Category: Incident Response
Big Game Phishing
On October 2, 2019, the FBI issued a Public Service Announcement to alert US businesses and organizations to plan and prepare for what are being described as high-impact ransomware events. Certain bad actors seem to be no longer simply interested in a quick and easy financial gain from indiscriminately infecting […]
Credential Stuffing Attacks and What they Mean for Businesses
Over the past few months, Cooley’s incident response team has seen an increase in “Credential Stuffing” attacks. Credential Stuffing is an account takeover attack in which actors obtain user names and passwords available on the dark web from prior data breaches, and then attempt to login to various online accounts […]
The Department of Health and Human Services Issues Guidelines on Cybersecurity
On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (the “Cybersecurity Guidelines”), which provides voluntary cybersecurity practices designed to reduce security risks and improve security for various healthcare organizations. Specifically, the Cybersecurity Guidelines […]
The Evolution of Mirai Botnet Source Code Presents Increased Risk of Large-Scale DDoS Attacks
Over the past few years, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. However, since several of these large, highly-publicized attacks occurred in 2016, […]
Ohio Enacts Liability “Safe Harbor” for Entities That Maintain Specified Cybersecurity Programs
On August 3, 2018, Ohio Governor John R. Kasich announced that he signed Substitute Senate Bill 220 (“SB 220” or “Bill”) that, in part, affords a litigation “safe harbor” to covered entities that implement, maintain, and comply with specified cybersecurity programs. Covered entities, e.g., businesses, sued after a data breach […]
Supermarket Swept Up into Liability of Rogue Employee
The received wisdom was always that the greatest exposures created by a cyber security incident or data breach were the costs of remediation, business disruption and any regulatory fine. Whilst litigation risk existed, it was generally felt that such losses would only be suffered in the context of a security […]