The Week in Breach News: 01/17/24 – 01/23/24
This week: Nobelium uses an old trick to sneak into Microsoft, a Canadian energy company loses $1.5 million to an account takeover attack, new APAC phishing simulation kits and 10 tips for protecting K-12 schools from cyberattacks.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Microsoft
Exploit: Password Spraying
Microsoft: Software Company
Risk to Business: 2.302 = Moderate
Microsoft has disclosed that several of its corporate email accounts were breached by a Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12, 2024. Microsoft’s internal investigation concluded that the attack was conducted by a group of Russian threat actors associated with Nobelium/APT29 (sometimes known as Midnight Blizzard or Cozy Bear). The software titan said that the threat actors breached their systems in November 2023 by conducting a password spray attack to access a legacy non-production test tenant account. Microsoft says the hackers accessed a “small percentage” of Microsoft’s corporate email accounts for over a month including accounts tied to the company’s leadership team and employees in the cybersecurity and legal departments. The company speculates that the threat actors were looking for information about their own gang.
How It Could Affect Your Customers’ Business: Even the biggest companies can be brought low by a simple cybersecurity problem.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Kansas State University
Exploit: Hacking
Kansas State University: Institution of Higher Learning
Risk to Business: 1.691 = Severe
Kansas State University (K-State) has announced that it is dealing with a cybersecurity incident that has disrupted some of its network systems. The impacted systems include its VPN, K-State Today emails and video services on Canvas and Mediasite. Printing, shared drives and mailing list management services (Listservs) were also knocked out. Services are slowly being restored, sometimes in a limited capacity. The college says that it has engaged a third-party cybersecurity firm to aid in its investigation.
How It Could Affect Your Customers’ Business: Schools at every level have been prime targets for ransomware attacks and that looks set to continue.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Cooper Aerobics
https://thecyberexpress.com/cooper-aerobics-data-breach-exposes-info/
Exploit: Hacking
Cooper Aerobics: Healthcare Company
Risk to Business: 1.643 = Severe
Cooper Aerobics, comprised of Cooper Clinic, P.A., Cooper Medical Imaging, LLP and Cooper Aerobics Enterprises, Inc., has disclosed that it has experienced a data security incident. The company began notifying clients on January 5, 2024, that an unauthorized party gained access to its data. The compromised data includes names, addresses, phone numbers, email addresses, financial details (credit/debit card numbers, expiration dates, account/routing numbers), tax identification numbers, driver’s license or government identification details, passport numbers, usernames and passwords, Social Security numbers and other sensitive health-related data (medical records, patient account numbers, prescription information, medical providers, procedures, health insurance details).
How It Could Affect Your Customers’ Business: This is a treasure trove of valuable data for bad actors but losing this data could be punishingly expensive for this healthcare provider..
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Clearview Resources Ltd.
https://thecyberexpress.com/clearview-cyberattack-results-millions-loss/
Exploit: Account Takeover
Clearview Resources Ltd.: Energy Company
Risk to Business: 1.462 = Extreme
Canadian energy producer Clearview Resources Ltd. has disclosed that it suffered an account takeover attack in December 2023 that cost the company $1.5 million. In the incident, bad actors were able to compromise a corporate email account, enabling them to execute an account takeover (ATO) and redirect company funds to a third-party account. The company said that the attack did not have a material impact on its operations, and it is working with a third-party cybersecurity firm to investigate the incident as well as law enforcement in the hope of recovering the stolen funds.
How It Could Affect Your Customers’ Business: ATO is incredibly dangerous and can lead to huge financial losses like this one or even worse.
Kaseya to the Rescue: ATO is often an email-based cyberattack that can lead to disaster for businesses. Our Preventing Email-Based Cyberattack Checklist helps businesses stay out of trouble. DOWNLOAD IT>>
Tilbury District Family Health Team (TDFHT)
Exploit: Supply Chain Attack
Tilbury District Family Health Team (TDFHT): Healthcare Provider
Risk to Business: 1.702 = Severe
Tilbury District Family Health Team (TDFHT) has announced that patient data may have been compromised in a recent cyberattack on one of its service providers, Transform. The stolen data may include the patient’s first and last name, date of birth, address, and health card number, as well as medical status, patient medication summaries, immunization records and therapy status summaries. Officials reassured the public that no patient social insurance numbers or any credit card, financial or banking information was stolen. Other healthcare providers including Chatham-Kent Health Alliance, Erie Shores HealthCare, Bluewater Health, Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare were also clients of the same service provider and have experienced data security problems as a result of the attack as well.
How it Could Affect Your Customers’ Business: Supply chain cyberattacks will continue to become an increasing problem for businesses as the world becomes ever more interconnected.
