Category: Administrative & Regulatory

Ankura Cyber Threat Intelligence Bulletin: August – September 2022

Over the past sixty days, Ankura’s Cyber Threat Investigations & Expert Services (CTIX) Team of analysts has compiled key learnings about the latest global threats and current cyber trends into an in-depth report: The Cyber Threat Intelligence Bulletin. This report provides high-level executives, technical analysts, and everyday readers with the latest intel and insights from our expert analysts.

Download the report for an in-depth look at the key cyber trends to watch and help safeguard your organization from constantly evolving cyber threats with the latest cyber intelligence, ransomware, and threat insights.

 Our latest report explains the following observations in detail:

Law Enforcement Works with Threat Intelligence to Prosecute Human Traffickers

In the age of high-speed internet and social media, criminals have evolved to use information technology to bolster their criminal enterprises and human traffickers are no different. Whether it be through the clearnet or dark web, human traffickers have leveraged the internet to scale their operations, forcing law enforcement to reevaluate how to best combat this problem. In response to the changes in trafficker tactics, techniques, and procedures (TTPs), governments across the world have responded with legislation and policies in an attempt to better thwart the efforts of these criminals. Researchers from Recorded Future’s Insikt Group have published compelling reports as a proof-of-concept (PoC) for a methodology on how law enforcement agencies and investigators can utilize real-time threat intelligence to leverage sources of data in order to aid in tracking, mitigating, and potentially prosecuting human sex traffickers. Download the full report for additional details on law enforcement efforts to prosecute human traffickers and more on the Insikt Group’s findings.

Emerging Threat Organization “MONTI”: Sister Organization or Imposter Threat Group?

Over the past several weeks a new, potentially imposter, threat organization has mimicked the tactics, techniques, procedures (TTPs), and infrastructure of the Conti Ransomware Group. Tracked as MONTI, this doppelganger organization emerged in the threat landscape in July 2022 after compromising a company and encrypting approximately twenty (20) hosting devices and a multi-host VMWare ESXi instance tied to over twenty (20) additional servers. While the July attack pushed the group into the limelight, analysts believe that attacks from the doppelganger organization go back even further into the early summer of 2022. Similarities discovered between Conti Ransomware and the alleged spinoff Monti Ransomware include attack TTPs alongside the reuse of Conti-attributed malicious payloads, deployed tools, and ransom notes. Additionally, the encrypted files exfiltrated by Monti contain nearly identical encryption, which could indicate code re-usage. Read the full report to find out what CTIX analysts expect to see from this group in the future.

Figure 1: Conti Ransom Note

Figure 2: Monti Ransom Note

Iranian State-Sponsored Threat Organization’s Attack Timeline Targeting the Albanian Government

In July 2022, nation-state Iranian threat actors, identified by the FBI as “Homeland Justice”, launched a “destructive cyber-attack” against the Government of NATO-member Albania in which the group acquired initial access to the victim network approximately fourteen (14) months before (May of 2021). During this period, the threat actors continuously accessed and exfiltrated email content. The peak activity was observed between May and June of 2022, where actors conducted lateral movements, network reconnaissance, and credential harvesting.

This attack and eventual data dumps were targeted against the Albania-based Iranian dissident group Mujahideen E-Khalq (MEK), otherwise known as the People’s Mojahedin Organization of Iran. MEK is a “controversial Iranian resistance group” that was exiled to Albania and once listed by the United States as a Foreign Terrorist Organization for activity in the 1970s but was later removed in late 2012. Albania eventually severed diplomatic ties with Iran on September 7, 2022, and is suspected to be the first country to ever have done so due to cyber-related attacks. For a more detailed analysis of this attack and its ramifications, download our full report.

 Figure: Homeland Justice Ransom Note Image

Banning Ransomware Payments Becomes Hot-Button Issue in State Legislature

There is a debate occurring in courtrooms across the United States regarding the ethics and impacts of allowing businesses to make ransomware payments. North Carolina and Florida have broken new ground earlier this year passing laws that prohibit state agencies from paying cyber extortion ransom demands. While these two (2) states have been leading the way in ransomware laws, at least twelve (12) other states have addressed ransomware in some way, adding criminal penalties for those involved and requiring public entities to report ransomware incidents. Download the full report to discover what experts think of government ransomware payment bans and the potential effects they could have on ransomware incidents.

