Please fill in the form below to subscribe to our blog

The Week in Breach News: 02/14/24 – 02/20/24

February 21, 2024

This week: A Pennsylvania county council votes to pay a ransomware gang, a German battery manufacturer is knocked offline, our new Penetration Testing Buyer’s Guide and a look at the eight common types of penetration testing.

AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>

The U.S. Department of Defense (DoD)

Exploit: Supply Chain Data Breach

The U.S. Department of Defense (DoD): Federal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.771 = Severe

The U.S. Department of Defense (DoD) is in the process of notifying 20,600 people that their personal information was exposed in an email data security mishap last winter. According to the breach notification letter sent out to affected individuals on February 1, DoD is saying that a large number of emails were inadvertently exposed after they were left unprotected by a service provider between February 3 and February 20, 2023. The misconfigured cloud email server was hosted on Microsoft’s cloud for government customers, and the problem was solved in 2023, but not before the damage had been done. 

How It Could Affect Your Customers’ Business: Companies that provide services for government agencies can be a handy back door or bad actors to slip through to steal data.

Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>

Prudential Financial

Exploit: Ransomware

Prudential Financial: Insurer & Financial Services Provider

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.691 = Moderate

Fortune 500 company Prudential Financial has disclosed that its network was breached last week, and the attackers made off with employee and contractor data. The ALPHV/Blackcat has claimed responsibility for this incident. The second-largest life insurance company in the U.S. said in an 8-K filing that it detected the breach on February 5, one day after the attackers gained access to some of its systems. The company’s investigation determined that impacted individuals had their name, address, date of birth, phone number and Social Security number stolen in the attack. ALPHV/Blackcat has also claimed responsibility for a strike on loanDepot at the same time as this attack.

How It Could Affect Your Customers’ Business: The financial services sector was hit hard by cybercriminals last year and that trend looks set to continue.

Kaseya to the Rescue:  Ransomware is often an email-based cyberattack. Our 5-Minute Guide to Phishing Attacks and Prevention offers a quick guide to stopping phishing. DOWNLOAD IT>>

Washington County, PA

Exploit: Hacking

Washington County, PA: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.643 = Severe

The county council of Washington County, PA has voted to pay cybercriminals up to $400,000 to recover their data after a late January cyberattack. The ransomware incident shut down all county government services except 911 for about two weeks. The unnamed threat actors behind the attack have demanded a $350,000 ransom payment. The city council voted to pay the ransom and pay a company about $20,000 to handle the payment. The reason that the county council cited for giving in to the cybercriminals’ demands was that the cybercriminals had obtained sensitive information about children in need in the county.

How It Could Affect Your Customers’ Business: Experts including the U.S. Federal Bureau of Investigation (FBI) strongly advise that no organization should pay a ransom to cybercriminals.

Kaseya to the Rescue: Learn about ransomware and the varieties of ransomware attacks bad actors are launching today in our Ransomware 101 eBook. DOWNLOAD IT>>

Robert Half

Exploit: Hacking

Robert Half: Staffing Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.862 = Severe

Dark web threat actors using the aliases IntelBroker and Sanggiero are claiming responsibility for a data breach at Robert Half International. In a dark web post, the cybercriminals claim to have gained access to confidential records, employee documents, customer information and configuration settings related to services such as OpenAI and Twilio. The hackers offered screenshots as proof that they had gained access to Robert Half’s data. The stolen data is being offered for sale for $20,000 in Monero (XMR).

How It Could Affect Your Customers’ Business: Cyberattacks on suppliers and service providers can be a fast path to large stores of valuable data for bad actors.

Kaseya to the Rescue:  Our infographic walks you through exactly how security awareness training prevents the biggest threats that businesses face today. DOWNLOAD IT>>

Integris Health

Exploit: Hacking

Integris Health: Healthcare System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Oklahoma-based Integris Health is informing an estimated 2.4 million people that their data may have been exposed in a data breach it suffered last November. The attack landed on December 26, 2023. The healthcare provider confirmed the hit after the bad actors began contacting patients whose data they stole. The victims received emails linked to a website in the Tor network. Visitors could pay $50 and trust the attacker’s word on removing the details, or pay $3 to view information belonging to any other impacted individual. Integris Health said that it did not experience any disruption in services. A patient’s exposed data may include their full name, date of birth, contact information, demographic information and Social Security Number (SSN). 

How it Could Affect Your Customers’ Business: The element of cybercriminals contacting patients and asking for payment is chilling and unusual.

