Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label financial risks. Show all posts
Sanctions
Crypto Exchange cryptocurrency cryptocurrency security Cyber Security financial risks Garantex Russian Crypto Sanctions

Sanctioned Russian Crypto Exchange Garantex Allegedly Rebrands as Grinex

 

International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that Grinex may be a direct successor to Garantex, which was shut down earlier this month in a joint operation by law enforcement agencies from the U.S., Germany, and Finland. 

Despite the crackdown, Global Ledger researchers have identified on-chain movements linking the two exchanges, including the transfer of Garantex’s holdings in a ruble-backed stablecoin, A7A5, to wallets controlled by Grinex. Off-chain clues further support the connection, such as the sudden surge in trading volume—Grinex reportedly handled over $40 million in transactions within two weeks of its launch. According to Lex Fisun, CEO of Global Ledger, social media activity also suggests a direct relationship between the platforms.

In a Telegram post, Sergey Mendeleev, a known figure associated with Garantex, downplayed the similarities between the two exchanges while making light of the situation. Meanwhile, reports indicate that former Garantex users have been transferring funds at the exchange’s physical offices in Europe and the Middle East, strengthening claims that Grinex is simply a rebranded version of the defunct platform. While leading blockchain analytics firms such as Chainalysis and TRM Labs have yet to verify these findings, Andrew Fierman, Head of National Security Intelligence at Chainalysis, acknowledged that early indicators point to a connection between Garantex and Grinex. 

However, a full assessment of Grinex’s infrastructure is still underway. If Grinex is indeed a rebranded Garantex, it would not be the first time a sanctioned exchange has attempted to evade regulatory scrutiny through rebranding. Similar cases have been observed in the past—BTC-E, a Russian exchange taken down by U.S. authorities in 2017, later reemerged as WEX, only to collapse due to internal conflicts. Likewise, Suex, another Russian exchange sanctioned for facilitating illicit transactions, resurfaced as Chatex before facing renewed enforcement actions. 

The reappearance of Garantex in another form underscores the persistent difficulties regulators face in enforcing financial sanctions. Despite the seizure of its servers and domain, the exchange’s infrastructure appears to have been quickly reestablished under a new identity. Experts warn that non-compliant exchanges operating in high-risk regions will continue to find ways to circumvent restrictions. Before its takedown, Garantex had been identified as a hub for money laundering and illicit financial transactions. 

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the exchange in 2022, citing its involvement in facilitating payments for ransomware groups such as Black Basta and Conti, as well as its ties to darknet marketplaces like Hydra. Court documents also revealed that Garantex provided financial services to North Korea’s Lazarus Group, a state-backed hacking organization responsible for some of the largest cryptocurrency heists in history, including the $1.4 billion Bybit hack.

Additionally, Russian oligarchs reportedly used the platform to bypass economic sanctions imposed after Russia’s invasion of Ukraine. Two individuals linked to Garantex’s operations, Lithuanian national and Russian resident Aleksej Besciokov and Russian citizen Aleksandr Mira Serda, have been charged with conspiracy to commit money laundering. Besciokov was arrested in India earlier this month while on vacation with his family and is expected to be extradited to the U.S. to face trial. 

While authorities work to contain illicit financial activity in the crypto space, the rapid emergence of Grinex serves as a reminder of how easily such operations can adapt and reappear under new identities. Analysts warn that other high-risk exchanges in Russia, such as ABCEX and Keine-Exchange, are poised to take advantage of regulatory loopholes and fill the void left by Garantex’s shutdown.
Read more »
Privacy
Biometric Information Privacy Act Corporate financial risks Illinois Privacy

Illinois Amends Biometric Privacy Law to Limit Corporate Liability



SPRINGFIELD, IL – Illinois has recently amended its Biometric Information Privacy Act (BIPA), essentially reducing the financial risks for companies that mishandle biometric data such as eye scans, fingerprints, and facial recognition information. The changes, signed into law by Governor J.B. Pritzker on August 2, followed a growing trend of legal adjustments aimed at balancing consumer privacy rights with corporate concerns.

