Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label SEC. Show all posts
Security Breach
Cyber Attacks Gas Industry Oil Firm SEC Security Breach

Oil Giant Halliburton Hit by Cyberattack, Certain Systems Affected

 

On Friday, oil firm Halliburton revealed further details to regulators regarding a recent attack that forced the shutdown of critical systems. The company told news outlets that it was struck by a cyberattack on Wednesday, which disrupted operations at its Houston headquarters. 

In an 8-K filing filed Thursday with the Securities and Exchange Commission (SEC), the firm stated that attackers "gained access to certain of its systems." The firm is currently investigating the matter with the assistance of contractors. 

“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality,” Halliburton vice president Charles Geer noted in the report. 

Geer also stated that they are in contact with users and other stakeholders as they try "to identify any effects of the incident." According to Reuters, following the cyberattack, some employees were instructed not to access the company's internal network. No group claimed responsibility for the incident as of Friday afternoon. 

Halliburton, known for its controversial role in the Iraq War, is one of the world's major oil field service businesses, with almost 48,000 employees. The firm generated $5.8 billion in revenue in the first quarter of 2024. Businesses in the oil and gas industry continue to be targeted by hackers and ransomware gangs because they have a history for paying ransoms. 

While no cases have been confirmed, ransomware gangs have discovered at least five oil and gas businesses on their leak sites since June. For the past three years, oil and gas firms have been impacted by a number of cyber incidents, however the attacks on Colonial Pipeline and Shell have garnered the most media attention. 

It has become a major issue that G7 members in June have "committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world." 

In May, the Transportation Security Administration (TSA) updated cybersecurity standards for operators of potentially dangerous liquid and natural gas pipelines, as well as liquefied natural gas installations. 

The regulations, which have been in place since the Colonial Pipeline attack, require operators to confirm to TSA that they have implemented a variety of cybersecurity policies, including an incident response plan, the establishment of a cybersecurity coordinator position, vulnerability inspections, network segmentation, and more.
Read more »
UnitedHealth
Clorox Cyber Security Data Compromise Prudential Financial cyberattack Risk Management SEC UnitedHealth

SEC Tightens Cybersecurity Regulations for Public Companies

 



In 2023, the Securities and Exchange Commission (SEC) significantly tightened its cybersecurity regulations for publicly traded companies. This move, aimed at enhancing investor protection and ensuring market transparency, responds to the increasing prevalence of cyber threats and their potential to disrupt business operations and financial stability.

New Rules for Incident Disclosure

The SEC's updated regulations require companies to disclose cybersecurity incidents within four days of determining their material impact. Companies must swiftly evaluate the scope and severity of any cyberattack, including the nature and amount of data compromised and the potential business, legal, or regulatory impacts. The goal is to provide timely and accurate information about incidents that could affect a company's financial health or market performance.

Case Studies: Clorox, Prudential Financial, and UnitedHealth

Recent cyber incidents involving Clorox, Prudential Financial, and UnitedHealth offer insights into how companies handle these new requirements.

Clorox: In August 2023, Clorox faced a major cyberattack that disrupted its automated order processing system, leading to significant delays and product shortages. This disruption is expected to cost the company between $57 million and $65 million in fiscal year 2024, largely for IT recovery and professional services. Additionally, Clorox’s Chief Information Security Officer (CISO) left the company following the attack, which revealed long-standing security issues that had previously been flagged in audits.

Prudential Financial: In February 2024, Prudential Financial reported a cyber breach involving unauthorised access to its infrastructure, affecting administrative and user data. The breach, linked to the ALPHV ransomware group, compromised the personal information of 36,545 individuals. Prudential took a proactive approach by disclosing the incident to the SEC before determining its material impact, indicating a possible new trend toward early transparency.

UnitedHealth: UnitedHealth’s subsidiary, Change Healthcare, experienced a significant cyberattack that compromised millions of patient records and disrupted prescription and claims processing. Initially attributing the attack to a nation-state, UnitedHealth focused on restoring operations without immediately assessing its materiality. The incident has led to substantial financial repercussions, including at least 24 lawsuits and potential costs up to $1.6 billion. Following the disclosure, UnitedHealth’s stock price dropped by nearly 15%.

