The Week in Breach News: 02/07/24 – 02/13/24
This week: Ransomware snarls operations at 21 hospitals in Romania and a children’s hospital in Illinois, an unsecured database exposes user data from a popular casino app and a look at the Valentine’s Day message that no one wants to receive: a deepfake (plus how a deepfake cost a Hong Kong company $25 million).
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Lurie Children’s Hospital
https://www.medpagetoday.com/practicemanagement/informationtechnology/108666
Exploit: Ransomware
Lurie Children’s Hospital: Medical Center
Risk to Business: 1.771 = Severe
Lurie Children’s Hospital in Illinois has been experiencing cyber trouble that has impacted its services for more than a week after a suspected ransomware attack. The Chicago-area hospital was forced to take some of its systems offline to curtail the spread of the incident, resulting in limited access to medical records in the facility as well as hampering communication by phone or email. The disruption has been going on since the middle of last week. The hospital assured the public that it remains open and in operation.
How It Could Affect Your Customers’ Business: Medical centers like hospitals and clinics are treasure troves of data for the bad guys.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Service Employees International Union (SEIU) Local 1000
https://therecord.media/california-union-lockbit-attack-ransomware
Exploit: Ransomware
Service Employees International Union (SEIU) Local 1000: Trade Union
Risk to Business: 2.691 = Moderate
The LockBit ransomware group is claiming responsibility for a ransomware attack that hit Service Employees International Union (SEIU) Local 1000 in California. The gang says that they have captured 308GB of data, including employees’ salary details, financial documents and Social Security numbers. The union has confirmed that it has experienced a disruptive cyber-attack, stating that they are working with a third-party cyber forensics firm to determine exactly what data was stolen in this incident.
How It Could Affect Your Customers’ Business: Trade unions can be an attractive target because they hold a myriad of personal and financial information about their members.
Kaseya to the Rescue: Ransomware is often an email-based cyberattack. Our 5-Minute Guide to Phishing Attacks and Prevention offers a quick guide to stopping phishing. DOWNLOAD IT>>
Middletown Area School District (Pennsylvania)
Exploit: Hacking
Middletown Area School District (Pennsylvania): Regional Education Authority
Risk to Business: 1.643 = Severe
Middletown Area School District in Pennsylvania is still working on restoring some of its systems after a cyberattack last week. The school district said that it noticed that two of its information systems were not working right last week and took immediate action to disconnect those systems. As a result, students and teachers experienced some technological difficulties leading to learning disruptions. District officials said that they do not believe that any data was stolen.
How It Could Affect Your Customers’ Business: Schools have been firmly in cybercriminals’ sights because they can’t afford downtime, making them more likely to pay a ransom.
Kaseya to the Rescue: Learn more about the cybersecurity threats that K-12 schools are experiencing in our infographic The Top Cyber Threats Schools Face and How to Stop Them. GET IT>>
Bank of America
https://www.cnn.com/2024/01/30/tech/fulton-county-cyberattack/index.html
Exploit: Supply Chain
Bank of America: Bank
Risk to Business: 1.862 = Severe
Bank of America is informing customers that their personal information may have been exposed in a data breach. The breach occurred when one of its service providers, Infosys McCamish Systems (IMS), was hacked on November 3, 2023. The bank said that some customers’ personally identifiable information (PII) was exposed in the security breach including names, addresses, social security numbers, dates of birth and financial information, including account and credit card numbers. Bank of America said in a filing that 57,028 people were directly impacted.
How It Could Affect Your Customers’ Business: Cyberattacks on suppliers and service providers can be a fast path to cybersecurity trouble for the businesses they have relationships with.
Kaseya to the Rescue: Get tips for mitigating risk created by business relationships in our eBook The Comprehensive Guide to Third-Party and Supply Chain Risk. DOWNLOAD IT>>
WinStar
https://www.computing.co.uk/news/4172871/breach-exposes-personal-info-worlds-biggest-casino-app
Exploit: Misconfiguration
WinStar: Casino Group
Risk to Business: 1.702 = Severe
Oklahoma-based casino and resort operator WinStar has announced a data breach that impacts users of its My WinStar app. The app was developed by a software startup in Nevada, Dexiga. Unfortunately, the startup accidentally left one of its logging databases on the internet unsecured, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored there. The unsecured database contained customer data including full names, phone numbers, email addresses and home addresses.
