Top Stories

The FBI, the Treasury Department, and the Israel National Cyber Directorate have issued a Cybersecurity Advisory (CSA) to warn network defenders of new cyber tradecraft of the Iranian cyber group Emennet Pasargad, which has been operating under the company name Aria Sepehr Ayandehsazan (ASA) and is known by the private sector terms Cotton Sandstorm, Marnanbridge, and Haywire Kitten.

The group exhibited new tradecraft in its efforts to conduct cyberenabled information operations into mid-2024 using a myriad of cover personas, including multiple cyber operations that occurred during and targeting the 2024 Summer Olympics – including the compromise of a French commercial dynamic display provider. ASA has also undertaken a project to harvest content from IP cameras and used online resources related to Artificial Intelligence. Since 2023, the group has exhibited new tradecraft including the use of fictitious hosting resellers to provision operational server infrastructure to its own actors as well as to an actor in Lebanon involved in website hosting. Recently released reporting from Microsoft indicates this group has demonstrated interest in election-related websites and media outlets, suggesting preparations for future influence operations.

The CSA provides the threat group’s tactics, techniques, and procedures (TTPs), including its leveraging of online resources related to Artificial Intelligence, and indicators of compromise (IOCs). The CSA also highlights similar activity from a previous FBI advisory that was published on 20 October 2022. This new advisory’s information and guidance are derived from FBI investigative activity and technical analysis of this group’s intrusion activity against U.S. and foreign organizations and engagements with numerous entities impacted by this malicious activity.

The authoring agencies recommend all organizations follow guidance provided in the Mitigations section to defend against the Iranian cyber group’s activities.

The Federal Housing Finance Agency has announced its issuance of Advisory Bulletin 2024-05, "Affordable Housing Program: Determining the Need for Affordable Housing Program Subsidy In Rental Projects," that simplifies the process for project sponsors to receive Federal Home Loan Bank (FHLBank) funds for affordable housing projects.

The Advisory Bulletin reinforces the importance of scrutinizing funding requests, using rigorous feasibility guidelines based on sound reasoning, to ensure that Affordable Housing Program (AHP) funds support the projects most in need. The bulletin provides for a streamlined compliance process and eliminates uncertainty for project sponsors about the amount of their AHP award. It also provides further clarity to the FHLBanks on determining the need for an AHP subsidy when a rental project includes capitalized reserves and supportive services.

The CFPB yesterday announced action against VyStar Credit Union for harming consumers through its botched rollout of a new online banking system. In May 2022, VyStar transitioned to a new, dysfunctional online banking platform that made it difficult for credit union members to perform basic banking functions for weeks, with some features unavailable for more than six months. Families incurred fees and costs as a result of these problems. The CFPB is ordering VyStar to ensure that all consumers are made whole. VyStar must also pay a $1.5 million civil penalty to the CFPB’s victims relief fund.

VyStar, formerly known as JAX Navy Federal Credit Union, is a Florida state-chartered credit union headquartered in Jacksonville with 70 branches in Florida and 10 branches in Georgia. VyStar is one of the largest credit unions in the country, with approximately $14.75 billion in total assets and over 980,000 members. In May 2022, VyStar attempted to launch a new virtual banking platform. VyStar anticipated banking services would be inaccessible for several days during the transition to the new platform, but it turned out to be much longer. The new system crashed upon launch because VyStar brought it online prematurely and failed to establish or follow critical processes to ensure its success. The platform was taken offline soon after launch. Upon bringing the system back online, the new platform lacked key banking services, some of which were not restored for months.

For further details, see “VyStar CU pays $1.5M for botched systems upgrades” in BankersOnline’s Penalties pages.

• NCUA Chairman Harper and Board Member Otsuka Statements on CFPB's VyStar Credit Union action

Yesterday, the Treasury Department reported that OFAC had sanctioned five Mexican nationals and two Mexico-based entities linked to La Linea, a violent Mexico-based drug trafficking organization responsible for trafficking fentanyl and other deadly drugs into the United States.

See BankersOnline’s October 31, 2024, OFAC Update for the names and identifying information of the designated individuals and businesses .

The Federal Reserve System has issued the third 2024 issue of Consumer Compliance Outlook. This issue includes articles on:

• Top Federal Reserve System Compliance Violations in 2023 Under the Flood Disaster Protection Act of 1973
• Top Federal Reserve System Compliance Violations in 2023 Under the Real Estate Settlement Procedures Act and Regulation X
• Consumer Compliance Requirements for Purchasers of Residential Mortgage Loans
• Consumer Compliance Requirements for Servicers of Purchased Mortgage Loans

The CFPB yesterday announced it has joined with the Centers for Medicare & Medicare Services (CMS) in a joint statement to protect people with Medicare living at or below the poverty line from unlawful medical bills. These people in the Qualified Medicare Beneficiary group represent about one in eight Medicare recipients nationwide. Federal law generally prohibits healthcare providers who accept Medicare from billing these people – referred to as “QMBs” – for cost-sharing, such as co-pays or deductibles.

The agencies' joint statement emphasizes that Traditional Medicare providers and suppliers, Medicare Advantage providers and suppliers, and debt collectors can be sanctioned by CMS or be liable under federal law for improperly billing these recipients. CMS is also releasing new resources clarifying that healthcare providers must refund any improper charges, regardless of whether they received incorrect information about a recipient's QMB status from Medicare Advantage plans.

The joint statement describes the CMS guidance issued yesterday and explains how the laws that the CFPB administers and enforces apply to improper debt collection of QMBs. Specifically, the statement explains:

• Debt collectors may not collect on improper and inaccurate bills targeting Medicare beneficiaries. The Fair Debt Collection Practices Act prohibits collecting bills that are not actually owed or are in the wrong amount.
• Debt collectors may not tarnish credit reports with improper and inaccurate bills. Furnishing inaccurate information may violate the Fair Credit Reporting Act, and may also demonstrate that furnishers do not verify the accuracy of information they furnish.

FDIC FIL-77-2024, issued yesterday, describes steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas affected by the Havasupai Tribe Flooding August 22–23, 2024..

The Federal Emergency Management Agency today published [89 FR 87299] a final rule revising the National Flood Insurance Program's regulations to offer NFIP policyholders who are not required to escrow their premiums and fees for flood insurance the option of paying their annual flood insurance premium in monthly installments.

The rule will become effective December 31, 2024.