Key Takeaways for Risk Management

These examples highlight several important lessons for companies under the new SEC regulations:

1. Visibility and Accountability: Companies must continuously oversee their digital assets and promptly address security vulnerabilities. Ignorance is no longer a viable defence, and businesses must be able to explain the details of any breaches.

2. Transparency and Proactive Measures: Transparency is crucial. Companies should adopt conservative and proactive cybersecurity policies and be prepared to update disclosures with more detailed information as it becomes available.

3. Information Sharing: Sharing information about cyber breaches and effective security strategies benefits all sectors. This collaborative approach enhances overall security practices and accelerates the adoption of best practices across the industry.

The SEC’s new cybersecurity regulations shift towards more stringent oversight, pushing the growing need for robust cybersecurity measures to protect market stability and investor interests. As companies adjust to these requirements, the experiences of Clorox, Prudential Financial, and UnitedHealth provide valuable lessons in effective risk management and transparency.


Read more »
SEC
Breach Disclosure Cyber Security HP Microsoft SEC

Latest SEC Cyber Rules Raise 'Head Scratching' Breach Disclosures

SEC Disclosure

SEC disclosure mandate

The Securities and Exchange Commission's recently implemented cybersecurity regulations have prompted some breach disclosures from publicly traded firms, such as Microsoft and Hewlett Packard Enterprise.

Among other things, the guidelines mandate that a "material" cybersecurity event be reported to the SEC within four days of its classification as such. The SEC states that they were meant to give investors timely and “decision-useful” cybersecurity information; nevertheless, experts point out that several of the early disclosures only included rudimentary breach details, raising significant concerns that remain unaddressed.

According to Scott Kimpel, a partner at Hunton Andrews Kurth, "Some of these disclosures, I think, are question-begging." "They just provide us with superficial, newsworthy details about the occurrence.

SEC disclosure for companies: What does it mean?

Companies must assess an incident's materiality "without unreasonable delay following discovery and, if the incident is determined material, file an Item 1.05 Form 8-K generally within four business days of such determination," according to SEC regulations.

The incident's "material impact or reasonably likely material impact," as well as its material features of nature, scope, and chronology, must all be disclosed.

"Norms have not yet been established because we're early in the process," stated Richard Marcus, head of information security at cloud-based risk management startup AuditBoard. Therefore, Companies ask themselves, "How much can I get away with here? What exactly are my stockholders hoping to get? I believe that businesses are benchmarking against each other quite a bit."

Without mentioning any particular businesses, Kimpel claimed that some have submitted puzzling incident disclosures, in which they discuss a breach that hasn't yet had a major impact on their business operations and might or might not ultimately have a material impact on their financial situation. 

According to Kimpel, one argument is that these businesses might be disclosing a breach that they considered significant from a "qualitative" as opposed to a "quantitative" standpoint. Financial injury is one type of qualitative material impact, he said, while reputational harm and the possibility of future legal or regulatory problems are among the "almost endless list of possibilities" that make up quantitative material consequences.

Small companies exempted

Except for smaller reporting companies, all covered firms had to abide by the revised breach disclosure requirements as of December 18. As of June 5, smaller reporting organizations will have to comply with them.

Microsoft revealed in an Item 1.05 Form 8-K filing in January that a "nation-state associated threat actor" had obtained access to and exfiltrated data from a "very small percentage" of employee email accounts, comprising staff members in the company's legal, cybersecurity, and senior leadership teams, among other departments.

Among the businesses that have used similar language in breach disclosures submitted to the SEC following the new cybersecurity regulations are HP Enterprise and Prudential Financial.

What next?

As the Wall Street Journal reported in January, Microsoft notified the SEC of the breach even though, at the time of its regulatory filing, the company's investigation had not revealed any consequences that would have exceeded the agency's material damage criteria. The corporation stated, "But because the law is so new, we wanted to make sure we honor the spirit of the law," as stated in the Journal article.

