Please fill in the form below to subscribe to our blog

The Week in Breach News: 05/12/21 – 05/18/21

May 19, 2021

In a Week in Breach first, it’s the All Ransomware Edition. Cybercrime gangs have been busy at Toshiba, Ireland’s health service, the US Veterans Administration and other organizations around the globe. Plus, we’ll explore the state of email security, the most likely delivery system for ransomware! 




United States – Three Affiliated Tribes

https://nativenewsonline.net/currents/three-affiliated-tribes-hit-by-ransomware-attack-holding-tribal-information-hostag

Exploit: Ransomware

 Three Affiliated Tribes: Tribal Government Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.607= Severe

The Three Affiliated Tribes (the Mandan, Hidatsa & Arikara Nations) announced to its staff and employees that its server was infected with ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information. Employees were also asked to refrain from using their work computers, Investigation and recovery is ongoing

Individual Impact: At this time, no sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Protection from ransomware needs to be a top priority for every organization. These days a new attack is launched every 40 seconds putting every business in the line of fire.

ID Agent to the Rescue: Make sure that you and your clients are making all the right moves with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – US Veterans Administration (VA)

https://threatpost.com/veterans-medical-records-ransomware/166025/

Exploit: Ransomware

Veterans Administration: Federal Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612= Severe

The VA has found itself in the cybersecurity hot seat again after a data breach at a records contractor exposed more than 200,000 records for veterans. The contractor, United Valor Solutions, appears to have been the victim of a ransomware attack. Researchers found a trove of their data online, including this sensitive VA data. The VA has announced that its Veterans Benefits Administration (VBA) Privacy Office is currently working with Medical Disability Examination Officer (MDEO) and contractors to further handle the incident, with the VA Data Breach Response Service investigating independently.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.722= Severe

The exposed records contain included patient names, birth dates, medical information, contact information and even doctor information and appointment times, unencrypted passwords and billing details for veterans and their families, all of which could be used in socially engineered spear phishing or fraud scams.

Customers Impacted: 200,000

How it Could Affect Your Customers’ Business Ransomware is the gift that keeps on giving for medical sector targets. Not only are those victims facing expensive investigation and recovery costs, but they can also expect a substantial HIPAA fine and possibly more regulatory scrutiny.

ID Agent to the Rescue: Get expert advice to minimize damage from incidents like this in our ebook Breaking Up with Third Party and Supply Chain RiskGET THE BOOK>> 




Ireland – Health Service Executive (HSE)

https://www.bbc.com/news/world-europe-57134916

Exploit: Ransomware

Health Service Executive (HSE): National Healthcare Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.568 = Severe

Ransomware rocked Ireland after the Conti gang perpetrated attacks on both the Department of Health and Ireland’s national healthcare provider Health Service Executive (HSE). HSE was forced to take action including shutting down the majority of its systems including all national and local systems involved in all core services and all major hospitals. The ransom demand is reported to be $20 million. The National Cyber Security Centre (NCSC) has said the HSE became aware of a significant ransomware attack on some of its systems in the early hours of Friday morning and the NCSC was informed of the issue and immediately activated its crisis response plan. On Monday, May 18, officials announced that diagnostic services were still impacted as well as other patient care necessities. Officials alos said that it may take the Irish health service weeks to repair systems and restore all services, at a price that will reach into the tens of millions of euros.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the preferred weapon of cybercriminals at every activity level. Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.

ID Agent to the Rescue: BullPhish ID provides customizable security awareness training including phishing resistance that enables MSPs to conduct training on industry-specific threats. SEE IT AT WORK IN A NEW VIDEO!>>


Germany – Brenntag

https://www.bleepingcomputer.com/news/security/chemical-distributor-pays-44-million-to-darkside-ransomware/

Exploit: Ransomware

Brenntag: Chemical Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Brenntag suffered a ransomware attack that targeted their North America division. As part of this attack, the DarkSide ransomware gang encrypted devices on the network and stole unencrypted files. This is the same gang that starred in last week’s Colonial Pipeline incident. On their leak site, DarkSide claimed to have stolen 150GB of data during their attack. Reports say that Brenntag paid the threat actors more than $5 million for the decryption key.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for top cybercrime gangs because they know that they’ll find a few companies who are more than willing to pony up cash rather than undertake an expensive recovery or risk having proprietary data exposed.

