Financial Services, Government and Ransomware - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. However, all this attention from cyber criminals, as well as regulators and governments, has produced an extremely resilient industry with some of the best cyber security practices of any sector. Thu, 09/01/2022 - 05:15.

Financial Services

Financial Services Cybersecurity Computer and Electronics Cloud

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Security Affairs

DECEMBER 4, 2023

The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks. trillion under management.

Ransomware

Ransomware Financial Services Marketing Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

DoJ charged a Russian national with conspiring to carry out LockBit ransomware attacks against U.S. The Justice Department announced charges against the Russian national Ruslan Magomedovich Astamirov (20) for his role in numerous LockBit ransomware attacks against systems in the United States, Asia, Europe, and Africa.

Ransomware

Ransomware Agriculture Education Government

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. A now-deleted Tweet from Synoptek on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius ) have demanded over 145 million U.S. “Since spring 2022, Cuba ransomware actors have expanded their TTPs.

Ransomware

Ransomware Financial Services Manufacturing Phishing

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

An international law enforcement operation codenamed ‘Operation Cronos’ led to the disruption of the LockBit ransomware operation. A joint law enforcement action, code-named Operation Cronos, conducted by law enforcement agencies from 11 countries has disrupted the LockBit ransomware operation. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up. The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. Ransomware usually starts with a phishing email. Prevalence.

Ransomware

Ransomware Education Phishing Financial Services

Papua New Guinea ‘s finance ministry was hit by a ransomware

Security Affairs

OCTOBER 29, 2021

A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations. Pierluigi Paganini.

Ransomware

Ransomware Financial Services Government Data breaches

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. Pierluigi Paganini.

Ransomware

Ransomware Passwords Encryption Financial Services

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

An international law enforcement operation shuts down the infrastructure of the Ragnar Locker ransomware operation. Law enforcement from the US, Europe, Germany, France, Italy, Japan, Spain, Netherlands, Czech Republic, and Latvia conducted a joint operation that led to the seizure of the Ragnar Locker ransomware’s infrastructure.

Ransomware

Ransomware Financial Services Manufacturing Government

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year. Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Background. The Framework. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The US FBI warns that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. “RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.”

Ransomware

Ransomware Passwords Financial Services Manufacturing

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. LockBit ransomware attacks have resulted in ransom payments exceeding $144 million for recovery. ” reads the press release published by the U.S.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. A ransomware attack is about as bad as a cyber attack can get. Jump to: What is ransomware? How ransomware works. Preventing ransomware. Ransomware attacks and costs.

Ransomware

Ransomware Encryption Insurance Cloud

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

Organizations in the financial services, healthcare and other regulated sectors must place an even greater focus on managing risk—not only to meet compliance requirements, but also to maintain customer confidence and trust. Read to learn more about cloud adoption within financial services?

Cloud

Cloud Financial Services Risk Business Services

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. reads the statement published by the company on its website.

Data breaches

Data breaches Financial Services Ransomware Government

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

On March 21, the Maze ransomware operators published some of the stolen files on their “leak site,” after the refusal of the research firm of paying the ransom. The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems.

Ransomware

Ransomware Data breaches Encryption Financial Services

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. Image: Microsoft.

Ransomware

Ransomware Government Cybersecurity Blockchain

Putting data storage at the forefront of cloud security

IBM Big Data Hub

NOVEMBER 7, 2023

Securing sensitive data in an evolving landscape Advancements like those in AI and quantum computing can pose new challenges to customers, especially those in highly regulated industries such as financial services, healthcare, telecommunications and more.

Cloud

Cloud Financial Services Security Compliance

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Law enforcement provided additional details about the international Operation Cronos that led to the disruption of the Lockbit ransomware operation. Yesterday, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

NOVEMBER 20, 2021

banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Financial Services Insurance Ransomware

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

6 benefits of data lineage for financial services

IBM Big Data Hub

FEBRUARY 26, 2024

The financial services industry has been in the process of modernizing its data governance for more than a decade. But as we inch closer to global economic downturn, the need for top-notch governance has become increasingly urgent. The post 6 benefits of data lineage for financial services appeared first on IBM Blog.

Financial Services

Financial Services Cloud Metadata Digital transformation

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

individuals and businesses comply with ransomware payment demands. Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. sanctions law violations if U.S.

Ransomware

Ransomware Compliance Risk Government

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

He has served as the lead lawyer advising on the legal response on operationally impactful malware for a number of Fortune 500 entities, and led the incident response, associated investigations and litigations for several companies impacted by the Notpetya malware incident and recent large-scale ransomware incidents.

