Please fill in the form below to subscribe to our blog

The Week in Breach News: 01/25/23 – 01/31/23

February 01, 2023

This week, we’ll explore a nasty cyberattack at GoTo that compromised customers’ backups, look at the impact of a successful phishing attack at Zendesk and reveal the five biggest SMB cybersecurity concerns listed in the new Datto SMB Security for MSPs report.


Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>



One Brooklyn Health

https://www.scmagazine.com/analysis/breach/breach-notice-confirms-one-brooklyn-health-cyberattack-outage-in-november

Exploit: Hacking

One Brooklyn Health: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.776 = Moderate

Hospital operator One Brooklyn Health has confirmed that its hospitals were forced offline in November 2022 because of a security incident. The incident affected three OBH hospitals and affiliated care sites: Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. At those hospitals, workers were forced to resort to manual recordkeeping, creating treatment delays that were widely reported in the local press. Bad actors gained access to patient data in the incident including patient names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions and health insurance information. 

How It Could Affect Your Customers’ Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.

ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>> 


Zacks Investment Research

https://securityaffairs.com/141343/data-breach/zacks-investment-research-data-breach.html

Exploit: Hacking

Zacks Investment Research: Financial Analysts

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.021 = Severe

Investment analysis company Zacks Investment Research has informed more than 280,000 customers that bad actors gained access to some of its client data. The company said that the intrusion occurred at the end of 2022. In the incident, the intruders had their hands on a database of customers who had signed up for the Zacks Elite product between November 1999 and February 2005. Exposed data may include a customer’s name, address, phone number, email address and password used for Zacks.com.  Zacks was quick to assure customers that threat actors did not gain access to any customer credit card information, customer financial information or any other customer personal information.  

How It Could Affect Your Customers’ Business: The financial services industry was among the three most cyberattacked industries in 2022.

ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>


Circleville Municipal Court 

https://therecord.media/ohio-town-working-to-restore-municipal-court-systems-after-cyberattack/

Exploit: Ransomware

Circleville Municipal Court: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.837 = Severe

The municipal court system in Circleville, Ohio is the latest municipal government entity to have ransomware trouble. Circleville Municipal Court was added to the dark web leak site of the LockBit ransomware group last week. The group claims to have snatched 500 GB of data including sensitive court records. Officials have confirmed that the court system has had its operations disrupted and said that they are working with experts to get up and running again. No information was available about any ransom demands. 

How It Could Affect Your Customers’ Business: Ransomware has been a menace for government agencies and municipalities of all sizes.

ID Agent to the Rescue:  This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>> 


GoTo 

https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html

Exploit: Hacking

GoTo: Software Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.981 = Extreme

GoTo disclosed that it has experienced a data security incident that impacts customers’ backups. The company said that in November 2022, unidentified threat actors snatched some customers’ encrypted backups along with an encryption key for some of those backups. Users of GoTo’s Central, Pro, join.me, Hamachi and RemotelyAnywhere products may have been hit in this incident. The exposed data may include customers’ account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, and well as some product settings and licensing information. In addition, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted.  

How It Could Affect Your Customers’ Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.

ID Agent to the Rescue:  A strong security culture reduces the risk of an incident. Build one with our Building a Strong Security Culture Checklist! DOWNLOAD IT>>   


Charter Communications

https://therecord.media/telecom-giant-charter-communications-says-third-party-vendor-had-security-breach/

Exploit: Supply Chain Attack

Charter Communications: Telecommunications Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.973 = Severe

Telecom giant Charter Communications disclosed that 550,000 of its customers have had information exposed as the result of a data breach at one of its vendors after bad actors claimed on a dark web site to have obtained Charter’s customer data. A post on a dark web data broker’s site claimed that the broker had obtained a tranche of data that belonged to Charter Communications that included 550K user records listing information like customers’ account numbers and some identity information. Charter says that the incident is still under investigation. The company serves 32 million customers in 41 states. 

How it Could Affect Your Customers’ Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.

ID Agent to the Rescue:   See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>



Running Room

https://www.insurancebusinessmag.com/ca/news/cyber/running-room-canada-targeted-by-unauthorized-group-customer-data-stolen-434399.aspx

Exploit: Hacking

Running Room: Sporting Goods Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Running Room has informed customers that it has experienced a data breach due to hackers setting up a skimming operation on its website. The sporting goods retailer said that the incident took place between November 19, 2022, and January 18, 2023. The company says that the hackers were able to access and steal customers’ emails, names, addresses, phone numbers and credit card information during website transactions. Running Room did not specify how many transactions or customers had been impacted. 

How it Could Affect Your Customers’ Business: Payment skimmers are a cybercriminal favorite, and they can be hard to spot before it’s too late.

