The Week in Breach News: 02/15/23 – 02/21/23
This week: The FBI investigates an incident of its own, another NHS hack exposed data and an introduction to Datto EDR plus a look at security solutions that can speed up an incident response.
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
U.S. Federal Bureau of Investigation (FBI)
Exploit: Hacking
U.S. Federal Bureau of Investigation: Federal Government Agency
Risk to Business: 1.657 = Severe
The U.S. Federal Bureau of Investigation (FBI), an agency that is often tapped to investigate cyberattacks, is investigating a cyberattack of its own. The agency has not released any specifics about the incident, but news outlets report the hacking involved systems based in the Bureau’s New York field office used by investigate child sexual exploitation. No clear timeline on this hack has been made available and the FBI has offered no comment beyond confirming that the Bureau is investigating a cyber incident.
How It Could Affect Your Customers’ Business: Government agencies and entities at every level are prime targets for the bad guys.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
Burton Snowboards
Exploit: Hacking
Burton Snowboards: Athletic Equipment Company
Risk to Business: 1.402 = Extreme
Legendary snowboard maker Burton has canceled all of its online orders because of an unspecified cyber incident. The company said in a statement that it was experiencing an online outage because of a cyberattack. Customers were advised to buy in person at Burton retailer or use the company’s rental program. Burton said that it’s currently investigating the incident with the help of outside experts to establish its impact. No word on what if any data was affected or a timeline for Burton to resume processing online orders.
How It Could Affect Your Customers’ Business: Retailers have been seeing increasing cybersecurity problems around their online operations.
ID Agent to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Lehigh Valley Health Network (LVHN)
Exploit: Ransomware
Lehigh Valley Health Network: Healthcare Provider
Risk to Business: 1.808 = Severe
Lehigh Valley Health Network, based in Pennsylvania, has disclosed that it has been the victim of a ransomware attack by the Black Cat/ALPHV ransomware group. The hospital system was quick to assure the public that it was not experiencing any operational disruption. LVHN did not specify the demanded ransom amount but did state that they have no intention of paying the extortionists. The hospital says that on February 6, 2023, the group gained access to the network in a radiology office connected to the hospital and used that access to launch a ransomware attack against LVHN. BlackCat allegedly stole patient data in this attack, including patient images regarding radiation oncology treatment.
How It Could Affect Your Customers’ Business: Healthcare targets have been getting hammered by ransomware groups and hackers thanks to the wide array of valuable data they hold.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
United Kingdom – National Health Service (NHS)
https://www.infosecurity-magazine.com/news/data-leak-hits-thousands-of-nhs/
Exploit: Human Error
National Health Service (NHS): Government Agency
Risk to Business: 2.779 = Moderate
Britain’s National Health Service (NHS) has experienced a data leak caused by an employee error. Around 14,000 employees at The Liverpool University Hospital Foundation Trust (LUHFT) have been informed that their personal data may have been exposed because of any employee blunder. In the incident, an employee mistakenly sent an Excel file sent to hundreds of NHS managers and 24 external accounts containing personal and sensitive payroll information. Impacted workers have been informed in a letter of apology and the incident has been reported to the Information Commissioner’s Office.
How It Could Affect Your Customers’ Business: Employee mistakes can cause expensive data security incidents that are as bad or worse than a cyberattack.
ID Agent to the Rescue: Learn more about malicious and accidental insider risk and gain actionable insight on how to mitigate it in our eBook The Guide to reducing Insider Risk. DOWNLOAD IT>>
Ireland – Tusla
Exploit: Supply Chain Breach
Tusla: Government Agency
Risk to Business: 2.879 = Moderate
Ireland’s children and family services agency Tusla will begin informing an estimated 20,000 people that their data was compromised during a 2021 cyber-attack on the HSE. That agency provides IT services for Tusla. The impacted data belonged to both individuals and to staff members. Officials offered HR data as an example of the internal use data types that could be involved and referral letters, reports, email correspondence as examples of the user data that was compromised. Victims will have the option to go to an online portal to find out the specifics about their compromised data or call a hotline.
