The Best of The Week in Breach 2023
This week: Welcome to our annual wrap-up issue where we take a look back at the most memorable breaches of 2023. Buckle up, because it is a wild ride! We’ll look at 10 notable cyberattacks, our top resources, 10 of our most popular blog posts and the five top cybersecurity trends of 2023.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
United Kingdom – Zellis
Exploit: Ransomware
Zellis: Payroll Company
Why it’s notable: Zellis was one of the first companies to report a data breach because of the MOVEit exploit, a zero-day vulnerability in a widely used file transfer software platform from Progress Software. The exploit was discovered and leveraged by the CL0P ransomware group throughout 2023. By the end of the year, more than 2000 organizations had fallen victim to attacks through this vulnerability.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-05-31-23-06-05-23/
Employees of several major UK companies including British Airways, Boots and the BBC are being informed that their personal information may have been exposed in a ransomware attack on payroll company Zellis. Bad actors were able to leverage a zero-day exploit in popular file transfer system MOVEit made by Progress Software. The Cl0p ransomware group has claimed responsibility for the attack. Zelis has not disclosed which of its clients were impacted by the attack, but some have already come forward. British Airways disclosed that employee data including National insurance numbers, salaries, contact details, sort codes and bank account numbers. Boots said that its staff had been informed that their data may have been compromised including names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers. Details from this incident were still emerging at press time.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
USA – Dish Network
Exploit: Ransomware
Dish Network: Television Service
Why it’s notable: The massive service outage and data theft that resulted from this ransomware attack may have turned off customers in a competitive market. For weeks after the attack, customers had trouble accessing services. The flood of complaints overwhelmed the company’s customer service, compounding consumers’ ire. In addition to the service outage, it was later revealed that hackers stole the personal details of almost 300000 individuals during the attack.
Original Story: https://www.idagent.com/blog/the-week-in-breach-news-02-22-23-02-28-23/
Major U.S. satellite television provider Dish Network has been knocked off the air by a suspected ransomware attack. Customers first noticed the service outage last Thursday and the problem persisted through the weekend. The outage appears to affect most parts of the company, including online bill payment services, customer service and Boost Mobile, the prepaid wireless carrier acquired by Dish in 2020. Dish has not made a formal statement about the incident and no ransomware group has claimed responsibility
Kaseya to the Rescue: Learn how Datto EDR with Ransomware Rollback helps organizations including medical centers recover from ransomware faster. REGISTER NOW>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Canada – Indigo Books & Music
Exploit: Hacking
Indigo Books & Music: Bookstore Chain
Why it’s notable: This cyberattack knocked in-store credit card sales at Canada’s largest books and music chain offline for days and online sales were down for about a month. The retailer incurred $5.2 million in expenses from the incident and posted a year-over-year drop in revenue of $26.5 million for the first quarter.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-02-08-23-02-14-23/
ZeroedIn Technologies, a Maryland-based provider of human resources technology, has admitted that it has experienced a data breach. The company provides human resources analytics tool to major U.S. retailers including Dollar Tree and Family Dollar. The company said that an unauthorized party gained access to its computer network in August 2023, resulting in data exposure for current and former employees of those chains. An employee’s exposed data may include their name, date of birth and Social Security number.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
United Kingdom – Pates Grammar School
Exploit: Ransomware
Pates Grammar School: K-12 School
Why it’s notable: Cybercriminals went after schools hard in 2023. In this surge, 14 U.K. schools were impacted in the span of about one week. Bad actors make schools a high-priority target because their operations are time-sensitive and they can’t afford downtime, making them likely to pay a ransom. Schools also have a reputation for weak cyber defenses. K-12 schools were the top target for ransomware in 2023.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-01-04-23-01-10-23/
The BBC reports that 14 UK schools, including Pates Grammar School, have fallen victim to a spate of cyberattacks by the Vice Society ransomware group. The attack on Pates took place on September 28, 2022. The gang obtained sensitive data about students including children’s SEN information, child passport scans, staff pay scales and contract details from students enrolled in 2021 & 2022. BBC writers say that they’ve seen data from 14 UK primary and secondary schools purportedly snatched by Vice Society. The incidents are still under investigation.