Threat Actor of the Month: Worok

ESET researchers discovered a new cluster of the long-active TA428 identified as “Worok.” TA428 is a Chinese advanced persistence threat (APT) group first identified by Proofpoint researchers in July 2019 during “Operation LagTime IT”, a malicious attack campaign targeted against government IT agencies in East Asia. Download the full report for an in-depth look at Worok’s tactics and objectives, and insights from our analysts about the anticipated future impact of this group.

New List of Trending Indicators of Compromise (IOCs)

IOCs can be utilized by organizations to detect security incidents more quickly as indicators may not have otherwise been flagged as suspicious or malicious. Explore our latest list of technical indicators of compromise within the past sixty (60) days that are associated with monitored threat groups and/or campaigns of interest.

Article By Ted Theisen and Jason Hale of Ankura

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Ankura Consulting Group, LLC. All rights reserved.

FRB and FDIC Issue Joint ANPR on Possible Resolution Requirements for Large Banking Organizations While FRB and OCC Approve U.S. Bank MUFG Union Bank Merger

The Federal Reserve Board (“FRB”) and Federal Deposit Insurance Corporation (“FDIC”) Board issued an Advanced Notice of Proposed Rulemaking (“ANPR”) titled “Resolution-Related Resource Requirements for Large Banking Organizations.” Separately, but relatedly (if for no other reason than the FRB put it in the same press release as the ANPR), the Office of the Comptroller of the Currency (“OCC”) and the FRB approved their respective applications for the merger of MUFG Union Bank into U.S. Bank.

The ANPR is seeking comment on possible changes to the resolution-related standards applicable to large banking organizations (“LBOs”) that are not global systemically important banks (“GSIBs”). Those possible changes that the FRB and FDIC are contemplating would bring some of what is required for GSIB resolution planning down to LBOs, particularly focusing on “Category III” firms with $250 billion to $700 billion in total assets. The main focus of the ANPR is on whether LBOs ought to be required to issue long-term debt similar to the total loss-absorbing capacity (“TLAC”) requirements for GSIBs. The ANPR notes that the Fed and FDIC are considering “whether an extra layer of loss-absorbing capacity could increase the FDIC’s optionality in resolving the insured depository institution,” but also costs associated with such a requirement.

The ANPR flows logically from remarks made by Acting Comptroller Hsu at the Wharton Conference on Financial Regulation in April (and which we discussed in a previous issue), and that Acting Comptroller Hsu noted in his statement when he voted in favor of the ANPR at the FDIC Board meeting.

As noted above, in the same press release announcing the ANPR, the FRB announced the approval of the application by U.S. Bancorp to acquire MUFG Union Bank. The FRB’s order noted that upon consummation, U.S. Bancorp’s consolidated assets would total approximately $698.7 billion, and noting the close proximity to becoming a “Category II” firm over $700 billion in assets imposed a unique commitment to give quarterly implementation plans for complying with Category II requirements. The commitment by U.S. Bancorp also could trigger a need for U.S. Bancorp to comply with Category II requirements by December 31, 2024, even if its asset size has not gone above the $700 billion threshold. FRB Governor Michelle Bowman issued a statement supporting both the issuance of the ANPR and the approval of U.S. Bancorp’s application, but questioned the appropriateness of imposing Category II requirements on a one-off basis. The OCC’s approval was conditioned, among other things, on U.S. Bank making plans for its possible operability in the event of a resolution in order to facilitate its sale to more than one acquiring institution.

Article By Daniel Meade of Cadwalader, Wickersham & Taft LLP

For more financial legal news, click here to visit the National Law Review.

© Copyright 2022 Cadwalader, Wickersham & Taft LLP

November 2022 Visa Bulletin – A Warning for EB-2 All Other Countries

The Visa Bulletin is released monthly by the Department of State and is used to determine when a sponsored foreign national can submit the final step of the green card process, or if already pending, when the final step can be adjudicated.

Below is a summary of the November Visa Bulletin, including Final Action Dates and changes from the previous month.

China:   EB-1 remains current; EB-2 holds at June 8, 2019; EB-3 freezes at June 15, 2018; EB-3 other workers advances three months to December 1, 2012.