ID Agent to the Rescue: Don’t let cybercriminals slow your business down – learn to mitigate the risk of trouble in Ransomware 101. DOWNLOAD FREE EBOOK>>


Norway – Volue 

https://www.smh.com.au/national/nsw/police-investigate-cyber-attack-on-nsw-labor-party-20210505-p57p4y.html

Exploit: Ransomware

Volue: Green Energy Solutions Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.1579 = Severe

Norwegian green energy solutions provider Volue has been the victim of a ransomware attack, using Ryuk ransomware. Volue offers industrial IoT, data and market analysis, power trading, construction software, optimization and trading software, water infrastructure documentation and management, and transition and distribution software solutions to more than 2,200 customers across 44 countries. Volue’s investigation is ongoing, but so far it has found no evidence of data exfiltration, either personal or “energy-sensitive data.” Operations are expected to be restored quickly 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.

ID Agent to the Rescue: Review the trends in ransomware in 2020 and see how we expect it will impact businesses in 2021 in The Global Year in Breach 2021. GET THIS BOOK>>


France – Acer Finance 

https://securityaffairs.co/wordpress/117991/cyber-crime/avaddon-ransomware-acer-finance-axa.html

Exploit: Ransomware

Acer Finance: Financial Advisors 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Avaddon ransomware came calling at Acer Finance. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves individuals, entrepreneurs, and institutional investors in France. The ransomware gang claims to have stolen confidential company information about clients and employees, and they’re giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. As proof of the hack, the group published several ID cards, personal documents, contracts, and a screenshot of the folders containing stolen data.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: No organization is safe from phishing. Every company should make stepping up phishing resistance training a priority to reduce the chance of falling prey to an attack.

ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s by arming them with the essential tips, tricks and walkthroughs for security challenges in “The Security Awareness Champion’s Guide“. GET THIS FREE BOOK>> 




Hong Kong – AXA 

https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/

Exploit: Ransomware

AXA: Insurance Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

The Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from insurance giant AXA’s Asian operations including the company’s offices in Thailand, Malaysia, Hong Kong and the Philippines. The gang claims that the stolen data includes includes sensitive customer and busienss data. The attack may be connected to AXA’s announcement that they would be dropping reimbursement for ransomware extortion payments when underwriting cyberinsurance policies in France.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

The group claims to have obtained 3 TB of data belonging to AXA including, customer medical reports (including those containing sexual health diagnosis), customer claims, payments to customers, customers’ bank account scanned documents, material restricted to hospitals and doctors (private fraud investigations, agreements, denied reimbursements, contracts), identification documents such as National ID cards, passports and other sensitive data.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks as a punishment for company actions is uncommon but not surprising. Ransomware gangs like Abaddon can quickly slip under the adar to do damage at the companies that they choose to target with a simple phsihing email that packs deadly consequences.

ID Agent to the Rescue: Get the tools that you need to conduct security awareness training that includes phishing resistance painlessly in the new BullPhish ID. SEE THE UPDATE WEBINAR>>


Japan – Toshiba

https://www.cyberscoop.com/darkside-ransomware-toshiba-hack/

Exploit: Ransomware

Toshiba: Electronics Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.814 = Severe

European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The company announced that it had been forced to disconnect network connections between Japan and Europe to stop the spread of ransomware. The attack is believed to have been perpetrated by the DarkSide ransomware gang. Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had not yet confirmed that customer related information was leaked externally. The incident is under investigation and the company says that it has not paid any ransom.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

How it Could Affect Your Customers’ Business: By disruptiong internal operations, ransomware can cause tremendous problems for multinational companies even if no data is stolen or systems encrypted.

ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files“, you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>> 




1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


should you diclose a data breach represented by the words "hacking detected" in red on a blue and white touchscreen

Don’t become a cybercrime statistic. The Cybersecurity Risk Protection Checklist will help you find and fix security gaps. GET IT>>



Let Us Help You Build Your MRR Without Prospecting


Before you go pound the pavement for new clients, make sure that you’re maximizing the opportunities that you already have to expand your business with your existing customers with these webinars.
Lessons Learned from the Pandemic Is your business ready to withstand challenges and come out on top? ID Agent’s Amelia Paro and Nerdio’s Joseph Landis are ready to advise you on how to position your MSP to take advantage of trends like hybrid work and pivot into new revenue streams fast. WATCH NOW>>
The Ultimate Customer Retention Blueprint for MSPs You don’t just need to attract customers, you need to keep them (and keep them buying). In this webinar, Amelia Paro, Channel Development Manager at ID Agent, and Ray Orsino, CEO of OIT give you their secrets to success plus tips to get your existing customers to open their wallets! WATCH NOW>>
Customer Experience Confidential These days, it’s not enough to have the best prices or menu of options. Customers are also looking for a positive experience. In this webinar, Andrew Wallace of SmileBack and Amelia Paro of ID Agent will give you the secret to making your customers your biggest fans to gain new business! WATCH NOW>>


quarterly update

Ready to see what we have on tap? Watch the ID Agent Q2 Product Update now to see upcoming innovations including highly-anticipated features, plus, get a Graphus update and meet RocketCyber, your next SOC!! SEE IT>>