Kaseya to the Rescue: Learn about the top five cyberthreats that K-12 schools face and how to mitigate them affordably and effectively in this infographic. DOWNLOAD IT>>
See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Ireland – Dole Food Company
Exploit: Ransomware
Dole Food Company: Agribusiness
Original story: https://www.idagent.com/blog/the-week-in-breach-news-02-22-23-02-28-23/
The London Public Library in Ontario is investigating a cyberattack that disrupted key operations systems. The attack resulted in the closure of three branch libraries and knocked out the library’s public computers as well as its digital borrowing service. The library website and electronic catalog were also disabled. Most library branches remained open, with books available to read or borrow in person. Library officials are asking the public to refrain from returning any borrowed materials while they attempt to recover from the attack.
How it Could Affect Your Customers’ Business: This is the second disruptive cyberattack that has shut down a major library system in the past month.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
USA – Consumer Financial Protection Bureau (CFPB)
Exploit: Malicious Insider
Consumer Financial Protection Bureau (CFPB): Federal Agency
Why it’s notable: This attack illustrates just how much damage a malicious insider can do quickly before they’re caught. This employee was able to steal a substantial amount of highly sensitive data about businesses and loans quickly by emailing it to their personal account in a series of 14 emails. Exfiltrating data via email is the top action that malicious employees take.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-04-19-23-04-25-23/
The U.S. Consumer Financial Protection Bureau (CFPB) says that they’ve experienced a data breach caused by the actions of a potentially malicious employee. In the incident, a now former employee sent a total of 14 emails that included consumer personally identifiable information to their private email address. Along with that data, the employee sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at an unnamed institution. The CFPB also said that they identified data from another institution that included approximately 140 loan numbers, of which roughly 100 also included de-identified information related to the loan or borrower, such as income, credit score and demographic information.
Kaseya to the Rescue: Learn about the challenges that organizations have faced in 2023 and see what they’re doing to be ready for 2024 in the Kaseyya Security Survey Report 2023. DOWNLOAD IT>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
USA – Americold
Exploit: Ransomware
Americold: Cold Storage Logistics Company
Why it’s notable: Critical infrastructure isn’t just power plants and pumping stations. The category also includes the technologies and capabilities that are required to keep a country functioning, like moving and storing freight. Cold storage companies are also often key points in the medical supply chain, as seen with vaccine transportation and distribution during the global COVID-19 pandemic. Cyberattacks against companies like this can have far-reaching effects for many other critical operations.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-04-26-23-05-01-23/
An estimated 10,000 people have had sensitive personal and healthcare data stolen in a cyberattack on Asper Biogene. Hackers made off with 33 GB of data including details related to paternity and fertility tests as well as testing for hereditary diseases. Stolen patient records contain individuals’ names, personal identification numbers as well as testing orders, test results and condition details. The company says that it has alerted law enforcement, the State Information System Agency (Riigi Infosüsteemi Amet) and the Data Protection Inspectorate of the incident.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
Japan – The Port of Nagoya
Exploit: Ransomware
The Port of Nagoya: Seaport
Why it’s notable: Infrastructure cyberattacks surged in 2023, including bold attacks like this. This strategic attack shut down the largest port in Japan, an act with the potential to have a major impact on the supply chain in Japan by delaying incoming and outgoing freight of every kind, from food to cars. This port is the major export point for Toyota. Two major ports in Australia were also frozen by cyberattacks for a few days in November 2023, causing major supply chain issues.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-07-05-23-07-11-23/
The largest seaport in Japan and the central shipping hub for Toyota, the Port of Nagoya, experienced a ransomware attack last Tuesday that led to a total shutdown. The port’s operator, Nagoya Harbor Transportation, disclosed that it received a ransom demand from LockBit 3.0 immediately following the beginning of systems failure in the early morning. All cargo operations, including the loading and unloading of containers onto trailers, were suspended as of July 4 but port officials expected to resume operations within a few days.