According to Kimpel, SEC filings may create investor confusion when businesses disclose breaches that don't seem to be as serious as they claim, sometimes without explaining their actions.

Read more »
SEC
Cyber Crime Cyberattacks Cybersecurity CyberThreat Financial crime MarineMax Ransomware attack SEC

MarineMax's Cyber Resilience: Responding to SEC on Cyberattack Incident

 


MarineMax, a national retailer of boats and million-dollar yachts, reported on March 12 that a "cybersecurity incident" disrupted its operations, according to documents filed with the Securities and Exchange Commission (SEC). 

According to the company, unauthorized access to the information systems of the company was gained by a third party. However, the company has not indicated who the threat actor is, or what type of attack occurred, whether it was a ransomware attack or an incident of another nature. 

Many of MarineMax's internal systems were rendered unavailable as a result of the attack, which is believed to have started on Sunday, and caused significant delays in customer service, sales, and customer support for MarineMax customers across the country. 

There has also been a significant decline in MarineMax dealership sales and service as IT systems deal with the aftermath of the hurricane. In addition to financing approvals, inventory availability, and overall deal progression, many dealerships are reporting problems with the dealership's sales and service processes. 

As a result of the attack, MarineMax has not discontinued its operations, but cybersecurity experts were hired to assist in the investigation and law enforcement was also notified. People asked the company if it was dealing with a ransomware attack or another type of cyber incident, but they did not respond to my inquiry. 

As the filing indicates, the attack has not materially affected the company's operations. However, officials are still assessing whether it will at some point in the future based on their findings.  Although MarineMax has not responded to questions as to whether data was stolen, it doesn't maintain sensitive data in the environment impacted by the incident, which has mentioned in the filing that these are not stored there. 

During a recent cyber attack, MarineMax was subjected to an incident that was deemed a 'cybersecurity incident', as defined in rules provided by the Securities and Exchange Commission. The incident involved the compromise of portions of the company's information environment by an unauthorized party, as detailed in the filing by MarineMax. 

The Securities and Exchange Commission recently amended its incident-disclosure rules to require a Form 8-K to be filed within 24 hours of the organization determining a cyber-incident to be material. This means that it has a significant impact on operational performance and could have a potential impact on investors' investments.

Last year, several industry giants faced a cyberattack, including Brunswick Corporation, which manufactures boats and parts for ships, a company that has been in the boating industry since the late 1800s. 

An incident that affected the production of marine electronics at a subsidiary of the company in June, that cost the company more than $85 million, was reported by the company.  A German manufacturer of luxury yachts and military vessels also came under attack by ransomware over the Easter weekend in 2023, which occurred over the Easter holiday.
Read more »
SEC Protocol
Cybersecurity Cybersecurity Reporting Organization security SEC SEC Protocol

SEC Sets New Disclosure Rules: Read How It Will Revolutionize Organization Cybersecurity


SEC mandates cybersecurity reporting for companies 

The Securities and Exchange Commission's (SEC) latest set of rules on cybersecurity reporting for publicly traded organisation can be understood in two ways. One, as another generic regulatory formality piling on the companies, or second, as an important move towards strengthening cybersecurity in the board. 

In the smaller picture, it is likely to be both. But in the bigger picture, the benefits will outweigh the limitations. The SEC's primary attention on cybersecurity metrics can mix with other financial reporting needs to compel companies toward a more comprehensive security framework that includes asset intelligence and prioritises material risk. 

SEC protocol: Implication for organizations

The new protocol is likely to push organizations to start focusing on asset intelligence on evidence-based security data, and not just merely storing inventory of devices and apps, helping them toward a consistent monitoring and improvement program. 

The rules will also support companies to involve entire organizations in cybersecurity, security, promoting IT confluence, compliance and legal in all the ways that will support every party involved. 

Deep Asset Intelligence: A much needed approach

The scope for an integrated approach to cybersecurity built on evidence-based data highlights various organisations' need for stronger intelligence. The recent cyber attack on Clorox tells us why. Clorox was among the first large organizations to be compromised when the SEC's new rules came into play, asking the company to report the cyber attack through the SEC's Form 8-k within 4 days.

