The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current events to mask their phishing campaigns to seem more believable and relevant. As everyone now knows, Silicon Valley Bank (SVB) became one of the largest banks to fail since the 2008 financial crisis. More recently, First Republic Bank also failed. … More
Tag Archives: cyber
Massachusetts Governor Issues Executive Order to Strengthen State’s Cyber Defenses
Governor Charlie Baker recently took steps to strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022 creating an advisory panel to improve the state’s cyber defense. The new state task force will assess existing resources, develop contingency plans, and identify strategies for preventing future cyberattacks. The goal of the task force is to ensure that the Bay State is at the forefront of the ever-evolving cybersecurity landscape.… More
US, UK, Australia, Canada and New Zealand Issue Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.
Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,… More
President Biden Signs Executive Order to Improve Cybersecurity and Protect Federal Government Networks
On May 12, 2021, President Biden signed an Executive Order which is aimed at improving the nation’s cybersecurity and protecting federal government networks. The Executive Order has been in the works for some time, but the timing of its release is a response to the Colonial Pipeline ransomware attack.
According to the Fact Sheet issued by the White House, this Executive Order will:
- Remove barriers to threat information sharing between government and the private sector
- Modernize and implement stronger cybersecurity standards in the Federal Government
- Improve software supply chain security
- Establish a Cybersecurity Safety Review Board
- Create a standard playbook for responding to cyber incidents
- Improve detection of cybersecurity incidents on Federal Government networks
- Improve investigative and remediation capabilities
The overall impact of the Executive Order is limited,… More
The SolarWinds Orion Hack: The Basics You Need to Know
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In particular, on December 13, 2020, CISA released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise, ordering federal civilian executive branch departments and agencies to disconnect affected devices.… More
Is Paying Ransomware Grounds for OFAC Sanctions? OFAC Says “Maybe”….
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments. In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….” While this is an advisory and does not have the force of law,… More
US Security Officials Warning of Cyber Attacks in Wake of Iran Strike
On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone. That DHS advisory states:
The United States designated Iran a “State Sponsor of Terrorism” in 1984 and since then, Iran has actively engaged in or directed an array of violent and deadly acts against the United States and its citizens globally.… More
FERC and NERC Talk Grid Resilience and Cybersecurity
On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More
Is Your Company’s Board of Directors Cyber Savvy?
Every company should expect that at some point it will experience a data breach. Whether as a result of hackers, disgruntled employees, or careless acts such as losing an unencrypted phone or laptop, data breaches may subject companies to liability and must be handled with speed and great care. What are the responsibilities of directors in preventing and addressing data breaches?
Without a doubt, directors must be generally aware of the data security risks facing the company and ensure that the company is prepared to manage those risks appropriately and has an incident response plan for a data breach.… More
Privacy and Data Security Strategies for Start-Up Companies
Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio. These days, investors are also likely to look at whether the company is in compliance with privacy and data security laws. Cybersecurity has become increasingly important for business of all sizes. While identity thieves may focus on the target rich environments of large-scale enterprises,… More