Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Federal Government. Show all posts

The FTC’s new Amendment Requires Financial Institutions to Report Security Breaches Within 30 Days


The Federal Trade Commission has recently enacted an amendment that mandates non-banking entities to notify the Federal Trade Commission of specific data breaches along with other security incidents.

This mandate requires the creation, execution, and upkeep of an extensive security policy to protect consumer data, and it applies to businesses including payday lenders, auto dealers, and mortgage brokers.

The Safeguards Rule, which required financial institutions to report security breaches found in their systems as soon as they occur, was recently amended by the federal government. Organizations must notify the Federal Trade Commission (FTC) "as soon as possible," but no later than 30 days, of any security issue involving the information of 500 or more customers. 

It has been made mandatory for organizations to report the FTC in case any malicious or unauthorized entity gains illicit access to unencrypted customer data. However, this requirement is only applicable if the data is encrypted and hackers have obtained access to the encryption keys.

From April 2024, the new regulation will go into effect 180 days after it is published in the Federal Register.

FTC further informs that following the discovery of a security incident, non-banking financial institutions will have to use the FTC's online site to report pertinent information to the commission. The identity and contact details of the reporting institution, the number of customers affected, a description of the data disclosed, the date of exposure, and the length of the incident should all be included in a thorough breach report.

Moreover, the amendment will also enable firms to notify the FTC in case the public disclosure of the breach jeopardizes their investigation or national security. An official from law enforcement may as well ask for an additional 60-day delay before making the information public. 

The FTC's Bureau of Consumer Protection head, Samuel Levine, stressed that businesses that are entrusted with private financial data must be open and honest "if that information has been compromised." These businesses should be given "additional incentive" by the new disclosure obligation to actually protect the data of their customers.

In October 2021, the FTC released revised guidelines to improve data security while also inviting public feedback on a proposed supplemental amendment to the data breach reporting standards. The new amendment was ultimately accepted by a unanimous vote of three to one.  

Two-Year Chase: FBI Relaunches Search for Cybercriminals

 


The usage of sophisticated e-mail schemes by hackers to hack into the systems of law firms and public relations companies is on the rise, with hacker groups targeting law firms and public relations companies in an attempt to steal sensitive information often related to large corporations operating overseas. 

There has been an increase in attempts by cybercriminals to hack into law firms' computers as of late. According to a recent FBI advisory, the trend began as much as two years ago but has grown dramatically in recent months. 

After the FBI and its European allies announced they had taken down the multimillion-dollar cybercrime group's computer systems more than two years ago, the agency has now intensified its search for members of the group, according to newly released court documents reviewed by CNN and found to have stolen identities. 

Hacking tools associated with the group, whose operations have previously been linked to eastern Ukraine, have stalked the internet for and hacked the computers of over 100 million users since the year 2000, costing thousands of victims millions of dollars, and resulting in a disruption attack on the school in the US last year. 

There is a persistent and increasingly sophisticated threat of malicious cyber campaigns attacking America's public and private sectors, a threat that threatens the American people's security, privacy, and ultimately the economic well-being of the country. There is a need for the Federal Government to improve the speed and effectiveness with which it identifies, deters, protects against, detects, and responds to these kinds of actions and actors.   

A major cyber incident can also pose challenges to the Federal Government in terms of examining what happened and applying lessons learned in the aftermath. There is no doubt that government action is essential to cybersecurity, but it must go further than that. For the Federal Government to be able to provide comprehensive protection for the Nation from cybercrime, private-sector partnerships are essential.   

Private sector companies must adapt to the constantly changing threat environment in which they operate, ensuring the security of their products is built into their designs and that they are operated securely, and partnering with the Federal Government to protect cyberspace. 

To conclude, users should be able to place a significant amount of trust in a company's digital infrastructure only if that infrastructure is trustworthy and transparent, as well as if the consequences of putting this trust in the wrong place will be severe and costly for the company. 

Ukraine War Investigation Leads 


There was a statement made by the FBI alongside the Dutch, British and other European law enforcement agencies in January 2021, announcing they had successfully penetrated Emotet's servers to stop hackers from getting into the computer systems of their victims. Several computers are also said to have been seized by the Ukrainian authorities as part of the investigation. 

Although the group's infrastructure has been rebuilt, the hackers have continued to launch spam emails from its network, and they launched another campaign in March, according to researchers who are investigating the group. According to CNN, security experts who follow the group haven't seen any activity from Emotet for months, raising questions as to where the group might pop up next - or if law enforcement agencies are closing in on them as a result of their operations being crippled. 

It was announced last month that the FBI and a coalition of European allies have dismantled a network reminiscent of Emotet, called Qakbot, which comprises infected computers and monitors. The FBI's investigation of Qakbot and related activity is ongoing, as a senior FBI official was quoted as saying by CNN at the time. 

Besides revealing the extent to which the war in Ukraine has caused chaos in the country, the new court documents also demonstrate that the FBI has faced significant challenges, resulting from the chaos unleashed by the war in Ukraine.

When Russia entered the Ukrainian nation in February 2022, a Ukrainian cyber researcher leaked a collection of confidential communications between members of the Conti cybercriminal gang, a cybercrime organization that is alleged to have ties with the Russian government. 

In the new court documents, the FBI has perhaps revealed what he believes to be the first public confirmation of Conti leaks. The FBI agent affirmed in an affidavit filed in the Emotet case that the leaks were authentic and that at least one of the hackers of the group was administrating its malicious code before and even after the arrest of law enforcement officials in January 2021. 

Hackers usually install software in networks to search for, collect, copy, and send files to a computer server, usually located in another country once they are in the network. Additionally, hackers can use the program as a back door, allowing them to get back in later on, as well as to create back doors to the computer system. Several types of attachments or links can resemble anything from a photo to an executable program. The FBI warned that this could happen. 

Companies need to start re-evaluating what they put on their networks as hackers are getting more sophisticated. This message was delivered through Bleier and other U.S. cyber officials at a conference held by the American Bar Association on Friday. 

As Chris Painter, the acting cybersecurity director of the White House, explained, cyber attackers are no longer mostly lone perpetrators but are increasingly joining transnational organized crime networks. Several law firms and public relations companies have been targeted in recent months by the FBI as a result of ongoing investigations.