Singapore passes new Cybersecurity Bill: Here’s what you need to know before it comes into force
Posted in cybercrime, Data breach, GeneralTopic: cybercrime
Subscribe to cybercrime RSS feed Posted in cybercrime, Data breach, GeneralDiscovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks
Posted in Compliance and risk management, cybercrime
Slightly over one year ago, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. Now, a new Internet of Things (IoT) botnet, called IoT Reaper, or … Continue reading
Singapore proposes changes to cybersecurity and data protection regimes
Posted in cybercrime, Data breach
In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime. These changes will have a significant … Continue reading
New Global Cyberattack Affects Businesses, Government, and Infrastructure
Posted in Compliance and risk management, cybercrime
A new strain of malware began infecting computer systems across the globe on Tuesday. Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading
WannaCry Ransomware Attack Summary
Posted in Compliance and risk management, cybercrime
In this post, we summarize key facts regarding the WannaCry ransomware attack, provide an abbreviated list of known affected companies, and offer an overview of the legal issues and the response to the attack. This post is an update to our prior coverage of WannaCry.… Continue reading
Large Ransomware Attack Affects Companies in Over 70 Countries
Posted in Compliance and risk management, cybercrimeA large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning. According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon. The attacks are being caused by ransomware called “WannaCry,” which quickly moves across systems to encrypt large amounts of computer … Continue reading
Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong
Singapore legal update: Firm warned for WhatsApp personal data disclosure
Posted in cybercrime, Data breach, GeneralLegal Implications of DDoS Attacks and the Internet of Things (IoT)
Posted in cybercrime
Several significant distributed denial-of-service (“DDoS”) attacks have taken place in the last few weeks, including a major event involving a domain name service provider (Dyn), which caused outages and slowness for many popular sites like Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. This significant attack came on the heels of two major DDoS attacks against … Continue reading
UAE Outlaws Sales of Personal Data and Increases Fines for Companies
The United Arab Emirates Penal Code was amended with effect from October 29, 2016 to outlaw the copying, distribution or disclosure of information that a person obtains in the course of their employment. This new offence will target company insiders (or service providers) unlawfully dealing in personal data. Other changes to the Penal Code will … Continue reading
Major DDoS Attacks Signal Need for Strengthened Cyber Defenses
Posted in Compliance and risk management, cybercrime
On Friday, October 21, a series of Distributed Denial of Service (DDoS) attacks were launched against the servers of Dyn, a major DNS host. DNS hosts operate in a manner akin to a switchboard for the Internet, helping to route domain names (e.g., dataprotectionreport.com) to underlying IP addresses (e.g., 104.28.6.115). By attacking Dyn, hackers were … Continue reading
FTC Enforcement Possible for Failing to Guard Against Ransomware
Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading
U.S. Government Announces Framework for Responding to Critical Infrastructure Cyber Incidents
On July 26, 2016, the White House issued the United States Cyber Incident Coordination Directive (Presidential Policy Directive PPD-41, including an Annex). The Directive sets forth the principles governing the Federal Government’s response to cyber incidents, including incidents affecting private entities that are part of U.S. critical infrastructure. The Directive is designed to improve coordination … Continue reading
The Intersection of Trademark Law and Cybersecurity
Posted in cybercrime, General
Earlier this week, our colleague Sue Ross wrote on the intersection of trademark law and cybersecurity on Norton Rose Fulbright’s Brand Protection Blog. The post explains that by protecting its brand, a company can help to improve cybersecurity. For example, by seeking to recover “squatted” domain names and complaining to social networks about trademark infringement, a company … Continue reading
UAE Employees Jailed for Privacy Breach Before Ultimately Being Acquitted
A recently-reported court case in the United Arab Emirates has highlighted the importance of establishing and implementing good privacy practices, even in the absence of specific data protection legislation. In late 2014, the UAE public prosecutor charged three officials from a federal authority – the general director, a branch manager and an IT manager – … Continue reading
Legal update: Security issue could impact ADP customers
Posted in cybercrimeCyber criminals appear to have gained unauthorized access to ADP, Inc.’s self-service customer portal to file fraudulent tax returns for some ADP customer employees. ADP has reportedly confirmed that a subset of its customers have been the victim of tax fraud perpetrated by hackers posing as customer employees on ADP’s portal. We recommend that ADP … Continue reading
Ransomware Incident Response – Prevention, Readiness and Strategy
Posted in Compliance and risk management, cybercrimeLast week, the Hollywood Presbyterian Medical Center was able to successfully negotiate the release of a collection of system resources and data files that had been encrypted and held hostage by ransomware attackers. Ransomware is a peculiar type of malware that is not designed or intended to steal personal or confidential information. Rather, ransomware is … Continue reading
Cyber security – making banking safer
Posted in Compliance and risk management, cybercrime
Cybersecurity is rarely out of global news headlines. David Navetta and Marcus Evans have commented on the issue in the January 2016 edition of The Banker. The feature – “Cyber security – making banking safer” – looks how financial institutions are protecting their assets and customers’ data.… Continue reading
Federal Cybersecurity Information Sharing Act signed into law
Posted in cybercrime, Regulatory responseOn December 18, 2015, President Barack Obama signed into law the Cybersecurity Information Sharing Act of 2015 (CISA) as part of the 2016 omnibus spending bill. CISA encourages businesses and the federal government to share cyber threat information in the interest of national security.… Continue reading
Council and European Parliament reach agreement on NIS Directive
Posted in cybercrime, Regulatory responseOn December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading
South Africa places limits on internet activity tracking
Posted in cybercrime, General
Each device which accesses the internet is allocated a unique number (Internet Protocol or IP address) by its internet service provider (ISP). A record is created each time this IP address accesses a webpage, including the date, time and URL (website address) accessed. These records are stored by the ISP.… Continue reading
Challenges to banking and tech: data and cybercrime
Posted in cybercrime, GeneralSouth Africa’s new Cybercrimes and Cybersecurity Bill
Posted in cybercrime, General, Regulatory response
The South African Cybercrimes and Cybersecurity Bill expands on the original sections of the Electronic Communications and Transactions Act, 2002 (ECTA) with the creation of 20 new cybercrime offences. This illustrates the extent to which technology is being used for unlawful purposes and the need to protect yourself in your activities online. Comments on the Bill … Continue reading