India:   EB-1 remains current; EB-2 holds at April 1, 2012; EB-3 freezes at April 1, 2012; and EB-3 other workers remains April 1, 2012.

All Other Countries:   EB-1, EB-2 and EB-3 remain current (except for EB-3 Other Workers which has a cutoff date of June 1, 2020).

NOTE 1:  The November Visa Bulletin warns of possible future retrogression in the EB-2 All Other Countries category due to increased demand for overall visa numbers.

NOTE 2: USCIS will accept I-485 applications in November based on the Department of State’s slightly more favorable Dates for Filing chart.

This post was written by Courtland C. Witherup and the Immigration & Nationality Law Practice at Hunton Andrews Kurth.

For more immigration legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

USTR Seeks Comments on Section 301 Tariffs on Chinese Goods; Portal Opens Nov. 15

The Office of the U.S. Trade Representative (USTR) announced Oct. 17 that starting Nov. 15, it will begin soliciting comments on the effectiveness of Section 301 tariffs the Trump administration placed on Chinese goods. The notice and request for comments relate to USTR’s ongoing four-year statutory review of the Section 301 investigation of China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation.

In the Federal Registrar Notice, USTR said it is seeking “public comments on the effectiveness of the actions in achieving the objectives of the investigation, other actions that could be taken, and the effects of such actions on the United States economy, including consumers.”

The USTR is specifically interested in comments on the following:

  • The effectiveness of the actions in obtaining the elimination of China’s acts, policies, and practices related to technology transfer, intellectual property, and innovation.
  • The effectiveness of the actions in counteracting China’s acts, policies, and practices related to technology transfer, intellectual property, and innovation.
  • Other actions or modifications that would be more effective in obtaining the elimination of or in counteracting China’s acts, policies, and practices related to technology transfer, intellectual property, and innovation.
  • The effects of the actions on the U.S. economy, including on U.S. consumers.
  • The effects of the actions on domestic manufacturing, including in terms of capital investments, domestic capacity and production levels, industry concentrations, and profits.
  • The effects of the actions on U.S. technology, including in terms of U.S. technological leadership and U.S. technological development.
  • The effects of the actions on U.S. workers, including with respect to employment and wages.
  • The effects of the actions on U.S. small businesses.
  • The effects of the actions on U.S. supply chain resilience.
  • The effects of the actions on the goals of U.S. critical supply chains.
  • Whether the actions have resulted in higher additional duties on inputs used for additional manufacturing in the United States than the additional duties on particular downstream product(s) or finished good(s) incorporating those inputs.

The continuing assessment of these additional duties has been criticized by some business groups and lawmakers who believe they have hurt both U.S. businesses and U.S. consumers but have not checked China’s behavior. They also have called for the reinstatement of previously issued exclusions and for a new, robust tariff exclusion process. Some labor and civil society groups, however, want the tariffs to remain in place. The fate of these tariffs is closely tied to the Biden administration’s ongoing review and the overall U.S.–China trade relationship. The controversial tariff program that covers upwards of $300 billion worth of imports from China has sparked lawsuits from more than 3,500 importers.

The comment period begins on Nov. 15 and extends until Jan. 17. USTR said it will post specific questions on its website Nov. 1 before the portal opens.

Article By Laura Siegel Rabinowitz, Donald S. Stein, and Madeline Orlando of Greenberg Traurig, LLP

For more trade regulation news, click here to visit the National Law Review.

©2022 Greenberg Traurig, LLP. All rights reserved.

Presidential Pardon for Simple Marijuana Possession Leaves Out Many

Severe immigration consequences for certain non-U.S. citizens remain despite President Joe Biden’s pardon of all prior federal offenses for simple marijuana possession.

On October 6, 2022, President Biden took a major step toward the decriminalization of marijuana, pardoning all prior federal offenses for simple marijuana possession. Although this pardon will affect only approximately 6,500 individuals who were convicted of simple marijuana possession under federal law before October 6, 2022, it does not affect the much larger number of individuals who have been convicted of a marijuana possession offense under state law. To the disappointment of immigration advocates, the pardon does not benefit non-U.S. citizens who were not lawfully present in the United States at the time of their conviction, even if their conviction was under federal law.