ID Agent to the Rescue:  Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>


Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>



Denmark – Zendesk

https://www.securityweek.com/zendesk-hacked-after-employees-fall-for-phishing-attack/

Exploit: Phishing

Zendesk: Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Zendesk has begun informing customers that the company has experienced a security incident as a result of a successful phishing attack. A message from Zendesk informed customers that the company found out about the issue in October 2022. At that time, several employees were targeted in a “sophisticated SMS phishing campaign” and some of them took the bait. Those employees then handed over their account credentials, giving hackers access to data from a logging platform between late September and late October 2022. Zendesk warned impacted customers that service data belonging to those company’s accounts may have been in the logging platform data, although there is no evidence that bad actors gained access to anyone’s instance.  

How it Could Affect Your Customers’ Business: phishing is the bane of every IT team and the biggest security danger most businesses face.

ID Agent to the Rescue: Learn how to protect businesses from almost all sophisticated phishing messages in our infographic How AI Enables Graphus to Protect Businesses from Phishing. GET IT>>


UK – Arnold Clark

https://therecord.media/play-ransomware-group-claims-attack-on-arnold-clark-one-of-britains-largest-car-dealerships/

Exploit: Ransomware

Arnold Clark: Car Dealer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.103 = Severe

One of the UK’s largest car retailers Arnold Clark has been added to the Play ransomware group’s dark web leak site. Play claims that they’ve stolen 15 GB of data that includes National Insurance numbers, passport data, addresses and phone numbers. The group also published a selection of bank statements and car finance documents for customers of the Glasgow-based firm The December 2022 attack led to an information systems shutdown at the retailer that caused workers to have to resort to pencil and paper to handle business.  

How it Could Affect Your Customers’ Business: Ransomware is a quick path to loss of revenue and customer service nightmares because of delays and system shutdowns.

ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>



See how today’s biggest threats may impact businesses in our security blogs.



See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>


New Powered Services Campaign: Cyber Supply Chain Risk Management


MSP Value Proposition:

Help your customers and prospects understand why their organization’s cybersecurity might only be as strong as the weakest link in their network. Just as people can spread viruses, your IT network can be used to spread digital viruses to every other system with which you’re connected. Teach businesses how to put cybersecurity measures in place to stop cyber supply chain attacks in their tracks.

End Buyer Value Proposition:

Put security measures in place to better identify and remediate security issues before they harm your business or, worse, spread to other businesses connected to yours. When it comes to cybersecurity and business supply chains, you don’t want to be a superspreader. Spread joy, not digital viruses.

ACCESS THIS CAMPAIGN>>

Check out our Quick Start Guide for help learning how to use the Pro Campaigns.


Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>



3 Reasons Why MSPs Need the Datto SMB Cybersecurity Survey for MSPs Report

Check out 3 reasons why every MSP will benefit from downloading and reading the new SMB Cybersecurity Survey for MSPs Report

  1. Get a look at the mindset and challenges of cybersecurity decision-makers
  2. Learn exactly which problems weigh heaviest on business IT professionals’ minds
  3. See how trends are developing in SMB cybersecurity that you can leverage to profit

DOWNLOAD IT>>

Did you miss… Our infographic How AI Enables Graphus to Protect Businesses from PhishingGET IT>>


Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>



A diverse group pf It professionals collaborate at a computer workstation

The Big 5 Cybersecurity Issues for SMBs (and What They’re Doing About Them) 


Securing a business against cybersecurity risks isn’t a straightforward proposition. The risk landscape is constantly changing, and cyber threats evolve every day. Plus, both the good guys and the bad guys are dedicated to innovation, creating unexpected hazards. That leaves business security professionals facing a host of current and future cybersecurity issues. For the Datto SMB Cybersecurity for MSPs Report, we asked 2,913 IT decision-makers at organizations of all sizes to tell us about their cybersecurity pain points This data gives MSPs a look behind the curtain at the day-to-day challenges that face business security professionals and business leaders.  


Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>


It’s impossible to point thefinger at a single reason for SMB security trouble


SMBs aren’t facing security stress from just one avenue. Instead, they’re bombarded by a wide variety of risks daily, making every business’s security concerns unique. There’s no one-size-fits-all proposition for MSPs to offer businesses to take care of their security challenges quickly. Every company’s cybersecurity woes are different. However, there are some challenges that are more common than others. About a quarter of businesses named five issues as their biggest pain points: Phishing, malicious ads/websites, passwords, bad user practices and lack of security awareness training

Main reasons SMBs feel they have had cybersecurity issues 

Issue Response 
Phishing emails  37% 
Malicious websites/web ads 27% 
Weak passwords/access management 24% 
Poor user practices/gullibility   24% 
Lack of end-user cybersecurity training   23% 
Lack of administrator cybersecurity training   19% 
Phishing phone calls   19% 
Lack of defense solutions (antivirus)   19% 
Insufficient security support for different types of user devices   18% 
Outdated security patches   18% 
Lack of funding for IT security solutions   17% 
Lost/stolen employee credentials   17% 
Lack of executive buy-in for adopting security solutions   16% 
Open remote desktop protocol (RDP) access   15% 
Shadow IT   13% 

Source: Datto


See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>


SMBs are plagued by phishing 


Businesses have been impacted by many cybersecurity woes, but phishing takes the cake.  Many of our respondents saw phishing as the prime suspect for security issues. Almost one-third of respondents dealt with phishing and viruses last year. Interestingly, more than one-quarter of respondents have experienced an attack on their IT service provider (16% in the past year). This is an opportunity for MSPs to provide highly secure service. 

