Please fill in the form below to subscribe to our blog

The Week in Breach News: 12/09/20 – 12/15/20

December 16, 2020
The Week in Breach

This Week in Breach News:

This week’s certainly been one for the books! Nation-state hackers mount a huge campaign against cybersecurity companies and several US federal agencies, the EU’s drug regulator takes a hit, new insight into cyberattack response plan essentials, and fake Zoom invite pitfalls abound.


us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Major attacks by suspected Russian nation-state hackers on US Federal agencies have rocked the public and defense cybersecurity sectors. Read more about how it happened and what it signals for the future of cybersecurity in this in -depth feature article>>



The Week in Breach News – United States 


United States – SolarWinds

https://www.newsweek.com/solarwinds-hack-customer-list-suspected-russian-cyberattack-1554467

Exploit: Hacking (Nation-State)

SolarWinds: Cybersecurity Software Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.122 = Extreme

An incursion by suspected Russian nation-state hackers at this major cybersecurity solutions provider was the suspected starting point of a massive hacking incident impacting a number of federal agencies and defense assets. The hackers were able to obtain authentic credentials that enabled them to inject code into a routine software patch, opening backdoors into client files and systems. SEE MORE ABOUT THIS STORY>>

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: 3,000

How it Could Affect Your Customers’ Business: Nation-state hacking is a growing problem that can lead to damaging, nightmarish consequences. One tool that was used in this hack was that old favorite – phishing.

ID Agent to the Rescue: Phishing resistance training is a must-have for every company in 2021. BullPhish ID is an affordable, effective training solution that fits every business. SEE BULLPHISH ID IN ACTION>>


United States – FireEye

https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html

Exploit: Hacking (Nation-State)

FireEye: Cybersecurity Solutions Development and Testing

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Severe

FireEye was also impacted in this week’s suspected Russian hacking operation. Hackers were able to penetrate FireEye’s systems security to obtain several of their vaunted Red Team tools. FireEye immediately detected the hack and released a statement exposing it. That was the first domino in the cybersecurity disaster cascade. SEE MORE ABOUT THIS STORY>>

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident.

How it Could Affect Your Customers’ Business Even the biggest kids on the block can be taken down by determined hackers. Reviewing and updating cybersecurity and incident response plans has to be a top priority in 2020.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>


United States – Netgain

https://www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/

Exploit: Ransomware

Netgain: Data Hosting Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.127 = Severe

A ransomware incident led to shutdowns and slowdowns across Netgain’s data hosting environment. The company was forced to completely shut down all systems on 12/4 for containment and remediation. Service has been restored to customers but they may still experience performance issues.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can have damaging consequences for businesses that go beyond the initial hit causing huge operational headaches and long recovery operations.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>


United States – Dental Care Alliance

https://www.infosecurity-magazine.com/news/1m-us-dental-patients-impacted-by/

Exploit: Hacking

Dental Care Alliance: Dental Practice Support Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.336 = Severe

Dental Care Alliance, a professional support organization that includes more than 320 dentists in 20 states, has discovered that it experienced a data breach. The incident began on 09/18/20 and was ameliorated on 10/13/20. No cause has yet been specified and the incident is still under investigation.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.114 = Severe

The stolen information included patient names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. potentially 10% of patients also had bank account information exposed. Impacted patients are being notified by mail and should be wary of spear phishing attempts using this information.

Customers Impacted: 1 million patients

How it Could Affect Your Customers’ Business: When protecting sensitive information like medical data, it’s essential to maintain strong access point protection to avoid expensive breaches and expensive fines.

ID Agent to the Rescue: Protecting your data and systems with more than one layer of security keeps hackers out no matter where they’re from. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>



The Week in Breach News – Canada


Canada – Parkland Corp.

https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack

Exploit: Ransomware

Parkland Corp.: Motor Fuel Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Trucking fuel services company Parkland is investigating a cybersecurity incident that has resulted in the Clop ransomware gang claiming responsibility for an attack on the company. Parkland disclosed that it suffered some loss of functionality in an incident that impacted its IT infrastructure in mid-November that affected “a subset of its Canadian network”. Freight transporters and associated services have experienced an unusual spate of cyberattacks in recent months.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>



The Week in Breach News – United Kingdom & European Union


United Kingdom – Marriage Tax Refund

https://www.infosecurity-magazine.com/news/tax-biz-exposed-personal-info/

Exploit: Misconfiguration

Marriage Tax Refund: Tax Relief Advisory Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662 = Severe

Human error is the culprit in a data breach at a British tax relief advisory service. The error left the personally identifiable information of 100,000 clients exposed after it misconfigured its WordPress CMS, leaving a directory listing of PDF documents available for public view, with no password protection.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.912 = Severe

PII was definitely exposed, but there’s no telling who accessed it. Customers of the firm beginning in October 2016 should be alert to phishing and fraud attempts.

