Tag: crime

Ankura CTIX FLASH Update – January 3, 2023

Malware Activity

Louisiana’s Largest Medical Complex Discloses Data Breach Associated to October Attack

On December 23rd, 2022, the Lake Charles Memorial Health System (LCMHS) began sending out notifications regarding a newly discovered data breach that is currently impacting approximately 270,000 patients. LCMHS is the largest medical complex in Lake Charles, Louisiana, which contains multiple hospitals and a primary care clinic. The organization discovered unusual activity on their network on October 21, 2022, and determined on October 25, 2022, that an unauthorized actor gained access to the organization’s network as well as “accessed or obtained certain files from [their] systems.” The LCMHS notice listed the following patient information as exposed: patient names, addresses, dates of birth, medical record or patient identification numbers, health insurance information, payment information, limited clinical information regarding received care, and Social Security numbers (SSNs) in limited instances. While LCMHS has yet to confirm the unauthorized actor responsible for the data breach, the Hive ransomware group listed the organization on their data leak site on November 15, 2022, as well as posted files allegedly exfiltrated after breaching the LCMHS network. The posted files contained “bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more.” It is not unusual for Hive to claim responsibility for the associated attack as the threat group has previously targeted hospitals/healthcare organizations. CTIX analysts will continue to monitor the Hive ransomware group into 2023 and provide updates on the Lake Charles Memorial Health System data breach as necessary.

Threat Actor Activity

Kimsuky Threat Actors Target South Korean Policy Experts in New Campaign

Threat actors from the North Korean-backed Kimsuky group recently launched a phishing campaign targeting policy experts throughout South Korea. Kimsuky is a well-aged threat organization that has been in operation since 2013, primarily conducting cyber espionage and occasional financially motivated attacks. Aiming their attacks consistently at entities of South Korea, the group often targets academics, think tanks, and organizations relating to inter-Korea relations. In this recent campaign, Kimsuky threat actors distributed spear-phishing emails to several well-known South Korean policy experts. Within these emails, either an embedded website URL or an attachment was present, both executing malicious code to download malware to the compromised machine. One (1) tactic the threat actors utilized was distributing emails through hacked servers, masking the origin IP address(es). In total, of the 300 hacked servers, eighty-seven (87) of them were located throughout North Korea, with the others from around the globe. This type of social engineering attack is not new for the threat group as similar instances have occurred over the past decade. In January 2022, Kimsuky actors mimicked activities of researchers and think tanks in order to harvest intelligence from associated sources. CTIX continues to urge users to validate the integrity of email correspondence prior to visiting any embedded emails or downloading any attachments to lessen the risk of threat actor compromise.

Vulnerabilities

Netgear Patches Critical Vulnerability Leading to Arbitrary Code Execution

Network device manufacturer Netgear has just patched a high-severity vulnerability impacting multiple WiFi router models. The flaw, tracked as CVE-2022-48196, is described as a pre-authentication buffer overflow security vulnerability, which, if exploited, could allow threat actors to carry out a number of malicious activities. These activities include stealing sensitive information, creating Denial-of-Service (DoS) conditions, as well as downloading malware and executing arbitrary code. In past attacks, threat actors have utilized this type of vulnerability as an initial access vector by which they pivot to other parts of the network. Currently, there is very little technical information regarding the vulnerability and Netgear is temporarily withholding the details to allow as many of their users to update their vulnerable devices to the latest secure firmware. Netgear stated that this is a very low-complexity attack, meaning that unsophisticated attackers may be able to successfully exploit a device. CTIX analysts urge Netgear users with any of the vulnerable devices listed in Netgear’s advisory to patch their device immediately.

For more cybersecurity news, click here to visit the National Law Review.

Copyright © 2023 Ankura Consulting Group, LLC. All rights reserved.