Cybersecurity issues that have affected SMBs business in the last 12 months 

Issue Experienced in the past year Experienced ever  
Computer viruses   30% 50% 
Phishing messages   32% 49% 
COVID-19 related scams or threats     21% 32% 
Attack on IT service provider   16% 27% 
Personal information/credential theft 16% 26% 
Endpoint threats detected 15% 25% 
Ransomware   13% 24% 
Other cybersecurity issues   3% 8% 
None 19% 8% 

Source: Datto


This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>


SMBs expect to be phished this year 


Phishing is a menace to businesses, and the cyberattacks that come to businesses by way of phishing are some of the most dangerous business security threats around. Just under three-quarters of respondents think it’s likely that their organization will experience a phishing attack in the next year they’re looking for ways to mitigate that risk. 

Likelihood Response 
Extremely/very likely 41% 
Somewhat likely 31% 
Not very likely 22% 
Not at all likely 7% 

Source: Datto

Phishing is the most likely gateway for cybersecurity trouble to reach companies. SMB IT decisionmakers are also aware that a successful phishing attack could have a major impact on their organizations. Almost half of respondents believe a phishing attack would have a significant impact on their business. 

Outcome Response 
Extreme impact – it would be difficult to recover 14% 
Significant impact 46% 
Minimal Impact 36% 
No Impact 4% 

Source: Datto


managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>


Almost three-quarters of companies say that ransomware would be a death blow 

What is the cyberattack that keeps IT professionals up at night more than any other? Ransomware. Ransomware is a major danger that only grows worse and more complex as time goes on. Businesses know that they could be next, and they’re worried about it. About 60% of respondents felt their organization might be hit by a successful ransomware attack in the next 12 months 

Likelihood Response 
Extremely/Very likely 34% 
Somewhat likely 27% 
Not very likely 30% 
Not at all likely 8% 
I’m not familiar with this type of attack 2% 

Source: Datto

Businesses have gotten the message that a ransomware attack could destroy them, and they’re looking for ways to prevent it. Most businesses aren’t ready to handle a ransomware attack, and the impact of a successful attack would be catastrophic. Around 70% of SMBs admitted that the impact of a ransomware attack would be extreme or significant.  

Impact Response 
Extreme impact – it would be difficult to recover 17% 
Significant impact 53% 
Minimal impact 28% 
No impact 3% 

Source: Datto


What’s next for MSPs? Find out in the Datto Global State of the MSP Report: Looking Ahead to 2023 DOWNLOAD IT>> 


Ransom demands vary widely 


Ransom demands are constantly evolving. Companies need to know about the gigantic financial hit that they could take in the event of a successful ransomware attack if they plan to pay the extortionists even though officials and experts agree that paying a ransom is a bad idea. Presenting clients and prospects with a clear picture of the ransom demand they could face may help them wrap their heads around the actual hit to their bank accounts. 

 Almost one-third of SMBs faced $10,000–$50,000 in ransom cost     

Ransom Amount Response 
Less than $100   2% 
$100 to less than $500   4% 
$500 to less than $1,000   10% 
$1,000 to less than $5,000   21% 
$5,000 to less than $10,000   25% 
$10,000 to less than $25,000   20% 
$25,000 to less than $50,000   11% 
$50,000 or more   6% 

Source: Datto


Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>


Our Security Suite helps businesses mitigate cyber risk easily


Our security solutions can help keep businesses out of trouble effectively and affordably. 

Security awareness and compliance training plus phishing simulation         

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations.   

  • An extensive library of security and compliance training videos in eight languages       
  • Plug-and-play or customizable phishing training campaign kits       
  • New videos arrive 4x per month and new phishing kits are added regularly          

Dark web monitoring           

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.          

  • 24/7/365 monitoring using real-time, machine and analyst-validated data            
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses          
  • Live dark web searches find compromised credentials in seconds       
  • Create clear and visually engaging risk reports          

Automated, AI-powered antiphishing email security      

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.       

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast         
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.        
  • 3 layers of powerful protection at half the cost of competing solutions        
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance    

Managed SOC  

Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered  

  • Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud  
  • Patent-pending cloud-based technology eliminates the need for on-prem hardware  
  • Discover adversaries that evade traditional cyber defenses such as Firewalls and AV 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>



February 7: Kaseya + Datto Connect Local Orlando REGISTER NOW>>

February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>

February 14: Cybersecurity Jeopardy! REGISTER NOW>>

February 14: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>

February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>

February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>

February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>

February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>

March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>

March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>

March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>

March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>

March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>

March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>

March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>

March 28: Kaseya + Datto Connect Local Boston REGISTER NOW>>

April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>


Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

SCHEDULE IT NOW>>