Clorox did comply, however, it had limited information on the impact of the attacks, so it had to file another form 8-k filing. But even so, Clorox didn't disclose the complete financial damage of the attack. 

What do experts think?

Certain cybersecurity experts anticipate that Clorox's response will be common for other businesses due to the challenge of rapidly assessing the impact of an attack. However, incomplete reports may mislead investors.

A thorough understanding of an asset's life cycle, security measures, management style, data usage patterns, and potential end-of-life situations can all contribute to a more accurate assessment of the attack's impact. 
By promoting the use of measurements and statistics based on empirical evidence to evaluate material risk, the new regulations may also encourage businesses to improve their asset intelligence.

The Way Forward For Constant Enhancement

Businesses gather a great deal of security metrics, some of which may not be very valuable. While it may seem commendable to have stopped 9,000 malware attacks in a month, what would happen if there had been 9,008 attempts? 

By concentrating on operational controls and material concerns, comprehensive asset intelligence can assist organisations in focusing on more serious issues. 

An endpoint without a security agent or an outdated, unpatched system, for instance, can be just as hazardous as a network-based vulnerability found on the common vulnerabilities and exposures (CVEs) list. Inventorying all of your users, apps, and devices is not sufficient; you also need to know if the security rules are active and in place.

The guidelines also encourage organisations to involve the legal and compliance departments, as well as the leadership team, in understanding the role that governance plays in better managing security through their reporting obligations.

Furthermore, and this is crucial, they encourage public firms to follow the industry trend of proactive and continuous assessment, which entails not just identifying security weaknesses but also continuously addressing them.

Proceeding Forward

Following its adoption in July and formal implementation on September 5, the SEC's new regulations are still being adapted to by publicly traded corporations. Businesses are required to file yearly reports starting in December and to report "material" cybersecurity incidents within four days, detailing the occurrence and its consequences.

Companies who lack full visibility into their assets, including the condition of security controls on devices and apps across the organisation, may find it difficult to comply with these regulations. They can, however, start to integrate security and compliance with asset intelligence—that is, evidence-based data centred on material risks—and work towards a continuous monitoring and improvement programme that more effectively secures the organisation.


Read more »
SolarWinds
CISO Cyber Security Cyberattacks CyberCrime Microsoft SEC SolarWinds

SEC's Legal Action Against SolarWinds and CISO Creates Uncertainty in Cybersecurity

 




In the lawsuit, the plaintiffs allege that CISO Timothy Brown, who was in charge of managing the company's software supply chain at the time of the massive cyberattack, has failed to disclose critical information regarding the attack. 

Several government agencies, corporations, and government-related organizations across the world rely on SolarWinds' product solutions. As a result of the complex attack, which is widely attributed to state-sponsored Russian hackers, numerous networks have been compromised. As a result of this breach, a significant amount of attention was paid to cybersecurity, and several hacks, investigations, and regulatory concerns followed. 

The hacker's identity has been confirmed as being a Russian government-linked hacker, and the company has been infiltrated with malicious code through its IT monitoring and management tool Orion, which was reportedly injected by them. 

A hack affecting more than 18,000 organizations worldwide was initially estimated to have occurred in October of last year, including the U.S. Dept of State and Homeland Security Department as well as the National Security Agency, as well as Microsoft Corporation. Nevertheless, SolarWinds later estimated that there were under 100 customers who had been affected by this. 

SolarWinds and Brown are being charged by the SEC for fraud and a failure to comply with internal controls relating to alleged threats and vulnerabilities related to cybersecurity. It is alleged in the complaint that since the date of SolarWinds' first public offering in October 2018, until December 2020, when it announced that it had been hacked, SolarWinds and Brown have been defrauding investors by overstating the company's cybersecurity practices and understating or failing to disclose certain risks that may have affected the company's investors.

It seems that the software maker and its chief information security officer are now facing charges of fraud and internal control failures. In an announcement released by the Securities and Exchange Commission (SEC) on Monday, it was alleged that SolarWinds and Brown misled investors about their cybersecurity practices, known security risks, and weaknesses throughout the company's history. 

