The Week in Breach News: 02/01/23 – 02/07/23
This week: explore a financial sector attack that left markets reeling, details about an attack that exposed missile blueprints, new brand-impersonation-themed phishing kits and a look at security maturity data.
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
Atlantic General Hospital
Exploit: Ransomware
Atlantic General Hospital: Healthcare Facility
Risk to Business: 1.630 = Severe
Atlantic General Hospital in Maryland suffered a network outage after a weekend ransomware attack. The hospital said that the outages have caused some patient treatment interruptions, with staff resorting to downtime procedures like manual record keeping. The hospital was quick to reassure the public that all of its services remain in operation, except for its pharmacy, outpatient services including imaging and laboratories and pulmonary function testing.
How It Could Affect Your Customers’ Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
PeopleConnect
Exploit: Hacking
PeopleConnect: Human Resources Firm
Risk to Business: 1.827 = Severe
PeopleConnect, the owner of background-checking services TruthFinder and Instant Checkmate, has announced that it has suffered a data breach as a result of hacking. On January 21, data from the company appeared in a dark web forum. The leaked data allegedly pertained to 20.22 million TruthFinder and Instant Checkmate customers who used the services between 2011 and 2019. Exposed data includes users email addresses, hashed passwords, first and last names and phone numbers.
How It Could Affect Your Customers’ Business: Companies that store large quantities of valuable personal data are ripe targets for cybercriminals.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
988 Lifeline
https://www.securityweek.com/feds-say-cyberattack-caused-suicide-helplines-outage/
Exploit: Supply Chain Attack
988 Lifeline: Mental Health Crisis Helpline
Risk to Business: 1.837 = Severe
A disruption in service at the U.S. 988 Lifeline was caused by a cyberattack. The December incident knocked out the critical service for an entire day. Investigators determined that the outage was caused by an unnamed cyberattack on Intrado, the company that provides telecommunications services for the helpline. The December 1, 2022, incident left callers to the helpline seeking emergency help with suicidal or depressive thoughts unable to connect with anyone to speak with by phone. Text and chat services, however, remained available. The Federal Communications Commission (FCC) is investigating the incident.
How It Could Affect Your Customers’ Business: Supply chain attacks are a big and growing problem that every organization needs to consider and prepare for.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Build one with our Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Ireland – ION Group
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html
Exploit: Ransomware
ION Group: Software Company
Risk to Business: 1.309 = Extreme
A successful ransomware attack against ION Group has had a major impact on the trading of financial derivatives on international markets. LockBit has claimed responsibility for the attack. The company makes software used by financial institutions and brokerages. Instead of post-trade processes being completed automatically by ION Group’s software, they have to be completed manually, snarling traffic including extremely time-sensitive activities such as updating margin requirements for trades. The Futures Industry Association (FIA) is working with impacted firms to clean up the mess.
How It Could Affect Your Customers’ Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.
ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
United Kingdom – Planet Ice
Exploit: Hacking
Planet Ice: Ice Rink Chain
Risk to Business: 2.719 = Moderate
Planet Ice, the operator of 14 U.K. ice rinks, has disclosed that hackers have obtained access to the personal details of over 240,000 customers. The hack was first noticed by consumers due to a website outage before the company informed customers that their account data may have been stolen. Exposed data includes dates of birth names and genders of children having parties, email addresses, IP addresses, passwords, phone numbers, physical addresses and purchases. Payment card data wasn’t affected.
How it Could Affect Your Customers’ Business: People are especially upset when data relating to children is stolen or exposed.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
United Kingdom – JD Sports
Exploit: Hacking
JD Sports: Sports Apparel Retailer
Risk to Business: 1.802 = Severe
Hackers have stolen data pertaining to approximately 10 million customers of U.K. sporting apparel retailer JD Sports. The company disclosed in a filing that the stolen data related to online orders placed between November 2018 and October 2020 by customers of its brands including JD, Size?, Millets, Blacks, Scotts and MilletSport. Exposed data may include a customer’s name, billing address, delivery address, email address, phone number, order details and the last four digits of a customer’s payment card. The company says it does not store full payment card data.
How it Could Affect Your Customers’ Business: Payment skimmers are a cybercriminal favorite, and they can be hard to spot before it’s too late.
