Matthew Loffredo is an associate in Dykema’s Privacy and Data Security Group and is a Certified Information Privacy Professional (CIPP/US). Mr. Loffredo's practice focuses on helping clients guard against legal and regulatory exposure through prompt response to data security incidents and proactive compliance with privacy laws. Prior to joining Dykema, Mr. Loffredo litigated insurance subrogation cases involving data security and technology claims on behalf of Fortune 500 insurance companies.

While in law school, Mr. Loffredo helped found Chicago-Kent’s Cyber Security and Data Privacy Society and participated in oral advocacy competitions as a member of the Moot Court Honor Society. Mr. Loffredo also served as a Judicial Extern for the Honorable Brigid Mary McGrath in the Circuit Court of Cook County. Before attending law school, Mr. Loffredo worked in the information technology industry where he supported computer networking and security products such as enterprise firewalls, backup and recovery software, and video surveillance systems.

Our first segment on APTs focused on the nature of the APT threat and the industries and data most at risk of these attacks. This section provides an in-depth overview of APT attack patterns and specific examples of APT attacks. Generally speaking, APT attack patterns overlap with popular cybersecurity attack pattern frameworks, such MITRE’s “PRE-ATT&CK and ATT&CK” and Lockheed Martin’s “Cyber Kill Chain” framework These frameworks break down network attacks into a series of stages that explain a threat actor’s conduct at each step of the attack. Although a number of threat actors and APTs share the attack patterns these frameworks describe, APT attacks approach these steps in a unique manner.
Continue Reading U.S. Cyber Intelligence Warning Highlights Security Threat From Nation-Sponsored Advanced Persistent Threats (APTs) – Part 2

The U.S. Departments of State, Treasury, and Homeland Security, and the Federal Bureau of Investigation recently released a joint advisory (the “Advisory”) outlining a number of cyber theft, ransomware, and money laundering operations originating from organized hacking groups sponsored by the North Korean government. According to the Advisory, these state-sponsored hacking groups have attempted to steal as much as $2 billion through cyber-enabled thefts on financial institutions as of late 2019, and are known to use automated digital currency transactions to launder their ill-gotten gains. These cyber-theft operations are among the latest in the list of high-profile breaches these actors are believed to have been responsible for, including the WannaCry 2.0 ransomware that hit a number of hospitals and corporations in the United States and abroad in May 2017, and the Sony Pictures Entertainment breach in November 2014.
Continue Reading U.S. Cyber Intelligence Warning Highlights Security Threat From Nation-Sponsored Advanced Persistent Threats (APTs) – Part 1