In a report on the hack of Twitter by a "17-year-old" and his accomplices, the New York State Department of Financial Services recommended a new cybersecurity regulatory framework for the largest social media companies.
In separate advisories, FinCEN and OFAC warned financial institutions of the growing prevalence of ransomware attacks and the legal risks of making ransomware payments.
FinCEN Director Kenneth Blanco reviewed (i) recent trends in pandemic-related fraudulent activity, (ii) FinCEN's response and (iii) recent rulemakings and alerts aimed at combating cyber threats.
The Office of Compliance Inspections and Examinations alerted firms to the increased prevalence of "credential stuffing," a cyberattack method that involves the use of automated scripts to attempt to log into customer accounts using stolen personal information.
The SEC proposed amendments to the national market system plan governing the Consolidated Audit Trail that would (i) increase security requirements for the use of collected data and (ii) reduce the scope of sensitive information required to be collected.
FINRA warned members about imposter websites that use the names of registered representatives to fraudulently solicit information from potential customers.
FINRA warned members of a new imposter website that uses a domain name nearly identical to that of FINRA's, but contains an extra "n" (i.e., "finnra").
The Office of Compliance Inspections and Examinations identified compliance issues for broker-dealers and investment advisers resulting from market volatility and operational disruptions due to the COVID-19 pandemic.
FinCEN alerted financial institutions to indicators of COVID-19-related cybercrime. The alert concerns (i) the exploitation of remote platforms, particularly against financial and healthcare systems, (ii) phishing, malware and extortion schemes, and (iii) business email compromise fraud.
The New York State Department of Financial Services filed charges against a title insurance company for exposing customers' sensitive personal information on its website.
At a meeting of the CFTC Technology Advisory Committee, industry representatives considered presentations on automated and modern trading markets, distributed ledger technology and market infrastructure, virtual currencies, and cybersecurity.
At an Asset Management Advisory Committee meeting, SEC officials considered the issues of (i) diversity and inclusion and (ii) technology and data in the asset management industry.
The Office of Compliance Inspections and Examinations alerted market participants to reports of sophisticated ransomware attacks targeting SEC registrants and their service providers.
The U.S. House Financial Services Subcommittee on National Security, International Development and Monetary Policy considered legislative proposals aimed at addressing fraud and cybersecurity vulnerabilities.
SIFMA urged the SEC to prohibit self-regulatory organizations from bulk downloading retail customers' personally identifiable information from the Consolidated Audit Trail.
The Federal Financial Institutions Examination Council encouraged financial institutions to practice effective risk management concerning cloud computing services.
SIFMA President and CEO Kenneth E. Bentsen, Jr. urged the SEC not to make broker-dealers liable for any potential security breaches in the agency's consolidated audit trail.
In a cyber threat advisory, the U.S. Departments of Treasury, State, Homeland Security, and the Federal Bureau of Investigation warned that North Korea is carrying out malicious activities to fund "regime priorities."
The SEC reached separate settlement agreements with two of nine defendants charged with hacking into the SEC's online Electronic Data Gathering, Analysis and Retrieval system.
President Trump issued an Executive Order establishing the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.
