Category: Hedge/Alternative Funds

23
Jul

Amendments to Form ADV and the Books and Records Rule

An investment adviser filing an initial Form ADV or an amendment to an existing Form ADV on or after October 1, 2017 will be required to use a revised Form ADV.  (Changes to Form ADV can be found here: https://www.sec.gov/rules/final/2016/ia-4509-form-adv-summary-of-changes.pdf)  Additionally, amendments to Rule 204-2 (the “Books and Records Rule”) of the Investment Advisers Act of 1940 will apply to communications circulated or distributed after October 1, 2017.

Amendments to Form ADV will require an adviser to provide additional information regarding its advisory business, including information regarding its separately managed account business, other offices, and social media accounts for which the adviser is able to control the content associated with the account (e.g., Facebook, Twitter and LinkedIn). The amended Form ADV will also create an “umbrella registration” on a single Form ADV (within a new Schedule R) for multiple private fund adviser entities operating a single advisory business under certain conditions.

In addition, amendments to the Books and Records Rule will modify recordkeeping obligations as to certain materials relating to an adviser’s performance or rate of return. For example, the amended rule will require advisers to maintain materials that demonstrate the calculation of performance or rate of return in any communication circulated or distributed directly or indirectly to “any person” rather than to “10 or more persons” as the rule currently requires.  These amendments considerably expand the scope of the Books and Records Rule to encompass all performance related communications, including but not limited to custom calculations requested by a single investor or potential investor. Additionally, advisers will now be required to retain original copies of all written communications related to performance or rate of return that are sent to or received from any third party.

All advisers are encouraged to promptly review their current operational practices and determine what modifications, if any, will be necessary to ensure continued compliance with all applicable regulations.

The Final rule can be found here: https://www.sec.gov/rules/final/2016/ia-4509.pdf

7475 GFS-7/25/2017
2182-NLD-7/26/2017

27
Jun

Don’t Let Malware Make You “Wanna Cry”

On May 12, 2017, an unprecedented wave of ransomware spread via the internet hitting organizations and individuals around the world. The ransomware known as “WannaCry” quickly became front page news.  The purpose of the ransomware, developed by cyber-criminals, was to extort money. The way it accomplished this was to infect unpatched Windows PCs and encrypt 176 different file types (picture files, documents, spread sheets, video files, database files, etc.) leaving the files inaccessible. Then, to unencrypt the files, a ransom had to be paid using the cryptocurrency known as Bitcoin. Average ransom amounts started at $300 and increased incrementally over time until, at seven days, if unpaid, all encrypted files were permanently deleted from the user’s system and lost forever.

The malware was delivered through a hyperlink that could be embedded in emails, web page advertisements, or in a Dropbox links. If a user clicked on any of these links, the PC secretly accessed a website where the virus resided. If the PC did not have the appropriate PC patches or anti-virus software installed, the PC downloaded malicious code which then started the file encryption process and displayed the following message:

message.png

Hundreds of thousands of PCs around the world were impacted by this virus. Hospitals, banks, and telecommunications companies were some of the hardest hit industries.

NorthStar Financial Services Group, LLC (NorthStar), and our subsidiaries (CLS, Orion, and the Gemini Companies*) avoided this outbreak. But how?

At NorthStar, before any computer traffic enters the network, it has to pass through a series of hardware devices and software which closely inspects all bits and bytes for malicious content. Based on very complex and sophisticated rules, logic, and algorithms, some traffic is blocked outright, some is quarantined for review, and the rest is allowed onto the network. However, even with these tools in place, it is possible for new variants of malware to come up and make it past these tools. In the event something does slip through our perimeter defenses, NorthStar also has tools that reside on servers, desktop PCs, and laptops to contain and mitigate any compromise. These tools add an additional layer of protection to detect, prevent, quarantine, and clean malicious content from end-point devices (PCs, Laptops, SmartPhones, etc.).