The State of Email Security is: Fragile


The recently released State of Email Security 2021 Report from anti phishing automation developer Graphus details something that every IT professional learned all to well in 2020: phishing is the biggest risk that any organization faces today. Exponential increases in phishing-related cybercrime are the product of a record-breaking risk landscape and tumultuous conditions. Phishing risks look to continue their upward trajectory as audacious cybercriminals capitalize on the opportunity created by the global pandemic and a volatile world economy to profit. However chaotic the cybercrime scene may be, three particular risks should be at the top of every IT professional’s list this year.



Read It and Weep

Phishing risk skyrocketed during the pandemic – in March 2020, general phishing risk exploded by more than 600%, settling down to a more modest 140% overall increase for the year.  COVID-19 now holds the distinction of being the most “phished” topic in history. By Q2 2020, Google estimated that it was blocking 18 million COVID-19 scam emails a day through Gmail. A booming dark web economy ensured that cybercriminals really pulled out all the stops when attempting to capitalize on the disruption of the global pandemic.

An astonishing estimated 6 billion fake emails were sent to businesses daily in 2020. Topping the list of the most opened phishing email was bogus social media requests, followed by false system messages and fake internal corporate email. Cybercriminals made some very smart choices with the lures that they chose. Early in the year, the majority of fake internal corporate messages carried a COVID-19 theme, like “Read the new mask policy”. The year also became the new record holder for largest email volume: 306.4 billion emails were sent and received each day in 2020, and that figure is expected to increase to over 376.4 billion daily messages by 2025.

A few more notable facts:

  • Credential phishing (the most common kind of spear phishing) jumped 14%
  • One out of every 99 messages a business received contained a phishing attack
  • There was 16% growth in malware file attachments detected and blocked
  • Cloud-based attacks saw a 32% year over boost
  • Business email compromise threats rose by 14%

Did you catch all of the growth-focused MSP tips at MSP Growthfest? Listen to the recording now to be sure. LISTEN NOW>>


Three Main Threats Are on the Horizon

While it’s essential to analyze what happened in 2020 to glean valuable information, it’s what is happening in 2021 that has your customers’ attention. The report outlines three major pitfalls that organizations will have to worry about this year. These aren’t small things that are easy to avoid. Complex and sophisticated, these threats endanger every organization of any size – and they don’t discriminate by industry either. Stopping them will be key to keeping data and systems safe from cybercrime this year.

Angler Phishing (Social Media Phishing) 

This is not a new threat, however, it has evolved, growing and changing with the way that targets use social media. Now that many people use social media tools for more than just sharing cat pictures, cybercriminals are diving in to snag unwary victims. Especially since using the direct message and chat features has become a regularly used tool. Most angler phishing messages will cleverly spoof or imitate a routine communication from a social media site, like the “You Have a New Message” notifications that you get from LinkedIn. In fact, LinkedIn should be at the top of your list for social media companies that cybercriminals may be mimicking. 43% of the most opened phishing messages last year purported to be LinkedIn. Training employees to view messages from social media sites with suspicion is crucial for mitigating this threat.

Ransomware Variants

The favored tool of cybercriminals everywhere, ransomware has been having a moment. A stunning one in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. The gangs that ply that trade know that they need to keep evolving to stay ahead of security software, and they’re not leaving any stone unturned. In 2020, double extortion ransomware had a breakout moment. Cybercriminals didn’t just collect one fee from their victims. Instead, their goal became getting their victims to pay twice: once for the usual decryption code and a separate fee to not have the encrypted data copied by the gang. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020. Looking ahead, experts are beginning to see another new variant of ransomware entering the scene: triple extortion ransomware, in which companies pay for a decryption key, the return of their data and to stop another nasty effect, like a DDoS attack.

Brand Impersonation & Deep Fakes

Brand impersonation and spoofing was a very hot trend in 2020, and cybercriminals pursued it for a good reason: it works. Brand impersonation shot up 81% over the prior year. Experts estimate that one of every 25 branded emails is a phishing attempt. Far and away, Microsoft (43%) is the most impersonated brand, followed by Amazon (38%). In a new flavor of spoofing, cybercriminals are going the extra mile to create credibility for their phishing attempts by using clever editing and graphic design to make deepfakes like videos and ads for well-known, trusted brands in order to entice users to fake websites and steal credentials. The report concludes that 74% of IT leaders think deepfakes are a threat to their organization’s security.



