Seyfarth Synopsis:  On May 12, 2021, President Joe Biden issued a very broad, 34 page “Executive Order on Improving the Nation’s Cybersecurity.” The Executive Order, or “EO”, can be found here. This order comes six months after the notorious SolarWinds attack, and mere weeks after other high-profile attacks have invaded our networks

Seyfarth Synopsis:  The attorney-client privilege is a bedrock legal principle that protects a client from providing a court or adversary with confidential communications exchanged in the course of providing or receiving legal advice with an attorney.  Cybersecurity data breach, often accompanied by ransom/extortion demands and threats of publication of sensitive information, diminish the attorney-client privilege protection and raise ethical issues as to an attorney’s duty in protecting the privilege from being waived. 
Continue Reading Ransomware with Data Exfiltration and Threatened Leak Extortion

A nationwide fraudulent unemployment benefits cyber scam has been making headlines for many months now and still continues to threaten employers and countless individuals throughout the United States.   Threat actors continue to exploit overwhelmed governmental agencies and are filing claims for benefits using the personal information of people who have not lost their jobs.  The false claims have been estimated in the hundreds of millions of dollars of fraudulent unemployment claims being paid to threat actors.  This fraud is a sharp reminder that sensitive personal information in the wrong hands can result in tremendous harm.  Employers should remain vigilant and alert their workforce, promptly challenge fraudulent claims, and check cyber-security practices and policies to help protect against this and other cyber threats.

It is estimated that nearly 53 million unemployment claims were filed during the few months of the coronavirus pandemic and the threat has continued into 2021.  Many state agencies, already understaffed and functioning with older technology and fraud detention protocols, were not prepared for the onslaught and have become tremendously overwhelmed.  The resulting delays and chaos in processing so many unemployment claims in such a short time has set the perfect stage for threat actors to take advantage.

Under normal circumstances, when the unemployment claim is filed, the agency will send  timely notice to the employer to provide the opportunity to protest the claim.  Typically the employer has ten days to protest.  However, during the pandemic, unemployment offices across the country have struggled to get the notices out to employers – taking months rather than days.  Consequently, employers are receiving the protest notices after the time has expired to protest the claim.  Most people learn they are affected when they get a notice from the state unemployment benefits office about their supposed application for benefits.  By then, however, the benefits usually have been paid to an account the criminals control.  Further, it is not clear given the magnitude of claims and impact on individuals whether in some instances agencies are paying even before they send the protest notice.
Continue Reading COVID-19 Unemployment Benefits Scams Continue Well Into the Pandemic

At Seyfarth, I’m not just an attorney—I’m also an ethical hacker and digital forensic expert, and I’m proud to be one of several “attorneys who code” at Seyfarth. Here, we’re passionate about technology, and we routinely seek creative ways to leverage innovations that enhance client services.

I’ve found that one area where emerging technology can make an enormous impact is in the data breach notification assessment space. Specifically, I’ve found that artificial intelligence can power the evaluation of implicated data for personal information like PII and PHI to determine notice requirements in the various implied jurisdictions. While there are many ways to accomplish that evaluation, I wanted to share my experience partnering with Text IQ, a company that builds AI for sensitive information, to power a data breach response in a blind study alongside the traditional document review and coding approach. The result was reduced risk, quicker turnaround time, and cost reduction for Seyfarth’s client.
Continue Reading Powering Data Breach Response with AI: A Case Study

For Marvel Entertainment fans, this one’s for you: Step aside Nick Fury, New York has a new SHIELD.  New York state recently passed a new law extending protections against cyber-attacks for its residents with NY Senate Bill S5575B, also known as the “Stop Hacks and Improve Electronic Data Security Act” or SHIELD Act, for short.  This Act expands New York’s data breach notification statute in definition, notice, scope, and compliance requirements of any individual or business handling New York residents’ computerized private information.