Key Changes to BIPA

Originally passed in 2008, BIPA was one of the first laws in the United States to establish strict guidelines for the collection, storage, and use of biometric data. The law required companies to obtain written consent before collecting biometric information and allowed individuals to sue for damages if their data was mishandled. Previously, victims could seek $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

However, the recent amendment dramatically alters this infrastructure. Under the new rules, multiple violations involving the same person's biometric data will now be treated as a single infraction. This change effectively limits the potential damages a company might face, even if it repeatedly mishandles an individual's biometric information.

Impact on Legal Liability

This amendment overturns a 2023 Illinois Supreme Court ruling that held companies accountable for each instance of biometric data misuse. The ruling had stemmed from a class-action lawsuit against White Castle, where an employee accused the restaurant chain of repeatedly violating BIPA by improperly collecting her biometric data. With the new law in place, such claims will now result in lower financial penalties for companies, reducing the incentive for large-scale settlements.

Legal and Industry Reactions

Legal experts and industry groups have noted the implications of this amendment. Alan Friel, a lawyer with Squire Patton Boggs, observed that the change would likely decrease the settlement value of BIPA claims. He also underlined that the new law allows companies to fulfil the written consent requirement through electronic signatures, further easing the burden on businesses.

In the past, BIPA has led to substantial settlements, such as Facebook’s $650 million agreement in 2020 to settle claims that it violated the law by using facial recognition without user consent. This settlement resulted in individual payouts of over $400 to affected users. Illinois’ law is unique in allowing individuals to directly sue companies for violations, a provision that other states, such as Colorado, have not adopted.

The amendment comes amid a broader national debate over privacy laws and the responsibilities of corporations handling sensitive data. While Illinois has maintained a more consumer-focused approach, other states have taken different paths. For example, Texas recently secured a $1.4 billion settlement with Facebook’s parent company, Meta, over similar biometric privacy violations. However, in Texas, enforcement of such laws is handled by the state, not individual consumers.

The Information Technology and Innovation Foundation (ITIF), a think tank supported by various corporations, welcomed the changes to BIPA. Ash Johnson, ITIF’s Senior Policy Manager, argued that the amendment brings much-needed balance to the law, which had previously imposed steep fines for even minor infractions. According to Johnson, the previous version of BIPA had driven some companies to limit their technological offerings in Illinois or avoid the state altogether.

The recent amendment to Illinois’ Biometric Information Privacy Act marks a notable shift in how biometric data violations are handled, reducing the financial risks for companies while still aiming to protect consumer privacy. As states across the U.S. continue to grapple with how best to regulate biometric data, Illinois' experience with BIPA will likely serve as a critical case study for future legislation.


Read more »
Truist Bank
Data Breach financial risks Security Breach Sensitive data Truist Bank

Truist Bank Confirms Data Breach After Information Surfaces on Hacking Forum


 

Truist Bank, one of the largest commercial banks in the United States, has confirmed a cybersecurity breach after stolen data appeared for sale on a hacking forum. The breach, which occurred in October 2023, was brought to light when a threat actor, identified as Sp1d3r, posted the bank’s data online.

Details of the Breach

Headquartered in Charlotte, North Carolina, Truist Bank was formed in December 2019 through the merger of SunTrust Banks and BB&T (Branch Banking and Trust Company). The bank, now with total assets of $535 billion, offers a variety of financial services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payment services.

The breach reportedly involves sensitive information from 65,000 employees, including bank transactions with names, account numbers, balances, and the source code for Truist’s Interactive Voice Response (IVR) system. Sp1d3r is attempting to sell this data for $1 million, according to DarkTower intelligence analyst James Hub, who first spotted the listing.

In a statement, a Truist Bank spokesperson confirmed the October 2023 cybersecurity incident and emphasised that it was swiftly contained. The bank worked with external security consultants to investigate the breach, enhance security measures, and notify affected clients. Initially, only a small number of clients were informed, but additional clients have been notified as the investigation continues to uncover new information.