Kaseya to the Rescue: Read our case studies to see how MSPs and businesses have overcome their cybersecurity challenges with the solutions in Kaseya’s Security Suite. EXPLORE CASE STUDIES>>
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
USA – Prospect Medical Holdings
Exploit: Hacking
Prospect Medical Holdings: Medical Facility Operator
Why it’s notable: This incident was the largest healthcare sector cyberattack in the U.S. in 2023. It impacted healthcare in multiple states, forcing facility closures and disrupting patient care. For example, one hospital in Connecticut was forced to divert incoming patients for 17 days. The company tried to downplay the attack at the beginning, but the true impact soon became apparent. In addition to the immediate effects, employee data for more than 20k people was also snatched by the Rhysida ransomware gang.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-08-02-23-08-08-23/
California-based Prospect Medical Holdings has disclosed that it experienced a cyberattack that has pushed 16 hospitals and about 100 other medical facilities offline in California, Connecticut, Pennsylvania and Rhode Island. The incident began on August 1. Medical providers at the impacted facilities have had to resort to pencil and paper charting. Some of the outpatient facilities that Prospect manages have been forced to close because of the attacks, including radiology, diagnostic and heart health facilities in Connecticut. This is the largest medical cyberattack in the U.S. so far in 2023.
Kaseya to the Rescue: Learn more about phishing and how to mitigate the danger it brings to a company’s doorstep in our eBook Phishing 101. DOWNLOAD IT>>
USA – Tesla
Exploit: Malicious Insider
Tesla: Automotive & Technology Company
Why it’s notable: Two employees claimed they were acting as whistleblowers in this dramatic incident that exposed safety information that Tesla was trying to hide. The employees contacted German news outlet Handelsblatt, giving reporters an estimated 100GB of data containing information on the thousands of safety complaints Tesla has received about dangerous malfunctions of features in its cars like its autopilot self-driving feature, self-acceleration and brake function issues, involuntary emergency braking and phantom stops. The personal data of 75,000 current and former Tesla employees was also included in a tranche of the stolen data.
Original story: https://www.idagent.com/blog/the-week-in-breach-news-08-02-23-08-08-23/
Tesla has admitted that it had a data breach in May 2023 that was caused by malicious insiders. Allegedly, two Tesla employees stole a huge amount of data including data about customers’ safety complaints from Tesla and leaked it. The German news outlet Handelsblatt obtained the data and published an analysis of it, which is how Tesla found out about the data breach. The treasure trove contained 100 gigabytes of confidential data, which included employees’ names and contact information such as addresses, cell phone numbers, and email addresses. The leaked data also included around 2,400 customer complaints about Tesla cars suddenly accelerating and a further 1,500 complaints of braking issues, including 383 cases of “phantom braking”.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Top Blog Posts of 2023
We follow cybercrime trends and evolving technology to ensure that we’re bringing you stories about the hottest topics in cybersecurity. These blog posts were of great interest to our readers in 2023.
- What to Do if You Open a Phishing Email
- The Thriving Dark Web Economy is Bad News for Businesses
- Who Are Today’s Dark Web Users?
- The Dangers of AI-Driven Chat GPT Phishing Campaigns and How to Avoid Them
- Are You Prepared for the Rise of AI-Enhanced Cyberattacks?
- Wiper Malware is Today’s Biggest Risk to Data
- The Top Target for Ransomware is Schools
- Businesses Are Facing a Landscape of Evolving Challenges
- Smarter SOCs Help MSPs Navigate the Global Cybersecurity Shortage
- Stay Ahead of the Cybersecurity Game with Ongoing Penetration Testing
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Top Resources of 2023
Our Resource Library offers a wide variety of eBooks, checklists, infographics and on-demand webinars. These were some of the most popular resources of 2023.