Customers Impacted: 100,000

How it Could Affect Your Customers’ Business: The number one cause of a cybersecurity incident remains human error. Added security awareness training and automation of processes can help reduce that risk.

ID Agent to the Rescue: Insider threats aren’t just malicious hackers – sometimes they’re just employees making mistakes. Download our “Insider Threats” toolkit for an eBook and other tools to combat insider threats. GET THE FREE TOOLKIT >>


The Netherlands – European Medicines Agency (EMA)

https://www.zdnet.com/article/eu-agency-in-charge-of-covid-19-vaccine-approval-says-it-was-hacked/

Exploit: Hacking (Nation-State)

EMA: International Drug Regulation Authority 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

German biotech firm BioNTech announced that data related to regulation and approval for the COVID-19 vaccine it has developed with Pfizer were “unlawfully accessed” after a cyber-attack on Europe’s medicines regulator. EMA confirmed the incident and noted that it suspects that nation-state hackers are to blame.

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Security awareness training is a key component of protecting businesses from nation-state hackers. Regularly updated training helps employees spot and stop suspicious activity to defend against attacks.

ID Agent to the Rescue: Don’t wait until nation-state hacking creates a massive disruption in your organization’s ability to get the job done. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>



The Week in Breach News – Australia & New Zealand


Australia – Epicor Software

https://www.arnnet.com.au/article/685092/epicor-software-hit-by-cyber-attack/

Exploit: Hacking

Epicor Software: Software Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.101 = Severe

Business software solutions provider Epicor Software has disclosed a breach that may have exposed business data but did not impact daily operations. The incident had been reported to relevant authorities and is currently under investigation.

Customers Impacted: Unknown

Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.

How it Could Affect Your Customers’ Business: Any hacking intrusion endangers your business, no matter how small or inconsequential it may seem. Don’t wait to add sensible, affordable protection to keep data in and bad actors out.

ID Agent to the Rescue: Information from incidents like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>


The Week in Breach News – Asia-Pacific


Taiwan – Foxconn

https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/

Exploit: Ransomware

Foxconn: Electronics Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

DoppelPaymer ransomware is to blame for an incident at electronics giant Foxconn. The gang published files belonging to Foxconn NA on their ransomware data leak site, including generic business documents and reports but no financial information or employee personal details. Their ransom demand is $34 million.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially dangerous situation for a company that manufacturers critically needed technology.

ID Agent to the Rescue: Ransomware almost inevitably arrives as the cargo of a phishing attack. Learn how to defend your organization against phishing with BullPhish ID in our new eBook Phish Files. READ IT>>



The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!



The Week in Breach: Resource Spotlight


Protect Your Clients from Major Threats With Resources That Take Care of Business


As you start helping your clients get ready for new cybersecurity challenges in 2021, we’re spotlighting our best resources to help you resolve troublesome issues. We’ll have plenty of new books and packages coming in the new year, but these 2020 hits are problem-solving classics that can’t be missed.

Stopping Insider Threats – If your clients have employees, they have insider threats. Whether they’re acting maliciously or just making mistakes, every company’s biggest potential cybersecurity disaster is its staff. This resource package includes our “6 Things You Need to Know” whitepaper and our “Combating Insider Threats” eBook. GET THE PACKAGE>>

Remote Work Resource Kit – Supporting a remote workforce brings unique challenges to businesses. This package contains the eBook “6 Risks to Mitigate to Quickly Secure a Remote Workforce” with a complimentary checklist and the infographic: “5 Tips for Remote Work Cybersecurity”. GET THE PACKAGE>>

Security Awareness Champion’s Guide – Risk is everywhere, so you need to be ready to fight back. This eBook details the security risks that businesses face and the solutions that you can use to beat cybercriminals at their own game. GET THE BOOK>>


insider threats like human error represented by the silhouette of a woman with her head in her hands in front of a laptop.

Is your company’s biggest security threat a member of your team? Learn to spot insider threats with this free resource package! GET IT>>


The Week in Breach: Featured Briefing


Are Your Clients Prepared for Incident Response and Recovery?


As this week’s cascade of breach news showed us, every organization is at risk of a cyberattack at anytime. While your ultimate goal is to protect your clients from cyberattacks, in the event that a successful attack lands, do your clients have the tools and plans in place to successfully mitigate it? Earlier this year we talked about incident response planning, and now’s the perfect time to revisit the subject.