Cybersecurity

Cybersecurity Marketing Security Privacy

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

million patient visits stolen in ransomware attack Date of breach: 23 October 2023 Breached organisation: Bluewater Health and Chatham-Kent Health Alliance Incident details: A database containing information about 5.6 Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy

Data Privacy Privacy Security Data breaches

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

The global shipping and mailing services company Pitney Bowes revealed that the recent partial outage was caused by the Ryuk ransomware. The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Access

MITRE ResilienCyCon: You Will Be Breached So Be Ready

eSecurity Planet

NOVEMBER 17, 2022

Also read : Is the Answer to Vulnerabilities Patch Management as a Service? Ransomware is the most feared cybersecurity threat, and with good reason: Its ability to destroy and steal data is almost without peer. Continuous pentesting and ransomware simulations are among Airiam’s many controls. Backup Is Hard. Really Hard.

Cloud

Cloud Encryption Ransomware Cybersecurity

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

The rules would ensure people can obtain their own financial data at no cost, control who it’s shared with and choose who they do business with in the financial industry. The best way for financial services firms to meet the CFPB’s rules would be to apply the decoupling principle broadly.

Financial Services

Financial Services Privacy Personal data Marketing

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year ago (see our blog post here ), but include some changes.

Cybersecurity

Cybersecurity Compliance Financial Services Government

California IT service provider Synoptek pays ransom after Sodinokibi attack

Security Affairs

JANUARY 5, 2020

Synoptek, A California-based IT service provider decided to pay the ransom to decrypt its files after being infected with the Sodinokibi ransomware. Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files following a Sodinokibi ransomware attack.

IT

IT Ransomware Financial Services Retail

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 These new attacks affect everything from private citizens and businesses to government systems; healthcare organizations; public services; and food, water, and fuel supply chains. Ransomware. Ransomware is the fastest-growing trend. Mobile attacks.

Ransomware

Ransomware Cybersecurity Phishing Encryption

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. 2 See Cybersecurity Risk Governance, 3235-AM89, Securities and Exchange Commission (Spring 2021). This resolution highlights the SEC’s continued focus on cybersecurity. 20, 2017).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. Another risk is the data being sold on the dark web, and ICICI Bank risking to be a victim of ransomware attacks,” added the Cybernews team.

Personal data

Personal data Phishing Risk Financial Services

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. The attackers are attempting to exploit the need to install additional security software when South Korean users visit government or financial services websites. .

Financial Services

Financial Services Phishing Government Security

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

Over the years, the threat evolved and its operators implemented a modular structure that allowed them to offer the threat as malware-as-a-service. The Trickbot infrastructure was used by crooks to compromise systems and carry out human-operated campaigns, notably its use for the deployment of the Ryuk ransomware.

Security

Security Financial Services Ransomware Access

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

ALPHV/BlackCat ransomware gang adds 2.7 TB of ASA Electronics data to its leak site The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 It is not known how long the database was publicly available, nor whether anyone else accessed it. Date breached: 384,658,212 records. Data breached: 2.7

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor

Webinars

Trending Sources

LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Webinars

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Cybersecurity agencies published a joint LockBit ransomware advisory

A Russian national charged for committing LockBit Ransomware attacks

Ransomware at IT Services Provider Synoptek

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Operation Cronos: law enforcement disrupted the LockBit operation

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Papua New Guinea ‘s finance ministry was hit by a ransomware

Avoslocker ransomware gang targets US critical infrastructure

Law enforcement operation seized Ragnar Locker group’s infrastructure

Resecurity Released a 2024 Cyber Threat Landscape Forecast

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Ransomware Protection in 2021

Building for operational resilience in the age of AI and hybrid cloud

Nissan Oceania data breach impacted roughly 100,000 people

Maze ransomware gang discloses data from drug testing firm HMR

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Putting data storage at the forefront of cloud security

More details about Operation Cronos that disrupted Lockbit operation

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

6 benefits of data lineage for financial services

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

MITRE ResilienCyCon: You Will Be Breached So Be Ready

CFPB’s Proposed Data Rules

NYDFS finalizes cybersecurity rule amendments

California IT service provider Synoptek pays ransom after Sodinokibi attack

OCR Labs exposes its systems, jeopardizing major banking clients

What is a Cyberattack? Types and Defenses

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Multinational ICICI Bank leaks passports and credit card numbers

Lazarus malware delivered to South Korean users via supply chain attacks

Microsoft partnered with other security firms to takedown TrickBot botnet

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Stay Connected