Posts

Showing posts with the label threat actor

Expel Annual Threat Report Shows Identity Compromise Continues to Be Threat Actors’ Favorite Tool

Cybersecurity firm Expel recently published its 2026 Threat Report, which analyzed over 1,000,000 alerts in its Security Operations Center throughout 2025. The results showed that threat actors continue to use compromised credentials to gain access to company systems. The Report highlights the need for companies to educate their employees on an ongoing basis of how important it is to protect their usernames and passwords and to be highly vigilant when being asked to divulge them. According to the Report, more than 68% of reported incidents were identity-based: where a threat actor attempts to use an authorized user’s credentials to access a company’s network . Many used agents that the organization did not authorize, a clear indication that it was not the authorized user trying to logon. In addition, 12% of incidents involved a logon from a suspicious location, showing that companies may wish to monitor and block any logon attempts from unauthorized locations, including foreign countri...

NYDFS Imposes $2M Penalty for Violations of its Cybersecurity Regulation

Consent order between New York state regulator and company highlights multi-factor authentication requirement and failure to timely report the Cyber Event. The New York State Department of Financial Services (NYDFS) announced on  August 14, 2025 , resolution of civil enforcement action requiring Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty under a  consent order   for violations of the  NYDFS cybersecurity regulation  (23 NYCRR Part 500) . The NYDFS alleges in the consent order that a threat actor gained access to Healthplex’s information systems through a phishing attack on an employee’s email account, and that Healthplex’s cybersecurity program was not adequately calibrated to protect against, mitigate or respond to the incident. As a result, the threat actor gained access to the private health data and sensitive nonpublic information (NPI) of tens of thousands of consumers. The consent order states t...