Kaseya to the Rescue:  There is a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>

Virginia Farm Bureau (VFB)

Exploit: Ransomware

Virginia Farm Bureau (VFB): Agriculture Non-Profit

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.336 = Extreme

Virginia Farm Bureau (VFB), a non-profit with the mission of agriculture advocacy that also sells insurance, has experienced a data breach as the result of a ransomware attack. Ina filing, VFB said that it has determined that an unauthorized party was able to access its network to steal data and deploy ransomware between October 6, 2022, and October 16, 2022. VFB admitted that an unauthorized party was able to access sensitive information about its members and insureds, including their names, driver’s license numbers, state identification numbers, Social Security numbers and financial account information.

How it Could Affect Your Customers’ Business: This attack gives cybercriminals access to a wide variety of personal and financial data in one swift move.

Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>> 

Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>

Trans-Northern Pipelines

Exploit: Hacking

Trans-Northern Pipelines: Petroleum Pipeline Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.442 = Extreme

ALPHV/Blackcat says that they’re responsible for a cyberattack that hit Canada’s Trans-Northern Pipeline. The company confirmed a cybersecurity incident in December 2023 that impacted some of its internal systems. The pipeline operator said its internal systems, including communication with external parties and access to data, was hindered after the attack, delaying its response to Canada Energy Regulator after the watchdog inquired about unauthorized on-the-ground activity on one of its pipelines. They were quick to reassure the public that the pipelines kept running normally. The cybercriminals claim to have stolen 183 GB of proprietary data.

How it Could Affect Your Customers’ Business: Bad actors have consistently been stepping up the pressure on infrastructure and industry targets since 2020.

Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>> 

In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>

Germany – Varta AG

Exploit: Hacking

Varta AG: Battery Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

Varta AG announced that it was hit by cyberattack that forced it to shut down IT systems and stop production at its plants. Varta AGsaid that its administration and five of its production units were taken down by hackers. The company did not provide a timeline for the restoration of its operations. The resultant production stoppage has caused a slide in Varta AG’s stock price. Varta AG is a major battery supplier to automotive companies and countries throughout the EU.

How it Could Affect Your Customers’ Business: Strategic supply chain attacks are a scary weapon that bad actors can wield to try to score faster, bigger payments through disruption.

Kaseya to the Rescue: Get tips for mitigating risk created by business relationships in our eBook The Comprehensive Guide to Third-Party and Supply Chain Risk. DOWNLOAD IT>> 

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

New Graphus integration reduces compliance data collection time

The Graphus and Compliance Manager GRC teams are excited to announce a new integration that significantly shortens the time customers spend collecting compliance-related data. This integration enables MSPs to efficiently conduct security assessments allowing them to focus more on client engagement and service provision. Its key functionalities include:

  • Automated Data Import: Directly imports protected domain metrics from Graphus into Compliance Manager GRC.
  • Precision Mapping: Aligns Graphus email security evidence with various compliance controls, including Common Controls and CIS Controls.
  • Service Delivery Managers will find this feature particularly beneficial.

Learn more about this integration on the Graphus What’s New? page LEARN MORE>> 

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Download “The Network Penetration Testing Buyer’s Guide”

Network penetration testing or pen testing is the BEST way to evaluate security risks and helps you effectively close security gaps before the bad guys have the opportunity to exploit them. But it used to be prohibitively expensive. Not anymore! The Network Penetration Testing Buyer’s Guide provides a comprehensive understanding of network penetration testing including:

  • What it is and how it works
  • The different types of pen testing solutions on the market
  • How to make a smart choice when purchasing a pen testing solution

Become an informed buyer now with our Network Penetration Testing Buyer’s Guide DOWNLOAD IT>>

Did you miss… our  6 Confusing Cybersecurity Solutions? DOWNLOAD IT>>

Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>

The 8 Main Types of Network Penetration Testing

Network security is paramount in the world of information technology (IT). However, cybercriminals are constantly innovating, looking for new ways to penetrate business networks to steal data or deploy ransomware. As businesses increasingly rely on digital infrastructure, safeguarding sensitive data and ensuring the integrity of network systems is vital. That’s why many organizations are choosing to do regular network penetration testing to locate and close security gaps before bad actors have the opportunity to exploit them. A comprehensive understanding of network penetration testing offers you insight into how to make a smart decision when choosing a network penetration testing solution.  

Excerpted in part from The Network Penetration Testing Buyer’s Guide DOWNLOAD IT>> 

Network penetration testing, or pen testing, is sometimes referred to as ethical hacking. It is a cybersecurity assessment methodology used to evaluate the security of a computer network infrastructure that involves simulating an attack on a network from an external or internal threat perspective to identify vulnerabilities and weaknesses that could be exploited by malicious actors. 