Just because your client is a small business doesn’t mean that they’re not at risk of damage from a cyberattack. Whether that attack is directly on their business or a dangerous ripple effect from an incident at a third-party vendor or partner, it’s inevitable that a cybersecurity incident will impact your clients at some point. Here are a few things that you and your clients should know when considering an incident response plan:

  • 41% of respondents in a survey of business owners had a cybersecurity mishap related to COVID-19
  • 94% of executives say their firms have experienced a business-impacting cyber-attack or compromise within the past 12 months
  • 47% of businesses reported experiencing five or more attacks in the last 12 months
  • 78% of respondents said they expect an increase in cyber-attacks over the next two years
  • 63% of security leaders admit it’s likely their systems suffered an unknown compromise over the past year
  • 65% of attacks involved operational technology assets
  • 21% of companies have adopted formal, enterprise-wide security response plans
  • 74% have ad-hoc plans or no plans at all for any type of incident
  • Only 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan
  • Having a tested incident response plan can save 35% of the cost of an incident.


As the risk landscape grows more dangerous, cybersecurity authorities around the world have come together to suggest best practices in incident response that may give your clients and good starting point for developing their strategy. The guidance was developed by The US Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), New Zealand’s National Cyber Security Centre (NCSC NZ) and Computer Emergency Response Team NZ (CERT NZ), Canada’s Communications Security Establishment, and the United Kingdom’s National Cyber Security Centre (NCSC UK).

Many small companies don’t have the resources or manpower to develop a robust incident response strategy, but any company of any size can make a plan so that there aren’t any questions about what to do if they experience a cyberattack. Even if it’s just a list of people to contact or a quick outline, any incident response plan is better than none. It should be a part of every business continuity plan as well.

In addition, there is one high-performing mitigation against hacking that your clients can put in place right now to lower their chances of needing to use that plan and make mitigation and recovery smoother if they do become the victims of a cyberattack: secure identity and access management with Passly. SEE A VIDEO OF PASSLY>>

The superstar feature of Passly in incident response is single sign-on. Individualized single sign-on LaunchPads make it easy to quarantine and remove permissions from compromised user accounts. Multifactor authentication is often touted as the biggest benefit of a multifunctional solution like Passly, but single sign-on is a clutch performer to save systems and data from incursion or malware.

Single sign-on also reduces your company’s chance of password compromise by giving your employees fewer passwords to manage. The average person is managing 70 – 80 passwords between work and home applications. Reduce that work category to one password that’s protected by mutifactor authentication to really pump up your clients’ password and access point security.

Streamlining access is also a key factor of what makes single sign-on so beneficial. Instead of a constant stream of going in and out of applications and setting permissions for users in those applications, IT teams can quickly access each employee’s individual LaunchPad to add and subtract permissions, saving them many headaches.

Don’t wait to start creating incident response plans for all of your clients. No matter how small the business, a cybersecurity incident is possible. By having a plan in place to deal with the fallout and dynamic solutions like Passly on duty, you and your clients can feel confident that you’re ready to handle whatever 2021 has to throw at you.



The Week in Breach: A Note for Your Customers


Fake Zoom Invites Bring Real Trouble


Is that Zoom invite from a new client or a cybercriminal? As many companies continue working from home, fake Zoom invites, bogus password reset messages, and social media ploys are just the latest tool that bad actors are exploiting to get their foot in the door at your business.

Scams like this are abundant this time of year, as people get busy with holiday activities or take time off and many offices are a little more lax. Without IT experts to turn to, your staffers could be at risk of falling for a malicious Zoom invite, a malware-laden LinkedIn message, or other unexpected phishing threat without knowing what to do about it.

Email attachments have become so notorious that cybercriminals are hunting for new ways to launch phishing attacks. But if you’re keeping your security awareness and phishing resistance training up to date, your staffers probably won’t fall for the ploy. Businesses that engage in regular security awareness training that includes phishing resistance reduce their chance of having a cybersecurity incident by up to 70%.

As long as it’s regularly refreshed, that is. Studies show that staffers retain the knowledge and skill developed through phishing resistance training for about 3 months. By instituting quarterly training at minimum, you’re not only keeping your staff on their toes to encourage good cybersecurity habits, but you’re also making sure they’re up to date on the latest threats.

BullPhish ID is the ideal training solution for in-office and remote staff. We add 4 new plug-and-play phishing resistance training campaigns every month to make sure that your employees are ready for the latest threats, including COVID-19 scams, Google’s biggest phishing topic in history.

Don’t wait until the newest phishing scam like fake Zoom invites or maladvertising is rocking your business, disrupting your operations, and draining your budget – commit to a dynamic security awareness training program now and save yourself a raft of headaches later.



Catch Up With Us at These Virtual Events


  • DEC 1 – DEC 25: EverythingMSP Presents “A Very Merry MSP Christmas” Giveaway REGISTER>>
  • JAN 19: We’re Grabbing BullPhish ID by the Horns and Making it Better Webinar REGISTER >>

Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to pr@kaseya.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!