Kaseya to the Rescue: Is it financially smarter to start your own Security Operations Center (SOC) or partner with a managed SOC? This whitepaper breaks down the costs. READ WHITEPAPER>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
The Netherlands – DENHAM the Jeanmaker
https://thecyberexpress.com/denham-cyberattack-tce-exclusive/
Exploit: Ransomware
DENHAM the Jeanmaker: Fashion Brand
Risk to Business: 2.736 = Moderate
Amsterdam-based fashion house DENHAM the Jeanmaker has disclosed that it has been the victim of a ransomware attack. The Akira ransomware group is suspected of being the culprit. The fashion brand said that the cyberattack was first discovered on December 27, 2023. The cyberattack on DENHAM did not impact the brand’s in-store or online retail operations. However, the bad actors did manage to steal some corporate and proprietary data. The brand was quick to reassure clients that no consumer data or credit card information was stolen.
How it Could Affect Your Customers’ Business: Proprietary data like intellectual property is valuable and desirable for cybercriminals too.
Kaseya to the Rescue: Learn how Datto EDR with Ransomware Rollback helps organizations including medical centers recover from ransomware faster. REGISTER NOW>>
Czech Republic – Trezor
https://beincrypto.com/trezor-hardware-wallet-phishing-security-breach/
Exploit: Supply Chain Attack
Trezor: Cryptocurrency Wallet
Risk to Business: 2.736 = Moderate
In a rare Defi story that doesn’t involve a crypto company being hacked for millions, crypto wallet company Trezor is informing users that it has experienced a data breach as the result of an attack on one of its service providers. The company said that the contact details of 66,000 users who accessed Trezor Support since 2021 may have been compromised. The exposed data could include names, nicknames and email addresses. The service provider has not been identified.
How it Could Affect Your Customers’ Business: Data thieves don’t just want financial or personal data; stolen intellectual property also has the potential for a big profit.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Taiwan – Foxsemicon
https://therecord.media/foxsemicon-ransomware-attack-taiwan
Exploit: Misconfiguration
Foxsemicon: Semiconductor Manufacturer
Risk to Business: 1.602 = Severe
Major semiconductor manufacturer Foxsemicon has fallen victim to a ransomware attack by the LockBit ransomware group. The gang posted a notification on Foxsemicon’s website stating they had taken it over and stolen 5TB of the company’s client data. Foxsemicon did not disclose any information about the ransom demanded by the hackers. It also has not confirmed whether any personal information about its customers or employees was leaked. Foxsemicon is a subsidiary of electronics giant Foxconn.
How it Could Affect Your Customers’ Business: Ransomware actors have been ramping up pressure on key points in the supply chain to push for a big, fast payday.
Kaseya to the Rescue: Learn more about what cybercriminals are looking for and how they make a profit in our infographic 5 Ways the Dark Web Endangers Businesses. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
New APAC-focused phishing simulation kits are now available!
MSPs and IT professionals can help APAC businesses kick off a more secure 2024 with BullPhish ID phishing simulation training using these new kits.
- EnergyAustralia – View your Electricity bill
- Australia Post – Your Package Is on Hold
- National Australia Bank – Account Verification
- CommonwealthBank – Confirm Your Account
See the details of these new kits in the BullPhish ID Knowledge Base. READ MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Read our new whitepaper: The Cost of Creating a SOC: A Total Cost Analysis
Should you build your own security operations center (SOC) or opt for a managed SOC? This whitepaper delves into the financial implications of that choice, giving you insight into the cost of creating a SOC and the challenges that lie ahead on that path. You’ll also gain a clear picture of why a managed SOC is a financially smart choice. DOWNLOAD THE WHITEPAPER>>
Did you miss: The Guide to Reducing Insider Risk? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
10 Tips for Securing K-12 Schools
K-12 education has undergone huge technological change in the last few years. New technology has proven to be a catalyst for exploring new frontiers in education, giving teachers a wide array of tools to foster learning and providing students with the tools they need to thrive. However, this new technology also puts schools at risk of cyberattacks. Schools were the top target for ransomware attacks in 2023, and the pressure does not look like it will be relenting in 2024. However, there are a few moves that IT professionals can make to help keep K-12 schools out of cyber trouble.
Excerpted in part from The Comprehensive Guide to Ransomware & Phishing for K-12 Schools GET IT>>
5 reasons bad actors target schools
The Center for Internet Security recorded an estimated 30% quarter-over-quarter increase in the number of cyberattacks that targeted K-12 schools. Cybercriminals have been increasingly putting pressure on the education sector for several reasons.
- Valuable data: Schools store a treasure trove of desirable sensitive data about students and staffers that bad actors can sell on the dark web.
- Reputation management: Cybercriminals bank on the fact that many schools would rather pay them off than see their reputation damaged by the publicity surrounding a cyberattack.
- Lack of cybersecurity expertise: Many schools lack the resources and expertise to hire seasoned IT security personnel and implement robust cybersecurity measures.
- Critical services: Disrupting school operations impacts students, parents and staff negatively, leading to angry parents and learning interruptions for students.