How it Could Affect Your Customers’ Business: Security problems at service providers quickly end up becoming security problems for their clients.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Portugal – Aguas do Porto
https://securityaffairs.com/142477/cyber-crime/lockbit-water-utility-aguas-do-porto.html
Exploit: Ransomware
Aguas do Porto: Utility
Risk to Business: 1.709 = Severe
The Lockbit ransomware gang is supposedly behind a ransomware attack on Portuguese water utility Aguas do Porto. The group claims to have stolen data and added the utility to its dark web leak site last week with a “pay by” demand date of March 7, 2023, to avoid the release of that data. The company confirmed that it did experience a security breach on January 30. Aguas do Porto said that the attack impacted some of its services, but not the water supply and sanitation operations. The National Cybersecurity Center and the Judiciary Police are investigating the security breach.
How it Could Affect Your Customers’ Business: Infrastructure targets are favorites of ransomware groups, with 14 of 16 infrastructure sectors experiencing attacks last year.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Bulgaria – MyQRcode
Exploit: Misconfiguration
MyQRcode: Code Generator Website
Risk to Business: 1.711 = Severe
Popular Bulgaria-based QR code generator website MyQRcode has been leaking data due to a misconfiguration. The site has leaked an estimated 128 GB of data that includes the personal information of about 66,000 users. The Elasticsearch server involved was accidentally left publicly accessible without any security authentication or password. That problem was compounded by the fact that the company was seemingly unaware of the problem and continues to update the server with new user records daily until recently. The leaked data includes personal and login credentials of My QR Code customers, including full names, job titles, email addresses, password hashes, URLs to QR codes, phone numbers, mailing addresses, links to users’ social media profiles and links to users’ personal, business, or company websites.
How it Could Affect Your Customers’ Business: Misconfigurations can create tremendous problems that can take a long time to discover.
ID Agent to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
India – RailYatri
https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/
Exploit: Hacking
RailYatri: Transportation Booking Platform
Risk to Business: 1.823 = Severe
Major Indian rail booking platform RailYatri has suffered a data breach that has resulted in personal information becoming exposed for over 31 million travelers. The initial breach occurred in December 2022, but the customer data was just made available in the dark web forum Breachforums. The 12 GB worth of leaked data includes users’ email addresses, full names, genders, phone numbers and locations as well as 37,000 invoices detailing travel plans.
How it Could Affect Your Customers’ Business: This kind of data is attractive to bad actors and can bring them a pretty penny when reselling it on the dark web.
ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- Why Should Businesses Choose a Managed SOC?
- A Guide to Phishing Incident Response
- Supply Chain Attacks Rise While Other Breaches Dip Slightly
- The Week in Breach News: 02/08/23 – 02/14/23
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
Explore Datto Endpoint Detection and Response (EDR)
Have you explored the possibilities of expanding your security business with Datto Endpoint Detection and Response (EDR)? Datto EDR is an easy-to-use cloud-based EDR solution that’s designed to make it effortless for Managed Service Providers (MSPs) to detect and respond to advanced threats. These resources can help you get up to speed.
Datto EDR Buyers Guide – Learn more about how Datto EDR eliminates common EDR issues, such as high-cost, management complexity and alert fatigue in this eBook. DOWNLOAD IT>>
Datto EDR: Advanced Endpoint Threat Detection and Response for MSPs – Discover how Datto EDR provides effective endpoint detection and response in an affordable, easy-to-use, manage and deploy package in this data sheet. DOWNLOAD IT>>
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
NEW EBOOK: How to Build an Incident Response Plan
A robust incident plan can help you rapidly detect breaches, minimize damages, mitigate the loopholes that cybercriminals exploited and restore IT services.