ID Agent to the Rescue: Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
India – Solar Industries India Limited
https://cyware.com/news/blackcat-ransomware-hits-defence-contractor-steals-weapons-data-87376d21/
Exploit: Phishing
Solar Industries India Limited: Defense Contractor
Risk to Business: 1.415 = Extreme
BlackCat/AlphV is claiming responsibility for a ransomware attack on defense manufacturer Solar Industries India Limited. The group added the company to its Tor leak site, saying that they snatched 2 TB of sensitive material including blueprints of weapons, details of warhead compositions and internal product testing notes about flaws and vulnerabilities in the company’s weapons. Solar Industries India Limited manufactures rockets, warheads and mines. In an interesting twist, the attackers managed to access all the production cameras and offices and posted screenshots from those cameras as proof.
How it Could Affect Your Customers’ Business: A security breach at a defense contractor is a disaster that can have long and far-reaching consequences.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
India – FR8
https://www.hackread.com/india-truck-brokerage-company-data-leak/
Exploit: Misconfiguration
FR8: Trucking Company
Risk to Business: 2.103 = Severe
One of India’s largest trucking companies is in hot water after a server misconfiguration left more than 140 gigabytes of data exposed. The leaked customer data includes customer records, bank payment details, invoices, truck records and payment details. Some personal information, such as names, addresses and contact numbers of both customers and employees was also exposed. The leak was discovered by researchers who have informed FR8, but it appears that the company has taken no action to fix the problem.
How it Could Affect Your Customers’ Business: Infrastructure targets like freight moving companies are attractive to bad guys because of the time-sensitive nature of their business.
ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- Cyberattack Recovery is Uncertain for Almost Half of Businesses
- How Can Businesses Overcome the Cybersecurity Talent Shortage?
- The Week in Breach News: 01/25/23 – 01/31/23
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
New BullPhish ID Phishing Kits
That’s a big reason why it’s so exciting that we’ve recently released five new phishing kits for BullPhish ID that imitate famous brands that employees come into contact with every day. These new phishing simulation kits are currently available in English and French on the BullPhish ID dashboard under Phishing Kits:
- AirBnB 50% off Offer
- Amazon Verify Account – V2
- American Express – High Volume Purchase – V2
- LinkedIn Password Reset – V2
- Adobe Special Offer – v2
Learn more about new phishing kits, videos and other BullPhish ID innovations in the BullPhish ID Release Notes.
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
Discover a World of Opportunity for MSPs in Cybersecurity in this infographic!
In the Datto SMB Cybersecurity for MSPs Report, we surveyed nearly 3,000 SMB IT decision-makers around the world to learn more about their security concerns and priorities. This infographic provides a snapshot of what they told us, including:
- The top 10 security challenges that SMBs face
- The cybersecurity issues that have affected SMBs in the last 12 months
- SMBs’ perceived likelihood of being phished in the next year
- How likely SMBs feel they are to fall victim to a ransomware attack this year
- And more
Download the infographic to learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. DOWNLOAD NOW>>
Did you miss… the Datto SMB Cybersecurity Survey for MSPs Report? DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Companies Need to Invest More in Security Maturity & Recovery
Every company puts an extensive amount of time, research and investment into choosing solutions to combat cyberattacks and take action against cybercrime. However, the choices that companies make about their security frameworks, vulnerability assessments, backup and recovery and other less glamorous security investments are also of critical importance. Unfortunately, too many companies have not paid enough attention to those areas. In the Datto SMB Cybersecurity for MSPs Report, we asked cybersecurity decision-makers about those choices, giving MSPs a look at their thinking in those important areas and their security maturity goals.
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
NIST is not the most popular framework
Surprisingly, the classic NIST framework isn’t the most popular framework for companies to use and it doesn’t interest IT decision-makers greatly. Instead, the CIS framework followed by the CMMC framework lead the pack in both level of use and level of concern among our survey respondents. A zero-trust framework is highly recommended by experts but only 14% of respondents said that their organizations use that framework and just 7% were concerned with it, leaving plenty of room for growth (and opportunity for MSPs) in this area.
