Fraud & Cybersecurity

Dec. 2, 2022: Fraud and Cybersecurity Articles

Small Business Interest Group Challenges CTA’s Constitutionality

Courtesy of Nicholas Kato, BallardSpahr

In our last post discussing the new regulations issued under the Corporate Transparency Act (“CTA”), we suggested that “time will tell whether industry groups will launch lawsuits challenging the Final Rule.” That time has apparently come: on November 15, 2022, the National Small Business Association (“NSBA”) filed a complaint (“Complaint”) challenging the reporting requirements set forth in the CTA and the accompanying regulations issued by the Financial Crimes Enforcement Network (“FinCEN”).

The Complaint names Treasury Secretary Janet Yellen, the U.S. Treasury Department, and FinCEN Acting Director Himamauli Das as defendants. This post describes the allegations made in the Complaint and offers some commentary on its merits. Spoiler: while the Complaint’s allegations that the CTA will impose significant burdens on reporting entities are well-taken, its constitutional claims largely face an uphill battle. Read More

This Zero-Day Twitter Hack Has Already Impacted 5.5 Million Users

Database of 5,485,635 Twitter users shared by cybercriminals online.

Courtesy of Davey Winder, Forbes

Twitter confirmed that a threat actor used a zero-day vulnerability to compile a database of user information. That vulnerability was fixed, Twitter said, in January 2022. However, Bleeping Computer has reported that the database, which includes non-public information of more than 5 million users, has now been shared for free within a breached data marketplace forum. The publication also reports that another database, potentially containing 17 million records, was created using the same vulnerability.

The Bleeping Computer report confirms that the database of 5,485,635 Twitter user records, initially offered for sale at $30,000 in July, has been shared on 24 November, for free, on the Breach Forums site. Most of the data, it would appear, is publicly known, such as Twitter usernames, login names, and verification status. However, the report also states that private information, such as telephone numbers and email addresses, is also included. Read More

Kraken Settlement Demonstrates Importance of Sanctions Monitoring for Transactions — Not Just When Onboarding Customers

Courtesy of Nicholas Kato, BallardSpahr

The Office of Foreign Assets Control (“OFAC”) announced (here and here) yesterday that virtual currency exchange Payward, Inc. – better known as Kraken – has agreed to pay $362,158.70 in order to settle its potential civil liability for apparent violations of the sanctions against Iran. Kraken also has agreed to invest an additional $100,000 in certain sanctions compliance controls.  According to OFAC, “[d]ue to Kraken’s failure to timely implement appropriate geolocation tools, including an automated internet protocol (IP) address blocking system, Kraken exported services to users who appeared to be in Iran when they engaged in virtual currency transactions on Kraken’s platform.”  Read More

Fed, FDIC Order Citi to Address Data Management Weaknesses

Courtesy of Anna Hrushka, BankingDive

Bank regulators want Citi to address weaknesses in its financial data management practices, according to a review of the living wills of the nation’s biggest banks. The Federal Reserve and the Federal Deposit Insurance Corp. (FDIC) found a shortcoming related to data quality and data management concerns previously identified in an October 2020 enforcement action against the bank, the regulators said Wednesday. That penalty presumably stemmed from an August 2020 human error that led Citi to mistakenly transmit $900 million to creditors on a 2016 Revlon loan.

The regulators gave Citi until Jan. 31 to submit a “mapping document” addressing the issues. The bank is “completely committed to addressing the shortcoming,” it said in a statement Wednesday. Read More


Nov. 18, 2022: Fraud and Cybersecurity Articles

Can Somebody Hack the Entire Bitcoin System?

Bitcoin has continually faced skepticism, with many still divided on whether its system can be hacked or not. Opponents have raised several concerns about the potential vulnerabilities of cryptography and blockchain technology. So, can somebody hack the entire Bitcoin system?

Bitcoin has increasingly proven to be a more robust network, with proper measures to withstand attacks and failures. The Bitcoin blockchain has never experienced any hacking cases since its inception more than twelve years ago. It has surpassed the expectations of many academics, researchers, and economists, with zero instances of counterfeits on its network.

While Bitcoin is a highly reliable and secure monetary system, it is not perfect. Like other digital inventions, minor bugs have appeared from time to time. That has raised some concerns about potential threats that could impact Bitcoin operations. Today, there are hackers anywhere so better to use a safe and secure platform like Chain Reaction

Bitcoin security concerns might take two forms- threats facing users and those facing the network. Users must use Bitcoin responsibly and take all the precautions to protect their private keys, passwords, and other sensitive data against loss or attackers. READ MORE

#StopRansomware: Hive Ransomware

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.

FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. Victims of ransomware operations should report the incident to their local FBI field office or CISA.

Download the PDF version of this report

As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks. From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH). READ MORE

Blog: The Basel AML Index 2022 — One Step Forward, Four Steps Back

Guest blogger Dr. Kateryna Boguslavska of the Basel Institute on Governance (“Basel Institute”), will discuss the Basel Institute’s recent release of the Basel AML Index for 2022 (the “Index”). The data-rich annual Index is a research-based ranking that assesses countries’ risk exposure to money laundering and terrorist financing. It is one of several excellent online tools developed by the Basel Institute to help both public- and private-sector practitioners tackle financial crime. We are excited to continue this annual dialogue between the Basel Institute and Money Laundering Watch.

Established in 2003, the Basel Institute, an Associated Institute of the University of Basel, is a not-for-profit Swiss foundation dedicated to working with public and private partners around the world to prevent and combat corruption. The Institute’s work involves action, advice and research on issues including anti-corruption collective action, asset recovery, corporate governance and compliance, and more.

This blog post again takes the form of a Q & A session, in which Dr. Boguslavska responds to several questions posed by Money Laundering Watch about the Basel AML Index 2022. We hope you enjoy this discussion of global money laundering risks — which addresses enforcement, virtual assets, environmental crime, AML for lawyers, how the U.S. is performing, and more. READ MORE

Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaigns

Microsoft has warned users about a large-scale phishing campaign that has been targeting over 10,000 organizations to perform follow-on business email compromise (BEC). As part of the campaign, the attackers have been using adversary-in-the-middle (AiTM) phishing sites to steal credentials, and have been hijacking sign-in sessions to bypass authentication even with multifactor authentication (MFA) enabled.

AiTM is a phishing technique in which the attackers deploy a proxy webserver between the user and the site they are trying to sign in to, to intercept the user’s credentials and their session cookie, which enables the user to remain authenticated to the site. The phishing page uses two different TLS sessions – one with the user and the other with the site the user tries to access – to intercept the authentication process and extract the targeted sensitive information.

“Once the attacker obtains the session cookie, they can inject it into their browser to skip the authentication process, even if the target’s MFA is enabled,” Microsoft notes. Since September 2021, Office 365 users at over 10,000 organizations have been targeted in attacks that have been spoofing the Office online authentication page. READ MORE

European Commission Highlights Online Gambling’s Money Laundering Risks

Report Previews Potential Implications for the United States

The European Commission (“Commission”) recently released its 2022 Supranational Risk Assessment Report (“SNRA Report”) to the European Parliament and Counsel regarding the “risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities.” The SNRA Report analyzes, on a broad scale, money laundering and terrorism financing risks and proposes a plan of action to address them. The Report also examines more specifically “sectors or products where relevant changes have been detected.”

The SNRA Report flags the “Gambling Sector” as a “high risk” area of Anti-Money Laundering (“AML”) and Countering the Financing of Terrorism (“CFT”) concern, with a particular focus on online gambling. According to the Commission, online gambling presents a particularly high AML/CFT risk due to factors such as “the non-face-to face element, [and] huge and complex volumes of transactions and financial flows.” The potential use of e-money and virtual currencies, as well as the emergence of unlicensed online gambling sites, exacerbates this risk. READ MORE


Nov. 11, 2022: Fraud and Cybersecurity

SolarWinds Agrees to Pay $26 Million to Settle Shareholder Lawsuit Over Data Breach

Texas-based IT management solutions provider SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit over the data breach disclosed by the company in 2020.

The cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even earlier. The hackers compromised the automated build environment for the company’s Orion monitoring software, and in the spring of 2020 they pushed out malicious Orion updates to SolarWinds customers.

The malicious updates were sent out to thousands of SolarWinds customers, but only approximately 100 organizations were of interest to the attackers and received additional malware. This included private and government organizations. READ MORE

Ransomware-as-a-Service is Fueling the Threat Landscape. Here’s What to Do About It.

If there were a popularity contest for cybercrime attack types, ransomware would quickly be crowned as the winner. Our FortiGuard Labs team recently published an in-depth look at the current threat landscape and found that ransomware attacks continue to become more sophisticated and destructive, with attackers introducing new strains and updating, enhancing, and reusing old ones.