Earlier investigations into SolarWinds' hack concluded that attackers were in the company's network for at least two years before they were discovered, indicating the attackers were well embedded in the company's network. It was alleged that Brown helped and abetted SolarWinds' violations of the Exchange Act's reporting and internal control provisions and that he was responsible for helping SolarWinds to breach these provisions. 

There seems to be a lack of transparency in cybersecurity incident reporting, as highlighted by the SEC's recently implemented four-day reporting rule. It is stated in the complaint that the SEC seeks permanent injunctions, disgorgement with prejudgment interest, civil penalties, as well as a bar against Brown as an officer and director of the corporation. In this case, the SEC has brought a lawsuit against a CISO that alleges that he has mismanaged cybersecurity risks in his organization, which is an extremely rare case. 

In the suit, SolarWinds' chief information security officer is accused of knowing about vulnerabilities in the company's systems but failing to disclose them adequately to its investors, resulting in misleading statements in the company's SEC filings which the SEC claimed were fraudulent. According to a variety of industry experts, the SEC's lawsuit has received mixed reviews. 

The fact that CISOs are being held accountable is seen as a necessary step when it comes to holding them accountable for the actions that they take as a result of cyber security concerns. CISOs are argued by some to be the most important individuals in the safeguarding of a company's digital assets, and they must be transparent about potential threats to their organization and the regulators as well. 

The lawsuit has drawn the attention of many people, including SolarWinds itself, which claims it sets a problematic precedent. CISOs fear that sharing information about cyber threats within their organizations might lead to their being liable for legal action, so they are reluctant to do so. As a result, they say, the industry could have difficulties responding effectively to cyberattacks and protecting sensitive data as a result. 

A blog post by Sudhakar Ramakrishna, President of SolarWinds, addressing the SEC's charges, states that the charges threaten a piece of open information sharing across the industry that cybersecurity experts think is necessary for our collective security. 

Further, they might disenfranchise cybersecurity professionals across the country and put them out of action, thereby taking these cyber warriors out of active service. It is likely that, in response to this lawsuit, many CISOs and cybersecurity professionals will examine their responsibilities and roles in a more detailed manner. Legal teams will be consulted by many of these employees for them to be clear about the legal risks associated with their positions.

To strike a balance between the transparency of their disclosure practices and their potential liability, others will surely revise them. As a result of the COVID-19 pandemic and the rapid shift to remote work, companies continue to struggle to secure remote access. However, the Sophos report revealed that the problem persists, even though companies struggle to secure remote access. 

According to the cybersecurity company's mid-year "Active Adversary Report," 95% of the attacks in the first half of 2023 were carried out via remote desktop protocol. As a bonus, attackers are increasingly targeting VPNs as a means of gaining remote access, another area that's been difficult to defend for the last few years. 

Even though attackers exploited a critical flaw that was disclosed in December, malicious activity against Fortinet VPN instances increased in February. According to the report, CISOs, particularly those who oversee public companies, should take an inventory of their security programs and make sure that the information they share with the public is based on fact rather than spin, which is what is causing concerns.” 

The SEC, which has filed this suit against privately held companies, is setting a new standard for security disclosures for those companies. Until further notice, there is no way to predict what will happen about SolarWinds' lawsuit and what implications it will have on the cybersecurity industry in general. It serves as a stark reminder to all CISOs that, regardless of the outcome, they are constantly facing a complex landscape of legal and regulatory challenges, as well as a rapidly evolving role.
Read more »
SEC
Cyber Security Cybersecurity Incident IT Security SEC

SEC Amends Cyber Incident Disclosure, Raises Concerns


SEC taking a tough stand on cyber threats 

Due to rise in breaches among its members and on its systems, the Security and Exchange Commission (SEC) is thinking how it can tackle the problem of cyber threats. 

The SEC suggested new amendments in March to supervise how investment firms and public companies under its purview should strengthen their IT security management and incident reporting. 