The spokesperson clarified that this incident is not connected to the ongoing Snowflake attacks, stating, "We have found no evidence of a Snowflake incident at our company." They also noted that Truist Bank regularly collaborates with law enforcement and cybersecurity experts to safeguard its systems and data. To date, there have been no indications of fraud resulting from this breach.


Other Breaches Linked to Sp1d3r

Sp1d3r is also selling data stolen from the cybersecurity firm Cylance for $750,000. This data reportedly includes 34 million customer and employee emails, along with personally identifiable information. Cylance confirmed that the stolen data is from 2015-2018 and was taken from a third-party platform.

In another incident, Sp1d3r had previously listed 3TB of data stolen from Advance Auto Parts, a provider of automotive aftermarket parts, on the same hacking forum. This data was reportedly taken from Advance’s Snowflake account.

The confirmation of Truist Bank’s data breach highlights the persistent threat of cyberattacks on major financial institutions. Truist Bank remains committed to securing its systems and protecting client information as investigations continue. In the era of digitalisation it is highly imperative to stay three steps ahead of how technology is being leveraged towards attacking sensitive data and institutional information. 




Read more »
reputation
Businesses Cyber Attacks Cybersecurity measures data security Data Theft endpoint detection and response financial risks payment diversion fraud Ransomware reputation

Growing Threat of Cyberattacks Puts Businesses at Risk

 

In an era defined by digital advancements, businesses face an escalating peril: cyberattacks. While the digital age has opened up unprecedented opportunities, it has also ushered in a formidable threat to businesses' financial stability, data integrity, and reputation.

Recent years have witnessed a surge in both the frequency and sophistication of these attacks, leaving a trail of financial losses and reputational damage. Notably, small enterprises with fewer than ten employees have seen an alarming rise in cyberattacks, jumping from 23% to 36% over the past three years, according to a report from Hiscox, an insurance company.

The pandemic exacerbated vulnerabilities, with hospitals becoming frequent targets of ransomware attacks, jeopardizing patient well-being. A prevalent form of cybercrime, payment diversion fraud, affected one in three businesses within the last year, as highlighted by Eddie Lamb, Cyber Education and Advisory expert at Hiscox.

This form of attack involves cybercriminals attempting to redirect or steal payments meant for legitimate recipients. Ransomware attacks persist, as evidenced by a recent breach targeting the Greater Manchester police force. Additionally, data theft remains a persistent threat, with confidential information and intellectual property being prime targets.

According to Lamb, the average cost of an attack stands at €15,000, but one in eight afflicted businesses faced losses exceeding €238,000. Shockingly, one in five respondents stated that the cyber attack they endured posed a significant threat to the future viability of their business.

Beyond financial repercussions, cyberattacks also inflict intangible harm. Lamb emphasized that the damage extends to elements like brand reputation and the erosion of consumer trust, potentially leading to enduring consequences.

This is particularly evident in data breaches, where sensitive information beyond email lists may be compromised. For instance, in 2020, US cybersecurity firm FireEye fell victim to a highly sophisticated attack, possibly orchestrated by a nation-state, resulting in the loss of a critical toolkit.

While such large-scale attacks are infrequent, businesses of all sizes must fortify their defenses. Lamb stressed that while there's no foolproof safeguard, implementing modern anti-virus technology with endpoint detection and response (EDR) is crucial. EDR enables real-time threat monitoring and can autonomously take measures to prevent or mitigate harm.

Other protective measures include adopting multifactor authentication and biometrics. The UK National Cyber Security Centre also underscores the importance of robust data backups in its cyber security guide for small businesses. Online training resources and check tools tailored for small-sized businesses offer further support.

Recognizing that human error is a significant vulnerability, educating and training employees on best cybersecurity practices is essential. As cybercrime tactics evolve, staying updated on the latest trends is paramount.

Lamb urged businesses to be proactive, emphasizing that cyberattacks are a matter of "when" rather than "if". He stressed that the pivotal factor lies not in experiencing a breach, but in the response to it. Consequently, clear and comprehensive security policies, including an incident response plan, are crucial. Additionally, having a dedicated cyber defense team or individual is pivotal, ensuring a swift and coordinated response to minimize downtime.
Read more »
Subscribe to: Posts (Atom)