What’s especially concerning as we look at the first half of the year is that the number of new ransomware variants we identified nearly doubled compared to the previous six-month period. We saw 10,666 new ransomware variants in 1H 2022, compared to just 5,400 in 2H 2021. New variants means defenders need to constantly be on the lookout for shifts in tactics and techniques.

Curious as to what’s driving this volume and variety in ransomware attacks? READ MORE

Cybersecurity Insurance: Circuit Courts Weigh in on Insurers’ Liability for an Insured’s Losses Stemming from a Data Breach

Takeaway: When a cybersecurity-related incident occurs, an insured should not automatically assume a standard commercial general liability (CGL) policy issued by an insurer will cover their losses, as CGL policies generally afford coverage to an insured for losses resulting from bodily injury and property damage. An insured’s cybersecurity losses can encompass much more, such as losses arising from a data breach concerning confidential or personal information of a client or customer, i.e., third parties who fall outside of the scope of an insured’s traditional CGL policy. Therefore, to ensure cyber coverage exists in the wake of a cyber incident, an insured should make certain that potential cyber-related losses are included within the “four corners” of the underlying insurance policy to secure a defense and, more importantly, coverage from an insurer.

Key Point: In determining whether there is a duty to defend, a court must follow the “Eight Corners” Rule and look at the “four corners” of the complaint and the “four corners” of the underlying insurance policies. In other words, an insurer is obligated to defend its insured if the factual allegations of the complaint, on its face, encompass an injury that is actually or potentially within the scope of the policy. READ MORE

Podcast: Drafting Consumer Breach Notices — From a Litigation Perspective

In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron’s perspective as a litigator — and how plaintiff’s counsel can interpret these notices. For more than 20 years, Ron has advised companies in navigating federal and state privacy laws, bringing a unique understanding of technology in the areas of data security, data privacy, patent, antitrust, and licensing and contracts.

Podcast: Implementation of the AMLA and the CTA by Financial Institutions

How Will the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act (CTA) Impact Banks’ Anti-Money Laundering (AML) Compliance Under the Bank Secrecy Act (BSA)? A Discussion with Special Guest Matt Haslinger, Chief BSA/AML/OFAC Officer, M&T Bank

After reviewing how the AMLA expands the BSA’s goals, we look at which AMLA provisions have the most impact on BSA compliance, including the AMLA’s emphasis on information sharing, the Financial Crimes Enforcement Network’s “national priorities” and the value of threat pattern and trend information to bank compliance efforts, and the AMLA’s expansion of the U.S. government’s authority to subpoena information from foreign financial institutions that maintain correspondent banking relationships with U.S. banks. We also review the CTA’s new beneficial ownership reporting requirements and discuss how they interact with existing customer due diligence (CDD) requirements and the need to align CTA and CDD regulations.


FFIEC Industry Outreach Webinar: Critical Infrastructure Security and Resilience Multifactor Authentication (MFA)

The Federal Financial Institutions Examination Council (FFIEC) is offering a new Industry Outreach webinar on Friday, November 18, 2022, that focuses on multifactor authentication (MFA). The event sponsored by the FFIEC Task Force on Supervision–Cybersecurity and Critical Infrastructure Subcommittee. The FFIEC Industry Outreach is an alternative delivery program that provides timely updates on changes in supervisory guidance or regulations and information on current issues in the financial industry. The target audience for the FFIEC Industry Outreach program includes representatives from financial institutions, trade associations, third-party providers, and consultants. Federal and state financial institution examiners are also welcomed to participate in FFIEC Industry Outreach programs. Participants can view PowerPoint slides and listen to the presentations via computer or phone. Information regarding the event and the registration link is provided below. REGISTER HERE

Wire Transfer Fraud Webinar: Preventing and Mitigating this Rising Threat

Join Warner Norcross + Judd LLP attorneys Madelaine Lane, Kelly Hollingsworth and Nate Steed for a webinar focused on preventing and mitigating wire transfer fraud. Cyber criminals are utilizing phishing emails and other schemes at an alarming rate to lure wire transfer fraud victims in order to gain quick access to funds that can be nearly impossible to recover.

We are seeing an increase in wire transfer fraud incidents across the globe and want to help safeguard you and your business from this tragic and often preventable threat. Warner’s team will provide intel on the various types of wire transfer scams, the warning signs and steps to mitigate your liability if you or your customers become a victim. Our attorneys will also provide an update on the federal statutes governing wire transfer fraud prosecutions, the impact of restitution awards and civil judgments against perpetrators, and best practices for working with law enforcement. REGISTER HERE


Nov. 4, 2022: Fraud/AML/BSA

Learn From an Insider How Data Is Key to Preventing Identity Fraud

Bad actors are growing more sophisticated in their identity fraud techniques, leveraging advanced artificial intelligence technology to stage attacks on an industrial scale. They typically aim for customers’ funds directly rather than attempting to obtain their personal data, often laundering these stolen funds through cryptocurrency. 