Top cybersecurity frameworks (CSFs) or compliance regulations SMBs must follow
| Framework or Regulation | Level of Use | Level of Concern |
| CIS | 34% | 26% |
| CMMC | 30% | 26% |
| COBIT | 27% | 23% |
| NIST | 22% | 19% |
| ISO 27001 | 21% | 15% |
| NCSC (National Cyber Security Centre) | 18% | 20% |
| HIPAA | 18% | 13% |
| Zero Trust | 14% | 7% |
| ASD Essential 8 | 14% | 13% |
| PCI-DSS | 12% | 10% |
| SOC II | 11% | 7% |
| MITRE ATT&CK | 9% | 9% |
| Other | 5% | N/A |
| None | 3% | 27% |
Source: Datto
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
SMBs are being proactive about assessing vulnerabilities
IT security vulnerabilities are potentially devastating, and every organization needs to be concerned about finding and fixing theirs. The majority of SMBs in all regions are interested in keeping an eye on their IT security vulnerabilities in such a volatile cybercrime climate. That makes them especially keen on user-friendly solutions that make the vulnerability assessment process quick and easy.
What is the frequency that organizations conduct IT security vulnerability assessments?
| Frequency | Responses |
| More than 4x year | 13% |
| 3–4x per year | 24% |
| Twice per year | 25% |
| Once per year | 21% |
| Once every 2–4 years | 12% |
| Once every 5 years or longer | 3% |
| Never | 1% |
| Don’t Know | 2% |
Source: Datto
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Most SMBs have or are in the market for cyber insurance
Respondents with cyber insurance are also likely to engage in other smart security practices. They generally have more IT support, more CSFs and more security solutions deployed. They are also more likely to have experienced a cybersecurity incident in the past. Nearly three-quarters of our respondents said that their companies carry cyber insurance. For companies that do not currently carry cyber insurance, one-third of respondents said that their companies planned to invest in cyber insurance sometime in the next year.
Do you have cyber insurance?
| Yes | 69% |
| No | 23% |
| Don’t Know | 8% |
Source: Datto
A third of those without cyber insurance are highly likely to invest in it within the next 12 months.
| Likelihood | Response |
| Extremely/Very likely | 37% |
| Somewhat likely | 38% |
| Not very likely | 22% |
| Not at all likely | 4% |
Source: Datto
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
Downtime costs $126k on average
Downtime is an expensive problem that nearly half of our respondents contended with in the past year. The business impact and punishing expense of downtime present MSPs with a pathway to recommend solutions, like BCDR, that will reduce downtime in the case of a security incident. The cost of downtime is also a fact that can be used when talking about incident response planning, security awareness training and other preventative measures.
$126,000 is the average cost of the downtime, including lost revenue
| Cost of Downtime | Response |
| $1,000 to less than $250,000 | 84% |
| $250,000 to less than $500,000 | 8% |
| $500,000 to less than $750,000 | 4% |
| $750,000 to less than $1 million | 3% |
| $1 million or more | 1% |
Source: Datto
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Manual backup is the top recovery method
Just under half of survey respondents (49%) said that their organizations relied on manual backup to recover data in their last cybersecurity incident. That means that half of the businesses we surveyed need to update to cloud backup and learn the benefits of BCDR — a big opportunity score for MSPs.
Top solutions or methods used to recover data
| Recovery Method | Response |
| Manual backup | 49% |
| Copy from old systems | 36% |
| Continuous availability | 36% |
| Third-party BCDR | 32% |
| Something else | 11% |
| We didn’t do anything and did not recover our data | 2% |
| We didn’t lose any data | 13% |
Source: Datto
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Only half of SMBs that had a cybersecurity issue were up and running within a day
These days it’s not if you have an incident, it’s when, and solutions that reduce recovery time will be appealing to businesses. Companies that invest in backup and recovery get back to work faster after an incident. Companies that don’t invest in modern backup and recovery solutions suffer more expensive downtime in the event of an incident. Around 45% of the IT leaders that we surveyed said that their organizations endured more than two days of downtime after an incident.
| Recovery Time | Response |
| None – we didn’t have any downtime | 12% |
| Less than 1 day | 23% |
| 1 day | 20% |
| 2–3 days | 31% |
| 4–6 days | 10% |
| A week or more | 3% |
| Don’t know | 1% |
| Prefer not to answer | 1% |
Source: Datto
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Our Security Suite helps businesses mitigate cyber risk easily
Our security solutions can help keep businesses out of trouble effectively and affordably.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
February 7: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
February 14: Cybersecurity Jeopardy! REGISTER NOW>>
February 14: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>
February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>
February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!