Better Phishing Protection Needs to Start Now

Every organization is at risk for phishing every day. In an organization with 1–250 employees, one in 323 emails will be malicious. In an organization of 1001–1500 employees, one in 823 emails will be malicious. Unfortunately, this is a serious problem that most organizations aren’t ready to face. An estimated  97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. That’s why it’s essential for businesses to begin (or step up) training immediately to reduce this risk – after all, 60% of companies that fall prey to a cyberattack go out of business.

Even if a business has e waited until now to launch a security awareness and phishing resistance training program, it’s not too late. Companies are often pleasantly surprised by how quickly security awareness training using simulations produces measurable results. A recent study showed that companies that run phishing simulators for the first time learn that 40% to 60% of their employees are likely to open malicious links or attachments. But it also showed that consistent training made a huge difference. In follow-up testing, after about 6 months of training, that percentage drops 20% to 25% and after 3 to 6 months more training, that number can drop to only 10% to 18%. 


top phishing scams of 2020

Don’t get caught by phishing! Learn more about types of attacks and how to avoid them in The Phish Files. READ THIS BOOK>>


The Perfect Tool for the Job is BullPhish ID

BullPhish ID is the ideal solution to use for regular phishing resistance training, Our newly revamped security awareness training powerhouse contains everything needed to conduct efficient, effective, painless phishing resistance training that gets the job done at an excellent value. Plus, you’ll be able to brand the experience to keep your MSP front of mind – even the access portal that employees will use is brandable. Your clients will love having the tools at hand to simulate their own specialized industry threats to reflect what their employees face every day no matter what business they’re in. Or do set-it-and-forget-it training by automating the delivery of a selection of our more than 80 premade simulations with online quizzes! You’ll love:

  • Fully customizable training simulation kits including messages, URLs, and attachments
  • Videos that can be customized to deliver specialized training
  • Pre-made plug-and-play phishing kits for fast deployment
  • Training around the latest threats with new kits added monthly
  • Simple, clear progress reports that demonstrate the value of training

We’re here to help if you would like to learn more about ways that you can protect clients who may be in the line of fire from phishing threats. From dark web monitoring to phishing resistance training, the ID Agent digital risk protection platform helps businesses mitigate their risk of cybersecurity disasters. Our solutions experts are happy to help you find the right defensive combination to secure any organization. Let’s get together and talk about how we can help your clients and your business! SCHEDULE A CONSULTATION>>



May 11 – 14: Robin Robins Boot Camp (Orlando and Virtual) REGISTER NOW>>

May 13: MSP Master Certification: Proper Service Desk Incident Escalation and Lifecyle Management for Resolution REGISTER NOW>>

May 17: MSP Cybersecurity Certification REGISTER NOW>>

May 19 – 20: ASCII Success Summit (Houston, Texas) REGISTER NOW>>

May 21: Show Your Clients Every Single Compromised Employee Credential in Minutes REGISTER NOW>>

May 26: MSP Gym (EMEA Edition) REGISTER NOW>>

May 26: MVP Growthfest (APAC Edition) REGISTER NOW>>

June 15: Deploy Your Secret Weapon: Security-Savvy Employees REGISTER NOW>>




One Little Email Carries Big Risks


The biggest danger to your company’s cybersecurity isn’t someone hacking into your systems. It’s one phishing email. Phishing is the primary delivery system for all of today’s nastiest cyberattacks, from ransomware to business email compromise, and every organization is at risk for falling victim to an attack. In a record-breaking year for cybercrime, phishing risk ballooned by more than 600% in Q2 2020 and stayed elevated for the rest of the year.

What facilitates more phishing? More email. As businesses went remote last year (and many remain hybrid this year) an enormous increase in email volume led the way for equally enormous increases in every type of phishing attack. Cybercriminals did not hesitate to capitalize on that opportunity. Industry reporting notes that business email compromise attacks were up by 14%, while cloud-based attacks shot up by more than 40%. Experts estimate that one out of every 99 messages a business receives contains a phishing attack. 

Reduce your company’s risk of phishing disaster through security awareness and phishing resistance training with BullPhish ID. Results come quickly. Companies \that run phishing simulators for the first time learn that 40% to 60% of their employees are likely to open malicious links or attachments. But after about 6 months of training, that percentage drops 20% to 25% and after 3 to 6 months more training, that number can drop to only 10% to 18%. 

An estimated  97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. With phishing as the primary threat vector for most damaging cyberattacks, that’s bad new for businesses. Reduce your chance of getting caught by phishing by keeping your employees’ phishing resistance training up to date, because phishing attacks are definitely coming your way, with potentially devastating consequences.



Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to pr@kaseya.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!