In a network penetration test, testers simulate real-world cyber-attacks to identify weak points in an organization’s network defenses. The goal is to identify any problems and fix them before a real malicious hacker can take advantage. That’s why it’s considered the best way to evaluate security risks. The primary objectives of network penetration testing are: 

  • Identifying security weaknesses and vulnerabilities before they can be exploited by malicious actors. 
  • Assessing the effectiveness of existing security controls and measures in place. 
  • Providing insights and recommendations for improving the overall security posture of the network. 

What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>

There are eight basic types of penetration testing to consider. A variety of factors can influence an organization’s choice of the appropriate type of network penetration testing like the organization’s specific goals, the level of knowledge available about the organization’s network and the desired scope of the assessment. Many organizations employ a combination of these testing types to ensure a well-rounded evaluation of their network’s security.   

1. Black-Box Testing 

Objective: In black-box testing, the tester has no prior knowledge of the network or system being tested. This simulates an external attacker’s perspective. 

Methodology: Testers perform the assessment without access to any internal documentation or system details. They rely on publicly available information and try to discover vulnerabilities just like a hacker would through reconnaissance and testing. 

2. White-Box Testing 

Objective: White-box testing is conducted with full knowledge of the network’s architecture and system details. Testers aim to provide a comprehensive assessment of the network’s security. 

Methodology: Testers have access to internal network documentation, source code and system information. They can identify vulnerabilities more efficiently, making it useful for auditing, compliance and detailed security assessments. 

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>

3. Gray-Box Testing 

Objective: Gray-box testing combines elements of both black-box and white-box testing. Testers have partial knowledge of the network, simulating an attacker with some insider information. 

Methodology: Testers use a mix of external reconnaissance and internal system knowledge to assess the network. Gray-box testing is useful when an organization wants to test specific areas or systems while keeping some aspects unknown. 

4. External Testing 

Objective: This type of testing focuses on assessing the security of the network and systems as they are exposed to the internet. It simulates attacks that originate from outside the organization’s network perimeter and tries to uncover vulnerabilities that malicious actors might exploit to gain unauthorized access. 

Methodology: Testers target the same devices, security measures and systems that a cybercriminal seeking entry from the web would, such as web servers, firewalls and VPNs, to identify vulnerabilities that could be exploited by an attacker without any internal access. 

5. Internal Testing 

Objective: Internal testing evaluates the network’s security from an insider’s perspective, such as a disgruntled employee or a compromised system. 

Methodology: Testers perform assessments from within the network, examining the security of internal systems, databases and applications. The goal is to identify vulnerabilities that could be exploited by someone with legitimate access. 

Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>

6. Blind Testing 

Objective: Blind testing is designed to simulate the scenario of an external attacker with minimal information about the target network. 

Methodology: Testers have limited knowledge about the network, and they need to gather information during the assessment. This type of testing helps evaluate the network’s ability to detect and respond to unauthorized access attempts

7. Targeted Testing 

Objective: Targeted testing concentrates on specific areas or systems within the network, often known to both the testers and the organization. 

Methodology: Testers focus on specific vulnerabilities or systems that the organization is concerned about. It’s typically more focused and efficient than broader assessments. 

8. Full-Scope Testing 

Objective: In full-scope testing, the assessment aims to cover the entire network, including all systems, applications and services. 

Methodology: Testers perform a comprehensive evaluation, identifying vulnerabilities across the entire network. This type of testing is resource-intensive but provides a holistic view of the network’s security. 

a young, bearded white man in a dress shirt looks pensively at charts on a computer monitor

See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>

Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.  

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.     

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams. 

See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>

Practical Tips for Raising Cyber Resilience With Phishing Simulations 

Wednesday, March 6 |1 PM EST / 10 AM PST

You won’t want to miss getting actionable advice on running an effective and easy-to-manage phishing simulation and security awareness training program from an expert! Phishing defense advisor Brian Doty will share his expertise including: 

  • Tips for setting up and running your phishing simulations for maximum effectiveness.
  • How to use campaign reports to track progress and identify vulnerable users.
  • Ways to reduce cyber risk with follow-up training for high-risk users and new hire training.


February 20: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>

February 22: Kaseya + Datto Connect Local Tampa REGISTER NOW>>

March 7: Kaseya + Datto Connect Local Symposium NJ REGISTER NOW>>

March 12: Kaseya+Datto Connect Local Security & Compliance Series Toronto REGISTER NOW>>

April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>

June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!