Moreover, because marijuana is still listed as a Schedule I drug under the federal Controlled Substances Act:

  • Non-U.S. citizens can still be denied entry to the country for use of marijuana or for working or actively investing in the marijuana industry;

  • Immigration authorities may deny a non-U.S. citizen’s application for lawful permanent residence (green card) or naturalization on the ground that they have a conviction for a marijuana-related offense, an admission by the non-U.S. citizen that they have used marijuana in the past, or that they have worked or is actively investing in the marijuana industry; and

  • The Department of Homeland Security can still place individuals, including green card holders, into removal proceedings (deportation) as a result of marijuana-related offenses, unless the conviction was for simple possession of less than 30 grams.

In his order, President Biden urged governors to consider similar state law pardons for simple marijuana possession charges, which might affect many more individuals. President Biden has also asked the Department of Health and Human Services to consider changing the current Schedule I classification for marijuana. If one of these changes occurred, non-U.S. citizens would substantially benefit, as their state convictions for marijuana-related offenses might be pardoned, thus lowering the negative consequences for immigration purposes.

For now, however, non-U.S. citizens should still be wary of marijuana use, or working or investing in the marijuana industry, even in places in the United States or abroad where those activities are legal. While there may not be federal prosecutions for the use and possession of marijuana, there may be severe immigration consequences for non-U.S. citizens, because the use and possession of marijuana remains illegal in certain states.

Article By Carolina Guiral Cuervo of Jackson Lewis P.C.

Jackson Lewis P.C. © 2022

Legal Standing in Trademark Non-Use Cancellation Actions

In recent years the Mexican Patent and Trademark Office (IMPI) allowed the possibility that complainants credit their legal standing on trademark non-use cancellation proceedings through the existence of a trademark application without the need of initially demonstrating that such application was blocked to registration in view of the prior existence of third parties’ confusingly similar registered marks, as long as the official action citing the conflicting registration as pertinent barrier was submitted as subsequent evidence in the proceeding.

Accordingly, it started to be a common practice to file non-use cancellation actions submitting as evidence a certified copy of the trademark application serving as a basis to attack the registration not being used accompanied with the results of an availability search showing the existence of the registration subject to the proceeding.

Nonetheless, such criteria adopted by IMPI was revoked by the Federal Court of Administrative Affairs and by Federal Circuit Courts sustaining that legal standing must be credited initially along with the complaint without being possible to do it at a later stage by submitting the evidence attesting that IMPI objected the registration of complainant’s trademark application on grounds of likelihood of confusion because of the existence of defendant’s registration.

The Court’s reasonings behind the revocation of such criteria were mainly based on legal certainty arguments stating that legal standing can only born when a formal objection is raised by IMPI communicating to the applicant the existence of a citation based on likelihood of confusion.

Therefore, IMPI is now starting to analyze and solve non-use cancellation actions following the Court’s legal reasonings stating that legal standing must be credited initially along with the complaint, without enabling complainants to credit such standing subsequently.

Consequently, it is advisable that titleholders file non-use cancellation actions only after being served with the official actions communicating the existence of pertinent barriers blocking the registration.

Article By Jaime Rodríguez of OLIVARES

For more intellectual property legal news, click here to visit the National Law Review.

© 2005-2022 OLIVARES Y COMPAÑIA S.C.

White House Office of Science and Technology Policy Releases “Blueprint for an AI Bill of Rights”

On October 4, 2022, the White House Office of Science and Technology Policy (“OSTP”) unveiled its Blueprint for an AI Bill of Rights, a non-binding set of guidelines for the design, development, and deployment of artificial intelligence (AI) systems.

The Blueprint comprises of five key principles:

  1. The first Principle is to protect individuals from unsafe or ineffective AI systems, and encourages consultation with diverse communities, stakeholders and experts in developing and deploying AI systems, as well as rigorous pre-deployment testing, risk identification and mitigation, and ongoing monitoring of AI systems.

  2. The second Principle seeks to establish safeguards against discriminative results stemming from the use of algorithmic decision-making, and encourages developers of AI systems to take proactive measures to protect individuals and communities from discrimination, including through equity assessments and algorithmic impact assessments in the design and deployment stages.