- Security Awareness Training: Buyer’s Guide for Businesses
- How To Build a Security Awareness Training Program
- The Dark Web Monitoring Buyer’s Guide for Businesses
- The Cybersecurity Monster Hunter’s Checklist
- Kaseya Security Survey Report 2023
- The Mid-year Cyber Risk Report
- A Comprehensive Guide to Email-based Cyberattacks
- Make Smart Cybersecurity New Year’s Resolutions
- The Comprehensive Guide to Third-party and Supply Chain Risk
- Security Awareness Training: How It Prevents the Biggest SMB Security Threats
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
These Are the Top 6 Cybersecurity Trends of 2023
As we prepare for 2024’s cybersecurity challenges, it is clear that the significance of cybersecurity has never been more pronounced. In 2023, the ever-evolving landscape of technology brought with it new challenges and opportunities in the realm of cybersecurity. From emerging threats to innovative solutions, here are the six biggest trends that shaped the cybersecurity world this year
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
1. AI-powered threat detection and response
Artificial Intelligence (AI) is not just a buzzword; it’s a game-changer in the world of cybersecurity. In 2023, AI is being harnessed to bolster threat detection and response capabilities. Machine learning algorithms analyze vast amounts of data, identify patterns, and detect anomalies in real time, enabling organizations to stay one step ahead of cyber threats. AI-driven security solutions like smart email security that uses AI to detect and quarantine dangerous phishing messages are becoming integral in predicting, preventing and mitigating attacks with unprecedented speed and accuracy.
2. AI-driven phishing and other cyberattacks
The advent of AI-powered cyberattacks, particularly in the realm of phishing, represents a significant and concerning evolution in the landscape of cybersecurity. Traditional phishing attacks have already been a pervasive threat, but the integration of generative AI technologies adds a new layer of sophistication and stealth to these malicious endeavors. With the ability to mimic human communication patterns, generate convincing text and eliminate common phishing red flags, AI-driven phishing attacks can trick even the most savvy employee. The use of generative AI empowers cybercriminals to create highly personalized and targeted phishing campaigns, exploiting individuals and organizations with a level of precision that was previously unattainable.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
3. Ransomware resilience and mitigation strategies
The rise of ransomware attacks has been one of the most concerning trends in recent years. In 2023, organizations are focusing on enhancing their ransomware resilience and mitigation strategies. This includes implementing regular data backups, crafting smart incident response plans, and investing in technologies that can detect and neutralize ransomware threats before they can wreak havoc. As ransomware attacks become more sophisticated, proactive defense mechanisms are crucial to safeguarding critical systems and data. Businesses can also invest in an endpoint detection and response solution that will not only help them deal with an attack quickly but allow them to roll back their systems to before the attack began.
4. Cloud security maturation
The widespread adoption of cloud services has transformed the way businesses operate, but it has also expanded the attack surface for cybercriminals. In 2023, the emphasis on cloud security has reached new heights. Organizations are prioritizing the implementation of robust cloud security measures. Many managed service providers (MSPs) are choosing to partner with a managed security operations center (SOC) that can give them an eagle eye on this vector. As the cloud continues to be an integral part of digital infrastructure, ensuring its security is paramount and will only become more important.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
5. Escalating supply chain risk
Supply chain risk is a pressing concern, casting a shadow over the interconnected digital ecosystem. As organizations increasingly rely on third-party vendors and interconnected networks, they inadvertently widen their attack surface, making them susceptible to cyber threats originating from the supply chain. Cybercriminals have also become more savvy about choosing targets in the supply chain that can cause major chaos, like manufacturers of critically needed goods. Addressing supply chain risk demands a holistic approach, involving thorough vetting of third-party vendors, implementing stringent cybersecurity standards and fostering a culture of collaboration and transparency throughout the supply chain network.
6. The zero-day exploit explosion
As businesses continue to become more digitally interconnected. The upward trend in zero-day exploits poses a significant and growing concern, as illustrated in the epic MOVEit exploit storm. The surge in zero-day exploits underscores the escalating arms race between hackers and cybersecurity professionals. The escalating frequency of zero-day exploits emphasizes the need for a robust and adaptive cybersecurity strategy that incorporates rapid detection and a proactive approach to threat intelligence. This is a problem that will only get worse in the future.
In the dynamic landscape of cybersecurity, staying ahead of the curve is not just an option – it’s a necessity. These six issues aren’t the only ones that emerged in 2023, but they offer a look at the topics at the forefront of cybersecurity in 2023, highlighting the volatility of the space as well as the industry’s relentless pursuit of innovation and adaptation. As organizations continue to face evolving threats, looking back at the trends of 2023 can help IT professionals plan a strong and resilient defense for businesses in 2024.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Find out with vPenTest, an automated SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Watch this space for exciting webinars and events in 2024 coming soon!
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!