- Time sensitivity: Schools need 100% uptime to teach students, and cybercriminals are leveraging that need to extort money.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
10 Tips for IT professionals protecting schools from phishing and ransomware
The cyber landscape is constantly evolving, and procrastination can leave educational institutions vulnerable to malicious attacks. IT professionals who are working with schools need to get the message across to decision-makers that schools must prioritize mitigating cyber risk to reduce the risk of a cyberattack (and publicity) nightmare. These tips can help prevent cyberattacks from damaging K-12 schools:
Be proactive about cybersecurity: Schools and districts must be proactive about cybersecurity to be prepared in a fast-evolving risk landscape. Being proactive about cybersecurity helps schools identify and address vulnerabilities before cybercriminals exploit them, reducing the risk of data breaches and operational disruption.
Mount a strong defense: Implementing a comprehensive array of security solutions with cutting-edge technology, such as AI and automation, is essential for schools and districts to build cyber resilience, increasing their likelihood of preventing a successful cyberattack. Real-time threat detection, the ability to respond quickly to threats and in-depth protection from cyberattacks are must-haves to ensure that schools are ready for trouble.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Undertake regular security awareness training: Educating faculty and staff about cybersecurity threats and best practices is one of the top ways to reduce cyber risk. Trained employees reduce the likelihood of security incidents by up to 70%. Although faculty and staff are the first line of defense against cyberthreats, if they aren’t trained to recognize those threats and avoid them, they could be a school or district’s biggest cybersecurity weak spot. Cyberthreats evolve quickly, necessitating ongoing training, not just annual training.
Cut costs with AI and automation: Security automation and AI-powered tools offer major cost benefits. Security automation can save more than 80% of the cost of manual security, the need for expensive manual monitoring and intervention. These technologies are a must-have for lean IT teams. AI-enabled and automated solutions can help schools maximize their technology budget, minimize the financial impact of cybersecurity incidents and allocate resources more effectively.
Utilize phishing simulations: Training employees via phishing simulations helps build their awareness and resilience to phishing threats, reducing the likelihood that they’ll fall for cybercriminal tricks. In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing. Taking a proactive approach empowers staff to identify and report phishing attempts, ultimately minimizing the risk of a phishing-related cyberattack.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Use powerful email security: Schools and school districts need to invest in cutting-edge email security to safeguard their primary vector for attack: email. Strong email security helps weed out unwanted or malicious messages to minimize faculty and staff contact with sources of trouble. Email is the most likely vector for cyberattacks like ransomware.
Invest in endpoint security: Endpoint detection and response (EDR) offers schools the benefits of real-time threat detection, rapid incident response and enhanced visibility into endpoint activities to help the school or district’s IT personnel proactively address weaknesses in that area. Endpoints are devices connected to a school’s network, like printers, Chromebooks, point-of-sale terminals or environmental controls.
Set strong security policies: Well-defined security policies are crucial to establishing clear guidelines for data protection, user access controls and training requirements. This helps foster a strong cybersecurity culture in a school or district, ensuring consistent cybersecurity practices and minimizing the risk of data breaches or successful cyberattacks.
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Create an incident response plan: A comprehensive incident response plan is essential to ensure a swift, organized and effective response to cyberattacks. After drawing up a general plan, consider adding an incident-specific response plan for fast-moving threats like ransomware to limit damage and speed up response, ultimately protecting educational institutions from the potentially devastating consequences of ransomware.
Conduct penetration testing: Penetration testing, or pen testing, identifies the vulnerabilities that cybercriminals can take advantage of to penetrate a network proactively through ethical hacking. Pen testing helps schools find security gaps before malicious actors can exploit them.
The escalating cyberthreat landscape demands that schools adopt proactive measures to secure their digital environment. Implementing robust cybersecurity solutions, running ongoing security training for staff and students, and establishing comprehensive incident response plans are key steps toward ensuring the safety of educational institutions. By taking action now, IT professionals can reduce the risk of the schools they protect falling victim to phishing and ransomware attacks, prevent learning interruptions and ensure that schools are taking a smart approach to safeguarding sensitive data.
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Find the solutions you need to grow your MSP in Kaseya’s Security Suite
Kaseya’s Security Suite is the ideal partner for IT professionals and MSPs protecting schools from cybercrime. Our suite of affordable, integrated solutions offers smart security tools that can help keep schools out of cyber trouble.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
ID Agent & Graphus Q1 Product Innovation
January 30 | 1 PM ET / 10 AM PT
Join us on January 30 to find out about new time-saving product integrations and the newest features and enhancements for BullPhish ID, Dark Web ID, Passly and Graphus. Learn about the Graphus Personal Spam Filter, helpful integrations between our Security products and Compliance Manager GRC, Autotask and AudIT and so much more! REGISTER NOW>>
January 28 – 30: Schnizzfest (Arizona) REGISTER NOW>>
January 25: Kaseya + Datto Connect Local Nashville REGISTER NOW>>
February 2: Cybersecurity Jeopardy! REGISTER NOW>>
February 6: Kaseya + Datto Connect Local Houston REGISTER NOW>>
February 8: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
February 20: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
February 22: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 – 13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!