  3.  The third Principle advocates for building privacy protections into AI systems by default, and encourages AI systems to respect individuals’ decisions regarding the collection, use, access, transfer and deletion of personal information where possible (and where not possible, use default privacy by design safeguards).

  4. The fourth Principle emphasizes the importance of notice and transparency, and encourages developers of AI systems to provide a plain language description of how the system functions and the role of automation in the system, as well as when an algorithmic system is used to make a decision impacting an individual (including when the automated system is not the sole input determining the decision).

  5. The fifth Principle encourages the development of opt-out mechanisms that provide individuals with the option to access a human decisionmaker as an alternative to the use of an AI system.

In 2019, the European Commission published a similar set of automated systems governance principles, called the Ethics Guidelines for Trustworthy AI. The European Parliament currently is in the process of drafting the EU Artificial Intelligence Act, a legally enforceable adaptation of the Commission’s Ethics Guidelines. The current draft of the EU Artificial Intelligence Act requires developers of open-source AI systems to adhere to detailed guidelines on cybersecurity, accuracy, transparency, and data governance, and provides for a private right of action.

For more Technology Legal News, click here to visit the National Law Review.
Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

IRS Delays Additional Amendment Deadlines for Major Retirement Legislation

The IRS has extended additional deadlines for required retirement plan amendments, similar to the extensions we discussed last month found here. Notice 2022-45 extends the deadline for amending qualified retirement plans to comply with certain provisions of:

  • The Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”)

  • The Taxpayer Certainty and Disaster Tax Relief Act of 2020 (“Relief Act”)

Notice 2022-45 specifically extends the amendment deadlines for Section 2202 of the CARES Act and Section 302 of the Relief Act. Section 2202 of the CARES Act permitted plans to: (1) provide coronavirus-related distributions, (2) increase retirement plan loan sizes, and (3) pause retirement plan loan payments. Section 302 of the Relief Act permitted qualified disaster distributions.

Notice 2022-45 extends the amendment deadlines relating to the applicable provisions in the CARES and Relief Acts for non-governmental qualified plans and 403(b) plans to December 31, 2025. Governmental plans (including qualified plans, 403(b) plans maintained by public schools, and 457(b) plans) are granted further delays depending on the underlying circumstances of the plan sponsor.  These extended deadlines under Notice 2022-45 align with the previous deadline extensions under Notice 2022-33. Accordingly, most plan sponsors will be able to adopt a single amendment to comply with the SECURE Act, BAMA, the CARES Act, and the Relief Act.

Notably, tax-exempt 457(b) plans do not appear to be covered by the relief granted by either Notice 2022-33 or Notice 2022-45. Accordingly, these plans remain subject to a December 31, 2022, amendment deadline.

Article By Brian T. Gallagher, Samantha A. Kopacz, and Samuel L. Parks of Miller Canfield

For more tax law legal news, click here to visit the National Law Review.

© 2022 Miller, Canfield, Paddock and Stone PLC

BREAKING NEWS: Biden to Pardon Federal Marijuana Possession Convictions

In a historic move, today, President Joe Biden announced a three-step program to bring broad changes to federal cannabis policy. As an initial step towards reform, President Biden will pardon all federal offenders convicted of simple marijuana possession. According to administration officials, the pardons will be issued through an administration process overseen by the Department of Justice. Those eligible for the pardons will receive documentation showing they were officially forgiven for their crime.

“No one should be in jail just for using or possessing marijuana,” Biden said in a video announcing his executive actions. “It’s legal in many states, and criminal records for marijuana possession have led to needless barriers to employment, housing, and educational opportunities. And that’s before you address the racial disparities around who suffers the consequences. While white and Black and brown people use marijuana at similar rates, Black and brown people are arrested, prosecuted, and convicted at disproportionate rates.”

“Too many lives have been upended because of our failed approach to marijuana. It’s time that we right these wrongs,” the President said.

As a second step in the program, Biden also encouraged Governors to take similar steps to pardon state simple cannabis possession charges.

And as the last step in this program, President Biden directed the Department of Health and Human Services and Attorney General Merrick Garland to “expeditiously” review the cannabis’s status as a Schedule I controlled drug pursuant to the federal Controlled Substances Act.

Article By Sarah A. K. Blitz and Whitney Hodges of Sheppard, Mullin, Richter & Hampton LLP

For more cannabis legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.