For those who are interested in technical details, below is a list of many of NorthStar’s security tools and what they do:

  • Email Security Gateway: this product scans all inbound emails and searches them for malicious attachments and embedded links that could take users to malicious sites. If found, the software will quarantine the emails for review or outright delete them if known to be malicious.
  • Intrusion Detection\Intrusion Prevention Systems (IDS\IPS): These systems inspect network traffic at a very low level (bits and bytes). Upon detection of suspicious content, they will automatically block it before it can enter NorthStar’s systems. In addition, these systems filter out traffic from specific geographical locations known to be the source of malware (e.g. Russia, Iran, etc.).
  • Advanced Network Anti-Malware: These systems scan for and detect attacks and malicious network packets as well as command and control communications. “Command and control communications” is when malware communicates back to a home base for additional attack code or content. WannaCry is an example of malware that uses command and control communications.
  • Web Filtering: Web filtering programs block access to sites that have known malicious content. NorthStar’s web filtering software is actively updated with lists of malicious sites, so as soon as any site is registered or detected to have the ability to spread malicious content, it is automatically updated and will block users from accessing those sites.
  • Advanced EndPoint Anti-Malware: This is advanced anti-malware tools installed on the end-point (PC installed). It works similarly to and in conjunction with NorthStar’s Advanced Network Anti-Malware, but on the PC level as opposed to the network level.
  • Anti-Virus Software: This is a traditional Anti-Virus program which actively scans and monitors traffic to and from each PC looking for malicious software. In addition, the software utilizes traditional anti-virus scans of a PC’s local hard drive to detect anything that might be on the hard drive, but not active.
  • Log Collection: This is a system which collects and analyzes PC, server, and network logs looking for questionable activity WITHIN the internal networks searching for activity that could get in via an internal source like a PC USB port, a DVD, or personal computer plugged into a company network port (which is strictly forbidden in our Employee Policy Manual).
  • NorthStar also has robust data recovery tools that can be used to quickly recover systems and data if such an attack like this was successful and original files needed to be restored.

In addition to having the above tools in place, NorthStar ITOC took the following additional steps and precautions when the WannaCry outbreak was discovered:

  • NorthStar double checked that the appropriate Microsoft patches were installed which stop this virus.
  • NorthStar enabled Snort Rule 42340 – A new rule for our IDS\IPS systems which was developed to stop WannaCry once it was detected and started spreading.
  • NorthStar confirmed firewalls were blocking malicious traffic on the specific ports\channels the virus communicated over.
  • NorthStar confirmed TOR network blocking – TOR is an external anonymous network that is notorious for spreading malicious content, so we doubled checked our settings to make sure we were blocking this traffic.
  • NorthStar confirmed all Advanced Malware Protection systems and software had been updated to detect this ransomware signature.
  • NorthStar confirmed the email security gateway was scanning for this specific malware signature.

As you can see, NorthStar takes cybersecurity very seriously. From the technical tools in place to the audited and certified ISO 27001 processes and controls, NorthStar is committed to investing the necessary time and money for industry leading technology, processes, and people.

*The Gemini Companies include: Gemini Fund Services, LLC; Gemini Alternative Funds, LLC; Gemini Hedge Fund Services, LLC; Northern Lights Distributors, LLC; Northern Lights Compliance Services, LLC; and Blu Giant, LLC

7444 GFS-6/26/2017
2147-NLD-6/26/2017

27
Jun

Don’t Let Malware Make You “Wanna Cry”

On May 12, 2017, an unprecedented wave of ransomware spread via the internet hitting organizations and individuals around the world. The ransomware known as “WannaCry” quickly became front page news.  The purpose of the ransomware, developed by cyber-criminals, was to extort money. The way it accomplished this was to infect unpatched Windows PCs and encrypt 176 different file types (picture files, documents, spread sheets, video files, database files, etc.) leaving the files inaccessible. Then, to unencrypt the files, a ransom had to be paid using the cryptocurrency known as Bitcoin. Average ransom amounts started at $300 and increased incrementally over time until, at seven days, if unpaid, all encrypted files were permanently deleted from the user’s system and lost forever.

The malware was delivered through a hyperlink that could be embedded in emails, web page advertisements, or in a Dropbox links. If a user clicked on any of these links, the PC secretly accessed a website where the virus resided. If the PC did not have the appropriate PC patches or anti-virus software installed, the PC downloaded malicious code which then started the file encryption process and displayed the following message:

message.png

Hundreds of thousands of PCs around the world were impacted by this virus. Hospitals, banks, and telecommunications companies were some of the hardest hit industries.