“We’re seeing an uptick in bot-generated applications with stolen identities, and fraudsters are leveraging manual techniques to get these accounts funded with stolen funds. Then they’ll typically link the account to an external FI or payment processing organization that can facilitate some type of crypto exchange.”

Identity fraud has gone into overdrive in recent years as the pandemic has fueled a global shift from in-person to digital banking. It is much easier to impersonate a customer when there is no face time with a human employee, and bad actors have pounced on the opportunity. READ MORE

ACAMS: Crypto scams targeting seniors are on the rise, but so are efforts to prevent them

Panelists at a recent ACAMS event discussed how the type of financial fraud that targets seniors with cryptocurrency scams is unfortunately increasing

One of the fastest-growing forms of fraud involves scammers who target seniors and convince them, one way or another, to convert their money into cryptocurrency in order to receive a huge investment return, lottery prize, or other enticing — but entirely bogus — benefit.

At the 21st Annual Anti-Money Laundering & Anti-Financial Crime Conference, held by the Association of Certified Anti-Money Laundering Specialists (ACAMS), Rebecca Kiethley, a Federal Bureau of Investigation (FBI) fraud specialist, explained that people over 70 years of age control 75% of the wealth in America, and over the next 10 years somewhere between $30 trillion and $68 trillion in assets is expected to be transferred from the Baby Boomer generation to their Gen X and Millennial generation heirs.

Criminals know all of this, of course, and they are preparing to steal as much of that money as they can. READ MORE

FinCEN Analysis Reveals Ransomware Reporting in BSA Filings Increased Significantly During the Second Half of 2021

The Financial Crimes Enforcement Network (FinCEN) issued its most recent Financial Trend Analysis of ransomware-related Bank Secrecy Act (BSA) filings for 2021, indicating that ransomware continued to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public. The report focuses on ransomware trends in BSA filings from July-December 2021, and addresses the extent to which a substantial number of ransomware attacks appear to be connected to actors in Russia.

FinCEN issued the report pursuant to the Anti-Money Laundering Act of 2020 and in response to an increase in the number and severity of ransomware attacks against U.S. critical infrastructure since late 2020. Analysis covers pertinent ransomware activities for calendar year 2021, focuses on the second half of 2021, and builds on the BSA data underlying FinCEN’s October 2021 report. Among the most notable findings in the report:

  • Reported ransomware-related incidents have substantially increased from 2020.
  • Ransomware-related BSA filings in 2021 approached $1.2 billion.
  • Roughly 75 percent of the ransomware-related incidents reported to FinCEN during the second half of 2021 pertained to Russia-related ransomware variants.


Nov. 4, 2022: Cybersecurity

Hackers Stole Source Code and Personal Data From Dropbox Following Phishing Attack

Dropbox revealed on November 1 that it recently suffered a data breach where malicious actors gained access to some source code and personal information belonging to employees and customers.

The file hosting giant said it learned about the breach on October 14, after being alerted by GitHub. A few weeks earlier, GitHub had warned that some of its users had been targeted in a phishing campaign impersonating the ​​continuous integration and continuous delivery platform CircleCI in an effort to obtain credentials and two-factor authentication codes.

Dropbox was targeted in a similar attack, with hackers sending phishing emails to multiple employees, directing them to fake CircleCI websites set up to harvest their credentials and one-time passwords for multi-factor authentication (MFA).

The attack was successful and the hackers managed to access one of Dropbox’s GitHub organizations, from which they copied 130 code repositories. READ MORE

Brian Knight Chats with CU Broadcast on the Evolving Cyber/Information Security Policy Landscape
NASCUS President and CEO Brian Knight joins CU Broadcast during GoWest’s 2022 MAXX, to share highlights from his conference presentation: “The Evolving Cyber & Information Security Policy Landscape.”

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue. Although number matching is not as strong as phishing-resistant MFA, it is one of best interim mitigation for organizations who may not immediately be able to implement phishing-resistant MFA.

CISA recommends users and organizations see CISA fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications. Visit for more information on MFA, including an infographic of the hierarchy of MFA options.