, Ashley Miller and Colton Jackson

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password without the assistance of help desk or IT professionals. The Industry Letter discusses the risks associated with the use of […]

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

December 18, 2023 By Kate Hanniford, Lance Taubin, Ashley Miller and Kristen Bartolotta

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s Cybersecurity Regulation (23 NYCRR Part 500) (the “Regulation”), specifically, its failure to protect non-public information (“NPI”). NYDFS originally brought the enforcement action in […]