Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors” that targeted “U.S. and international Energy Sector organizations.” While CISA, the FBI, and DOE all responded to these campaigns “with appropriate action in and around the time they occurred,” the U.S. government determined that it was important to share information about the attacks “in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.”
Author: Peter Baldwin
Peter Baldwin draws on his experience as a former federal prosecutor to counsel clients facing government investigations and cybersecurity issues. View Peter's full bio on the Faegre Drinker website.
A Cyber Hygiene Strategy: Cyber Insurance Endorsements
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to provide directions to third parties with whom an insured can work if a claim is made under a policy.
Continue reading “A Cyber Hygiene Strategy: Cyber Insurance Endorsements”
Congress Passes New Cyber Incident and Ransomware Payment Reporting Legislation
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the federal government. The bill, also known as the “Strengthening American Cybersecurity Act of 2022,” passed the Senate by unanimous vote on March 1. It then passed the House of Representatives and was signed into law by President Biden on March 15, 2022.
Continue reading “Congress Passes New Cyber Incident and Ransomware Payment Reporting Legislation”
FBI Announces Increased Focus on Illegal Financial Transactions Involving Cryptocurrency
Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals.
In an effort to deter the use of cryptocurrencies in furtherance of criminal activity, the Federal Bureau of Investigation recently announced the formation of a Virtual Asset Exploitation Unit (VAXU). The VAXU will combine various investigatory, technical, and analytical resources, and the unit is charged with tracking the illicit use of cryptocurrencies and assisting in their seizure. This announcement follows close on the heels of the recent U.S. Department of Justice appointment of veteran federal prosecutor Eun Young Choi as the first director of the newly-created National Cryptocurrency Enforcement Team (NCET).
FTC Warns Companies to Fix Vulnerabilities Associated with Log4j
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action.
Log4j is used to record activities in a wide range of systems, sites, and software found in online products and services. Recently, a serious vulnerability in this popular software was discovered. This vulnerability poses a severe risk to millions of users. Most importantly, the Log4j vulnerability is being widely exploited by a growing set of attackers.
Continue reading “FTC Warns Companies to Fix Vulnerabilities Associated with Log4j”
Capping Cyber Casualties: Steps to Avoid Cyberattacks Flowing From Hostilities in Ukraine
Recognizing that cyberattacks have already commenced and could spread beyond the Russian-Ukrainian battlefield, organizations can take several steps to protect themselves. They can recognize the risk. Then organizations can assess likely cyber threats and vulnerabilities, build resilience and take preventive actions, to avoid becoming another casualty in a conflict that already has too many.