How it Could Affect Your Customers’ Business: Human error is the top cause of a data breach, and security awareness training helps mitigate that risk.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest threats that businesses face today. DOWNLOAD IT>>
Romania – Slobozia County Emergency Hospital
Exploit: Ransomware
Slobozia County Emergency Hospital: Medical Center
Risk to Business: 1.336 = Extreme
A ransomware attack took down the health management system used by 21 Romanian hospitals including Slobozia County Emergency Hospital. Officials said that Backmydata ransomware was used. The health management system, Hipocrate Information System (HIS), is used to manage medical activity and patient data. The system was knocked overnight between February 11 and 12, 2024 after its databases became encrypted. Medical personnel have been forced to return to writing prescriptions and keeping records on paper. The list of impacted hospitals includes Pediatric Hospital Pitesti, Buzău County Emergency Hospital, Slobozia County Emergency Hospital, “Sf. Apostol Andrei” Emergency County Clinical Hospital Constanta, Pitești County Emergency Hospital, Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta, Institute of Cardiovascular Diseases Timișoara, Emergency County Hospital “Dr. Constantin Opriș” Baia Mare, Sighetu Marmației Municipal Hospital, Târgoviște County Emergency Hospital, Colțea Clinical Hospital, Medgidia Municipal Hospital, Fundeni Clinical Institute, Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB), Regional Institute of Oncology Iasi (IRO Iasi), Azuga Orthopaedics and Traumatology Hospital, Băicoi City Hospital, Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest, Hospital for Chronic Diseases Sf. Luca, C.F. Clinical Hospital no. 2 Bucharest and Medical Centre MALP SRL Moinești.
How it Could Affect Your Customers’ Business: attacks like this that impact regional healthcare can be dangerous for the community.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Austria – The Government of Korneuburg
https://therecord.media/funerals-canceled-due-to-ransomware-attack-on-austrian-town
Exploit: Ransomware
The Government of Korneuburg, Austria: Municipal Government
Risk to Business: 1.442 = Extreme
The municipality of Korneuburg in Austria said it was hit by a ransomware attack, resulting in a loss of government services that has reportedly resulted in the cancellation of local funerals. The city government confirmed the ransom attack affected all the data held by the administration, including the backup system. Officials also said that they received a ransom demand, but they stopped short of disclosing the amount of the extortion demand. One result of the incident is that local funerals have been canceled because of the city’s inability to issue death certificates. Citizens are also unable to print out forms or pay bills.
How it Could Affect Your Customers’ Business: Governments and government agencies are a major target for ransomware groups looking to profit from a high-profile attack.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
South Korea – Hyundai
Exploit: Ransomware
Hyundai: Carmaker
Risk to Business: 1.602 = Severe
The Black Basta ransomware group claims that it has stolen 3TB of data from Hyundai Motor Europe. The carmaker confirmed that it is investigating a cybersecurity incident in which an unauthorized third party accessed a limited part of its network. As proof of the supposed hack, the group shared images of folders related to various departments at the company, including legal, sales, human resources, accounting, IT and management. No extortion demand was made public, and the incident remains under investigation.
How it Could Affect Your Customers’ Business: Consumer data isn’t theonly thing bad actors are hunting for – corporate data is also attractive and valuable.
Kaseya to the Rescue: Learn more about the trade in data and credentials on the dark web and how bad actors make a profit in our infographic 5 Ways the Dark Web Endangers Businesses. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
3 new phishing simulation kits are available now!
Phishing threats never stop evolving. Prepare employees for sophisticated phishing attacks with these three new phishing simulation kits that reflect the types of threats employees encounter all the time.
- Norton – Free Offer
- Xfinity – You’re Receiving a Credit
- World Health Organizations – Safety Measures
Learn more about these new phishing simulations and other updates in the BullPhish ID Release Notes. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
6 confusing cybersecurity solutions, explained
Cybersecurity is awash with confusing acronyms. In the 6 Confusing Cybersecurity Solutions infographic, we break down six cybersecurity acronyms that can leave you flummoxed, like automation and response (SOAR) and endpoint detection and response (EDR). Gain clarity for smart decision-making with this infographic. Great for educating decision-makers! DOWNLOAD IT>>
Did you miss… our 5-Minute Guide to Phishing Attacks and Prevention infographic? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Deepfakes Take Center Stage in the New Era of Email Phishing
In today’s digital age, where technology continues to evolve at a rapid pace, cybersecurity threats like phishing have become increasingly sophisticated. While traditional phishing emails often relied on fraudulent links or deceptive language, a new and more sinister trend has emerged: the use of deepfakes. A deepfake is a false piece of media, typically audio or video, in which bad actors manipulate or replace content to serve their purposes by making it appear as though it is authentic and created by the depicted individual. The advent of artificial intelligence (AI), especially generative AI, has helped cybercriminals create highly believable, sophisticated deepfakes that can fool even savvy victims.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Deepfake phishing costs a finance company $25 million
Deepfakes can be distributed over email, messaging, phone calls, even video. One of the most dangerous gambits in deepfake email phishing is employing deepfakes to conduct successful business email compromise (BEC) attacks. A recent example of this is the disaster that recently befell a company in Hong Kong. The company recently lost $25 million to deepfake phishing after a worker in the finance department was taken in by a deepfake phishing scam. The attack started with email phishing, then evolved into an astonishing tale of deepfake phishing using a video call.