NorthStar Financial Services Group, LLC (NorthStar), and our subsidiaries (CLS, Orion, and the Gemini Companies*) avoided this outbreak. But how?

At NorthStar, before any computer traffic enters the network, it has to pass through a series of hardware devices and software which closely inspects all bits and bytes for malicious content. Based on very complex and sophisticated rules, logic, and algorithms, some traffic is blocked outright, some is quarantined for review, and the rest is allowed onto the network. However, even with these tools in place, it is possible for new variants of malware to come up and make it past these tools. In the event something does slip through our perimeter defenses, NorthStar also has tools that reside on servers, desktop PCs, and laptops to contain and mitigate any compromise. These tools add an additional layer of protection to detect, prevent, quarantine, and clean malicious content from end-point devices (PCs, Laptops, SmartPhones, etc.).

For those who are interested in technical details, below is a list of many of NorthStar’s security tools and what they do:

  • Email Security Gateway: this product scans all inbound emails and searches them for malicious attachments and embedded links that could take users to malicious sites. If found, the software will quarantine the emails for review or outright delete them if known to be malicious.
  • Intrusion Detection\Intrusion Prevention Systems (IDS\IPS): These systems inspect network traffic at a very low level (bits and bytes). Upon detection of suspicious content, they will automatically block it before it can enter NorthStar’s systems. In addition, these systems filter out traffic from specific geographical locations known to be the source of malware (e.g. Russia, Iran, etc.).
  • Advanced Network Anti-Malware: These systems scan for and detect attacks and malicious network packets as well as command and control communications. “Command and control communications” is when malware communicates back to a home base for additional attack code or content. WannaCry is an example of malware that uses command and control communications.
  • Web Filtering: Web filtering programs block access to sites that have known malicious content. NorthStar’s web filtering software is actively updated with lists of malicious sites, so as soon as any site is registered or detected to have the ability to spread malicious content, it is automatically updated and will block users from accessing those sites.
  • Advanced EndPoint Anti-Malware: This is advanced anti-malware tools installed on the end-point (PC installed). It works similarly to and in conjunction with NorthStar’s Advanced Network Anti-Malware, but on the PC level as opposed to the network level.
  • Anti-Virus Software: This is a traditional Anti-Virus program which actively scans and monitors traffic to and from each PC looking for malicious software. In addition, the software utilizes traditional anti-virus scans of a PC’s local hard drive to detect anything that might be on the hard drive, but not active.
  • Log Collection: This is a system which collects and analyzes PC, server, and network logs looking for questionable activity WITHIN the internal networks searching for activity that could get in via an internal source like a PC USB port, a DVD, or personal computer plugged into a company network port (which is strictly forbidden in our Employee Policy Manual).
  • NorthStar also has robust data recovery tools that can be used to quickly recover systems and data if such an attack like this was successful and original files needed to be restored.

In addition to having the above tools in place, NorthStar ITOC took the following additional steps and precautions when the WannaCry outbreak was discovered:

  • NorthStar double checked that the appropriate Microsoft patches were installed which stop this virus.
  • NorthStar enabled Snort Rule 42340 – A new rule for our IDS\IPS systems which was developed to stop WannaCry once it was detected and started spreading.
  • NorthStar confirmed firewalls were blocking malicious traffic on the specific ports\channels the virus communicated over.
  • NorthStar confirmed TOR network blocking – TOR is an external anonymous network that is notorious for spreading malicious content, so we doubled checked our settings to make sure we were blocking this traffic.
  • NorthStar confirmed all Advanced Malware Protection systems and software had been updated to detect this ransomware signature.
  • NorthStar confirmed the email security gateway was scanning for this specific malware signature.

As you can see, NorthStar takes cybersecurity very seriously. From the technical tools in place to the audited and certified ISO 27001 processes and controls, NorthStar is committed to investing the necessary time and money for industry leading technology, processes, and people.

*The Gemini Companies include: Gemini Fund Services, LLC; Gemini Alternative Funds, LLC; Gemini Hedge Fund Services, LLC; Northern Lights Distributors, LLC; Northern Lights Compliance Services, LLC; and Blu Giant, LLC

7444 GFS-6/26/2017
2147-NLD-6/26/2017