The SHIELD Act first redefines “private information” to include username or e-mail address in combination with a password or security question and answer for online accounts as well as biometric information.  It also allows for reporting a breach if an account or credit card number alone (i.e. without an account access code or password) is compromised “if circumstances exist wherein such number could be used to access an individual’s financial account without additional identifying information, security code, access code, or password.”  Slightly more nuanced, it expands the definition of “breach of security of the system” to include an unauthorized access of private information as well as an unauthorized acquisition.  Addition of “access” means the statute will be triggered without an incident having to reach “acquisition,” a term more readily applicable in scenarios impacting control, possession and use of that private information.
Continue Reading Look Out Marvel, There’s a NEW SHIELD in Town

Every day all over the world, companies fall victim to cybersecurity attacks.  It’s nearly a constant these days.  Many of these attacks are preventable with the right amount of attention to detail in system setup and hardening.  The three common themes in postmortem examination of all of these attacks boil down to 1) human error; 2) configuration error; 3) failing to proactively defend.  In this series of six posts, we will dive into each attack’s anatomy, the attack vector, and the ways companies can attempt to avoid being victim to them.  In the last post, guest bloggers from G2 Insurance will walk through how insurance companies react to claims, what to watch out for in your policies, and appropriate coverage levels for cyber insurance based on their experience handling claims.

#1  Email Spoofing and Wire Fraud

This attack is essentially a wire instruction interception/redirection or wholly fake request for a transfer.  This is an event that comes up daily or at least weekly in any cybersecurity professional’s world.  This attack typically plays out with a threat actor masquerading as a legitimate authority within a company, typically someone in the C-suite or Director level.  To make it successful, the recipient of the wire transfer request has to believe it’s legitimately originating from one of those authoritative people.

One way attackers do this is using actual stolen credentials.  Despite the flood of data security breaches and database hacks, people unfortunately still use weak passwords and also re-use passwords.  We have seen dozens of instances of successful credential attacks where the attacker used publicly available database leak information to gain unauthorized access to corporate accounts.  The approach goes like this: an attacker harvests information regarding corporate leadership from various data sources about companies (LinkedIn, Dunn & Bradstreet, Bloomberg, Google Finance) and chooses a few people to target.  They then cross-reference those names to leaked credential databases, often times hosted on Darkweb sites, IRC chat rooms, or other forums dedicated to hacking.  If the attacker is able to find other accounts belonging to their targets that have been compromised and have a password, they can try that password, and tens of thousands of variations of it, to attack the corporate account of their victim.Continue Reading Top Five Most Common Cybersecurity Attacks and How to Prevent Them – Part 1: Email Spoofing and Wire Fraud

Yesterday, organizations around the world were hit by yet another ransomware attack.  Similar to the recent WannaCry attacks, the Petya attack works to encrypt documents and files and subsequently demands a ransom to unlock them.  Unlike WannaCry, it is believed that the Petya attack spreads internally through an organization (rather than across the Internet) using

Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom.  This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in as many as 27 different languages.  The latest version of this ransomware variant, known as WannaCryWCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly.
Continue Reading WannaCry Ransomware Attack: What Happened and How to Address

shutterstock_506771554Another week, another well-concocted phishing scam.  The most recent fraudulent activity targeted businesses that use Workday, though this is not a breach or vulnerability in Workday itself.  Specifically, the attack involves a well-crafted spam email that is sent to employees purporting to be from the CFO, CEO, or Head of HR or similar.   Sometimes the

A Finnish web developer discovered that “autofill profiles” now offered  on certain browsers provides hackers with a new phishing vector.  Autofill profiles allow users to create a profile containing preset personal information that they might usually enter on web forms.  When a user fills in information for some simple text boxes, the autofill system will input other profile-based information into any other text boxes on the page, even when they are not visible on the page to the user and, from there, the hacker harvests additional autofilled personal information without the user’s knowledge.

Autofill profiles are not to be confused with form field autofilling behavior, which allows the user to fill in one form field at a time with data previously entered in those fields, while autofill profiles in browsers enable users to fill in an entire web form with one click.  
Continue Reading Warn Your Clients: Browser Autofill Can Steal Their Personal Details in New Phishing Vulnerability