Throughout the years, SEC's disclosure regime has advanced to highlight evolving risks and investor needs. 

Current Cyber Security Landscape 

Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner, said SEC Chair Gary Gensler.

SEC being rough on incident reporting and identity theft programs

In July, the SEC thrashed JP Morgan & Co, UBS and online stock-trader TradeStation with having deficient customer identity programs, all these programs have violated the Identity Red Flag rules, or regular S-ID between between January 2017 and October 2019. 

Regulation S-ID aims to protect investors from identity threat risks. All the three financial organizations have agreed to: 1.Cease and desist from violations in future, 2. Getting censored, 3. Pay fines of $1.2 Million, $925,000, and $425,000, respectively. 

Besides these commitments, the SEC's proposed amendments will need the financial institutions to provide current report regarding material cybersecurity cases and periodic reporting to give updates about earlier reported cybersecurity incidents. 

The SEC in March issued that:  

“proposed rule defines a cybersecurity incident as an unauthorized occurrence on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”  Under the new rule, it considered "information systems" in a broad sense, especially when the financial firm made use of a cloud- or host based systems. 

SEC in the amendment says:

"The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks. The registrant’s board of directors' oversight of cybersecurity risk, and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures." 



Read more »
SEC
Cyber Crime Fake Sites FBI Frauds Fraudsters Fraudulent Scheme Hacking Scam Scammers Scams SEC

$50 Million Lost to Fraudsters Impersonating as Broker-Dealers

 

A California man admitted his involvement in a large-scale and long-running Internet-based fraud scam that allowed him and other fraudsters to drain about $50 million from hundreds of investors.

Between 2012 and October 2020 Allen Giltman, 56, and his co-conspirators constructed phoney websites to collect money from people via the internet by advertising various investment opportunities (mainly the purchase of certificates of deposit). 

According to court documents, "The Fraudulent Websites advertised higher than average rates of return on the CDs, which enhanced the attractiveness of the investment opportunities to potential victims. At times, the fraudulent websites were designed to closely resemble websites being operated by actual, well-known, and publicly reputable financial institutions; at other times, the fraudulent websites were designed to resemble legitimate-seeming financial institutions that did not exist." 

They advertised the phoney investment sites in Google and Microsoft Bing search results for phrases like "best CD rates" and "highest cd rates." The scammers pretended to be FINRA broker-dealers in interactions with victims seeking investment possibilities, claiming to be employed by the financial companies they imitated on the scam sites. 

They employed virtual private networks (VPNs), prepaid gift cards to register web domains, prepaid phones, and encrypted applications to interact with their targets, and false invoices to explain the huge wire transfers they obtained from their victims to mask their genuine identities during their fraud schemes. 

"To date, law enforcement has identified at least 150 fraudulent websites created as part of the scheme," the Justice Department stated. 

"At least 70 victims of the fraud scheme nationwide, including in New Jersey, collectively transmitted approximately $50 million that they believed to be investments." 

The charge of wire fraud conspiracy, which Giltman consented, carries a possible sentence of 20 years in jail, while the charge of securities fraud carries a maximum sentence of five years in prison. Both are punishable by fines of $250,000 or double the gross gain or loss from the offence, whichever is greater. Giltman is scheduled to be sentenced on May 10, 2022. 

Stay Vigilant

The FBI's Criminal Investigative Division and the Securities and Exchange Commission cautioned investors in July 2021 that scammers posing as registered financial professionals such as brokers and investment advisers were posing as them. 

The July alert came after FINRA issued a similar fraud alert the same week regarding broker imposter frauds involving phishing sites that impersonate brokers and faked SEC or FINRA registration documents. 

"Fraudsters may falsely claim to be registered with the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) or a state securities regulator in order to lure investors into scams, or even impersonate real investment professionals who actually are registered with these organizations," the FBI and SEC stated. 