When Your Business Partner Uses Company Money to Purchase Assets for Himself, You Have a Remedy – If You Don’t Wait Too Long

Minority owners of closely-held businesses are often shocked to learn what their business partner – usually the majority owner – has been doing with the company’s money.  In some cases, an investigation reveals that your worst suspicions are true, and your partner has actually started a competing company on the side.  But diverting assets and resources can often have results other than an active, competing business.  Sometimes embezzlement is as simple as company funds being used to purchase assets – such as real estate – in which you, of course, have no ownership interest.  This can be done by having the jointly-owned company purchase the land outright, or make the mortgage payments on property your business partner has cut you out of.  Either way, joint money is being used to subsidize your partner’s solo venture.

I have had clients come to me believing that because they do not have an ownership interest in an asset, they cannot possibly have any rights to it, or in it.  But that is not necessarily true.  For example, in New Jersey, if you are a 1/3 owner of a company, and the 2/3 majority owner uses company money to buy real property, you may have an excellent argument that you should be legally recognized as a 1/3 owner of the property, or at least be entitled to 1/3 of any profits or proceeds from it. Similarly, if company monies are used to start a competing company, you may be entitled to be awarded 1/3 ownership of that competing company, or at least damages equaling 1/3 of that company’s profits.

The logic is obvious – 1/3 of the money improperly used effectively belongs to you.  However, many business owners suspect something like this for years but fail to act, usually because they think it’s too late once the money is gone.  If you believe money is unaccounted for in your own company, you are entitled to answers.  If you can’t understand why your business partner is suddenly devoting time to other business ventures, but will not explain to you what he is doing, you are entitled to answers.  If you do a search and learn that your business partner owns real estate, and you can’t understand how he paid for it and want to know if any of your money was used, you are entitled to answers.  You can get those answers in court – but the fact that you are entitled to do so should help you get them without resorting to a disruptive and expensive judicial filing.

When, exactly, you learned of the embezzlement will impact how long you have to take action before it is legally too late.  So if you have suspicions, don’t wait to seek legal advice.  You just may have more rights than you realize.

©2022 Norris McLaughlin P.A., All Rights Reserved
For more content on business law, please visit the NLR White Collar Crime & Consumer Rights section.

SEC Issues Two Whistleblower Awards for Independent Analysis

On February 18, the U.S. Securities and Exchange Commission (SEC) announced two whistleblower awards issued to individuals who provided independent analysis to the SEC which contributed to a successful enforcement action. One whistleblower received an award of $375,000 while the other received $75,000.

According to the award order, the whistleblowers “each voluntarily provided original information to the Commission that was a principal motivating factor in Enforcement staff’s decision to open an investigation.”

Through the SEC Whistleblower Program, qualified whistleblowers, individuals who voluntarily provide original information which leads to a successful enforcement action, are entitled to a monetary award of 10-30% of funds recovered by the government.

A 2020 amendment to the whistleblower program rules established a presumption of a statutory maximum award of 30% in cases where the maximum award would be less than $5 million and where there are no negative factors present. The SEC notes that this presumption did not apply to the two newly awarded whistleblowers. According to the SEC, the first whistleblower unreasonably delayed in reporting their disclosure and the second whistleblower only provided limited assistance.

In the award order, the SEC justifies its decision to grant the first whistleblower a larger award than the second. According to the SEC, the first whistleblower’s disclosure included high quality about an issue which “was the basis for the bulk of the sanctions in the Covered Action” whereas the second whistleblower’s disclosure did not touch on this pivotal issue. Furthermore, the first whistleblower provided significant ongoing assistance to the SEC staff while the second whistleblower did not.

Since issuing its first award in 2012, the SEC has awarded approximately $1.2 billion to 247 individuals. Before blowing the whistle to the SEC, individuals should first consult an experienced SEC whistleblower attorney to ensure they are fully protected under the law and qualify for the largest award possible.

Article By Mary Jane Wilmoth of Kohn, Kohn & Colapinto. Geoff Schweller also contributed to this article.

For more whistleblower and white collar crime legal news, click here to visit the National Law Review.

Copyright Kohn, Kohn & Colapinto, LLP 2022. All Rights Reserved.