Here’s how the incident breaks down:
- An employee received an email purporting to be from the company’s UK-based chief financial officer (CFO).
- The employee was initially suspicious of this email, which showed indications of phishing.
- Specifically, the message directed the employee to transfer $25 million to an offshore account, raising the employee’s suspicions that this might be a scam.
- After expressing his concerns, the employee was invited to a video call with the CFO to prove the transfer request was genuine.
- On the video call, the participants’ voices and faces seemed genuine, allaying the employee’s suspicions.
- The employee then transfers the $25 million as directed.
- But the whole thing was a sophisticated scam, and the supposed video call was actually a deepfake.
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Deepfakes are dangerously believable
Imagine receiving an email from your bank or a trusted colleague asking for sensitive information or requesting urgent action. The email appears legitimate, complete with the usual branding and language and even a video attached to increase its believability. There are no telltale signs of phishing. Wouldn’t you be likley to determine that teh email is genuine? Many people would fall for this scam. Deepfake emails exploit the trust individuals place in familiar senders and their susceptibility to social engineering tactics. By leveraging deepfake technology, cybercriminals can manipulate audiovisual content to deceive recipients into believing they are interacting with a trustworthy source, thereby increasing the likelihood of successful phishing attacks.
The implications of deepfakes including those used foremail phishing are far-reaching and potentially devastating. Cybercriminals can use deepfakes to steal sensitive information, perpetrate financial fraud, sow distrust in institutions, damage someone’s reputation or even deploy ransomware. Deepfakes have long been a concern during election season because they can be used to spread fake information and sway voters. Thesedangeous message could also be used to erode the trust between a company’s staffers or damage its business relationships. The possibilities are limitless – making deepfakes incredibly dangerous.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Deepfake use has grown by ten times in one year
Deepfake use in cybercrime like BEC is a fairly new development that has only really become a major concern in the past few years. However, it is ramping up quickly. In fact, there were ten times more cybercrimes like identity theft fueled by deepfakes in 2023 than in the previous year. Deepfake-fueled attacks grew the most in North America and in the Asia-Pacific region in 2023, but there were major increases around the world.
Regions with the largest percentage of increase in deepfakes between 2022 and 2023
| Region | % increase in deepfake phishing |
| North America | 1740% |
| Asia-Pacific | 1530% |
| The Middle East and Africa | 450% |
| Latin America | 410% |
Source: Infosecurity Magazine
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Mitigating the threat of deepfake email phishing
Given the sophisticated nature of deepfake technology, combating phishing with deepfakes requires a multi-faceted approach that incorporates both technological solutions and user awareness.
Advanced Detection Techniques: Implementing advanced email security solutions equipped with artificial intelligence and machine learning capabilities can help detect and block deepfake emails before they reach their intended targets.
Employee Training and Awareness: Educating employees about the dangers of email phishing, including deepfake-based attacks, and providing training on how to identify suspicious emails can empower them to recognize and report potential threats.
Email Authentication Protocols: Implementing email authentication protocols such as DMARC (Domain-based Message Authentication, Reporting, and Conformance) can help verify the authenticity of email senders and prevent domain spoofing.
Vigilance and Verification: Encouraging recipients to verify the authenticity of email communications through alternative channels, such as phone calls or in-person interactions, can help mitigate the risk of falling victim to deepfake email phishing.
As deepfake technology continues to evolve and proliferate, the threat of email phishing with deepfakes will likely persist and escalate. By leveraging a combination of advanced technologies and employee education, companies can mitigate their risk of trouble from threats like deepfakes, pursing safer email communication and safeguarding individuals and organizations from cybercrime.
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Protecting businesses from cybercrime has never been easier or more affordable with Kaseya’s Security Suite
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Practical Tips for Raising Cyber Resilience With Phishing Simulations
Wednesday, March 6 |1 PM EST / 10 AM PST
You won’t want to miss getting actionable advice on running an effective and easy-to-manage phishing simulation and security awareness training program from an expert! Phishing defense advisor Brian Doty will share his expertise including:
- Tips for setting up and running your phishing simulations for maximum effectiveness.
- How to use campaign reports to track progress and identify vulnerable users.
- Ways to reduce cyber risk with follow-up training for high-risk users and new hire training.
February 20: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
February 22: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
March 7: Kaseya + Datto Connect Local Symposium NJ REGISTER NOW>>
March 12: Kaseya+Datto Connect Local Security & Compliance Series Toronto REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!