Investors should first use the Investor.gov search engine to see if people marketing investment possibilities are licensed or registered, and then ensure they're not scammers by contacting the seller using independently confirmed contact information from the firm's Client Relationship Summary (Form CRS).
Read more »
Security Alert
Cyber Data Cyber Security Frauds Phishing scam Scam SEC Security Alert

US SEC Alerts Investors of Ongoing Fraud

 

The Securities and Exchange Commission (SEC) is alerting investors about scammers posing as SEC officials and attempting to mislead them. 

Fraudsters are contacting investors via phone calls, voicemails, emаils, and letters, according to the SEC's Office of Investor Educаtion and Advocаcy (OIE). 

The alert stated, “We аre аwаre thаt severаl individuаls recently received phone cаlls or voicemаil messаges thаt аppeаred to be from аn SEC phone number. The cаlls аnd messаges rаised purported concerns аbout unаuthorized trаnsаctions or other suspicious аctivity in the recipients’ checking or cryptocurrency аccounts. These phone cаlls аnd voicemаil messаges аre in no wаy connected to the Securities аnd Exchаnge Commission.” 

The SEC warned it never asks for payments linked to enforcement activities, offer to confirm trades, or seek sensitive personal and financial information in unsolicited communication, including emails and letters. It further stated that SEC officials will not inquire about shareholdings, account numbers, PINs, passwords, or other personal information. 

Scammers appear to be employing a growing number of strategies in order to boost their chances of success. Investors should not disclose any personal information if they get communication that seems to be from the Securities and Exchange Commission, as per the notice. They are encouraged to contact the commission directly.

Investors can use the SEC's personnel locаtor at (202) 551-6000, call (800) SEC-0330, or emаil help@SEC.gov to confirm the identity of people behind calls or messages. Investors can also register a complaint with the Securities and Exchange Commission's Office of Inspector General by visiting www.sec.gov/oig or calling (833) SEC-OIG1 (732-6441). 

Further, the alert stated, “Bewаre of government impersonаtor schemes. Con аrtists hаve used the nаmes of reаl SEC employees аnd emаil messаges thаt fаlsely аppeаr to be from the Securities аnd Exchаnge Commission to trick victims into sending the frаudster’s money. Impersonаtion of US Government аgencies аnd employees (аs well аs of legitimаte finаnciаl services entities) is one common feаture of аdvаnce fee solicitаtions аnd other frаudulent schemes. Even where the frаudsters do not request thаt funds be sent directly to them, they mаy use personаl informаtion they obtаin to steаl аn individuаl’s identity or misаppropriаte their finаnciаl аssets.”
Read more »
USA
Cyber Attacks SEC USA

Navistar International Corporation Hit by Cyberattack

Navistar International Corporation, a maker of United States trucks and military vehicles confirmed that it was hit by a cyberattack recently which resulted in data theft. In form 8-K filing with SEC (Security and Exchange Commission) this Monday, the company said that the company came to know about an attack on its IT systems on May 20, 2021. Navistar took immediate actions to limit the impact of the cyberattack and has launched an investigation with various cybersecurity and foreign agencies. Due to the attack, Navistar has strengthened its cybersecurity infrastructure and data protection, saying all of its systems are fully functional. 


On May 31, the company got a mail saying it was hit by a cyberattack and some data had been stolen.  As of now, the company is enquiring about and finding the impact of the attack. It has already called law enforcement agencies for help. Navistar didn't disclose any technical details about the attack but it might be a possibility that it was a ransomware attack. The claim is based on the recent rise of ransomware incidents in the US. In all these incidents, major US organizations were attacked and crucial data was stolen. Navistar was established in 1986, it makes trucks, diesel engines, and buses. 

Besides this, the Navistar Defense subsidiary makes military automobiles. After the attack that made US Colonial Pipeline to close its operations and distribution systems at the start of May, JBS USA, the world's largest meat processing company of US subsidiary also announced recently that it had closed down its plants in America and Australia.  Besides this, recently, Steamship Authority, the largest ferry service to the Massachusetts Islands of Martha’s Vineyard and Nantucket from Cape Cod, was hit by a cyberattack of a similar kind. 

At the start of this year, Molson Coors Beverage company was also hit by a ransomware attack. "White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks. The  memo, signed by Anne Neuberger, deputy national security advisor for cyber and emerging technology, mentions the recent increase in the number of ransomware incidents, as well as the Biden administration’s response to such attacks targeting government and private sector organizations," reports Security Wee
Read more »
User Data
Customer Data Cyber Security FINRA SEC User Data

Hackers Target American Retail Businesses, FINRA Scolds Brokerage Firms

 

Besides the American corporations facing threats from overwhelming cyberattacks, American retail businesses are also struggling to fight against the rise of hackers hacking into their accounts and investments. FINRA (Financial Industry Regulatory Authority), the market's self-regulatory body, in a recent notice said that it received several complaints related to customer accounts being hacked. The incident involved attackers using stolen customer information like login credentials to hack into online customers' brokerage accounts. 

According to Market Watch "Ari Jacoby, chief executive and co-founder of cybersecurity firm Deduce, backed up this statement with data showing that account-takeover fraud increased by roughly 250% from 2019 to 2020. He told Security.org that account-takeover prevention is a $15 billion market that is “growing significantly year-over-year.“ FINRA finds two factors that might be responsible for the surge in account takeover incidents. 

First is an increase in the use of online services and brokerage apps, that allows hackers to break into user accounts using login I'd and passwords that they buy from Darkweb. It becomes very easy for hackers to find the login credentials of the customers as many users use the same password combinations for multiple accounts. The second aspect is the Covid-19 factor. "Customer account-takeovers have been a recurring issue, but reports to FINRA about such attacks have increased as more firms offer online accounts, and as more investors conduct transactions in these accounts. In part due to the proliferation of mobile devices and applications and the reduced accessibility of firm’s physical locations due to the COVID-19 pandemic," reports FINRA. 

The Security and Exchange Commission is also keeping an eye on this incident and is pressing hard on brokerage firms for not keeping a check on suspicious activities. Market Watch says "But most individual investors don’t have to wait for the SEC or FINRA to come to their rescue, because this sort of criminal activity is largely enabled by a lack of vigilance on the part of victims, including requesting that their broker send them suspicious login alerts and using two-factor authentication, according to Jacoby."
Read more »
Technology
Crypto Currency Crypto Investors DarkSide Hackers SEC Technology

Ex-SEC Enforcer: Crypto Investors are Enabling Hackers

 

The founder of the Securities and Exchange Commission's internet enforcement bureau warned Thursday that investors in bitcoin and other digital currencies are helping online hackers. 

“Ransomware is hitting everywhere and they’re all collecting it in bitcoin because there’s no way they’re going to get caught. So you’re also enabling it,” John Reed Stark, now head of his own cybersecurity firm told in an interview to CNBC. 

Stark stated cryptocurrencies have almost no practical use, in contrast trading them to the speculation that previously boosted AMC Entertainment and other meme stocks like GameStop to great heights. Cryptocurrencies also require registration and other procedures that would improve the visibility of U.S. capital markets, he added. 

“At least with GameStop and AMC you’re not necessarily hurting anyone. ... But with crypto, you are really hurting a lot of people, and that sort of risk I don’t think is a good one for society,” Stark said. 

He also called crypto the essence of ransomware, a type of malicious software that can disrupt and even block computer networks. 

Brazil's JBS, the world's largest meatpacker, has resumed most production after a weekend ransomware attack, the latest in a line of hacks. JBS blames hackers to have links with Russia.

In May, Colonial Pipeline, the largest US fuel pipeline, paid ransomware demands last month after its operations were shut down for nearly a week. The FBI estimates the attack on Colonial Pipeline was carried out by DarkSide, which is a Russian-linked group that demanded $5 million to restore service. DarkSide eventually shut down after receiving $90 million cryptocurrency payments and last year, roughly $406 million in crypto payments were made to cyberattackers. 

“The country is kind of falling apart from ransomware all because of crypto, and the main reason people own crypto is because they think someone else will buy it and make the price higher,” said Stark, who spent 18 years at the SEC’s Enforcement Division. “There’s no other reason to invest in it,” he stated.
Read more »
Subscribe to: Posts (Atom)