Download this eBook to learn how to build your incident response plan and protect your business from severe financial and reputational damages. You’ll learn:
- Why an incident response plan is a must-have for every organization
- Which security solutions help with incident response
- How to build an incident response team
Did you miss… The Comprehensive Guide to Business Email Compromise? DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
These Security Solutions Help Facilitate a Smooth Incident Response
In the last few years, the ever-growing frequency and scale of cyberattacks paint an alarming picture, with numerous organizations falling prey to cyberattacks like ransomware, business email compromise, spear phishing and other dangerous cyberattacks. These attacks often lead to severe consequences for organizations and the situation is only worsening. According to IBM, the average cost of a data breach increased by 2.6% from $4.24 million in 2021 to $4.35 million in 2022. With a significant rise in cyberattacks and cybercriminals constantly on the prowl, organizations must not discount the possibility of falling prey to a cyber incident. It is paramount for every company to have a formal, tested incident response plan in place to minimize damage and get back to work quickly should an attack occur, and certain cybersecurity solutions offer benefits in incident response.
Excerpted in part from our new eBook How to Build an Incident Response Plan. DOWNLOAD IT NOW>>
Why do organizations need an incident response plan?
According to a recent IDC ransomware survey, one-third of companies worldwide have experienced a ransomware attack or breach that blocked access to their systems or data. Without a proper incident response plan, organizations are left in the lurch during a breach, which gives threat actors free reign to effect maximum damage on the victim organization. However, with a formal, tested incident response plan, organizations can define a breach, the roles and responsibilities of the security team, tools for managing a breach, steps to address a cyber incident, how the incident will be investigated and communicated, and all the other requirements following a data breach. Along with rapid restoration of normal operations and the reduction of financial damages, here are some other benefits of an incident response plan.
Minimize reputation damage
If a security breach is not handled properly, it can be a PR nightmare for organizations. Organizations risk losing customer trust, which might diminish their customer base. An estimated 60% of SMBs go out of business within six months of a data breach or cyberattack. Even publicly traded organizations risk losing investor and shareholder confidence following a publicized data breach. For example, the share prices of companies like Equifax, Target, Yahoo! and Sony dipped significantly following a cyberattack on their systems.
Find security gaps before they are exploited
An incident response plan can prevent an organization from falling victim to a cyberattack. It helps them identify and close security gaps and increases cybersecurity awareness among employees, reducing cyberattacks due to human error. IBM researchers announced that only 39% of organizations with a formal, tested incident response plan experienced an incident as compared to 62% of those that didn’t have a plan.
Improve compliance
Having an incident response plan is a universal best practice and is mandatory under many data privacy regulations, including the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA).
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
What security solutions help with incident response?
While cyberattacks always come unannounced, some solutions play a crucial role in enabling organizations to quickly identify and address security threats. Here are some solutions that strengthen an organization’s security and also offer incident response benefits.
Identity and access management (IAM): Effective access control is critical for preventing intrusions, giving security teams the required tools to effectively deal with an incident. Many solutions feature single sign-on (SSO), with access to networks and tools controlled for each user from individualized launchpads. Not only does this make it easy for techs to control access points, it also makes it easy to close them off and isolate a compromised user account.
Endpoint detection and response (EDR): EDR solutions record and store activities and events taking place on endpoints and use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity and provide remediation suggestions to restore affected systems. An EDR tool augments an organization’s incident detection, investigation and response capabilities, including incident data search and investigation alert triage, suspicious activity validation, threat hunting and malicious activity detection and containment.
Security Operations Center (SOC): A SOC is one of the most significant pillars in incident response planning. A SOC gives responders the data they need to quickly mount an effective response, helping reduce the attackers’ dwell time and damage. It also enables organizations to establish the metrics to measure the success of any incident response. A SOC can be maintained in-house, or an organization may opt to use a managed SOC. Using a Managed SOC has many advantages for preventing and addressing cyberattacks. First and foremost, a Managed SOC will be staffed by cybersecurity professionals who can provide threat analysis and expert help in the event of a cyberattack. With a Managed SOC, SMBs can also perform vulnerability assessments to identify potential threats and address vulnerabilities.
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
Backup and recovery: A backup and recovery strategy is critical for helping organizations minimize the impact of downtime. A backup and recovery solution helps an organization recover data and IT resources, enabling it to quickly get back to work following a cybersecurity incident.
Dark web monitoring: Cybercriminals often sell an organization’s stolen data on dark web forums, which allows other perpetrators to launch a cyberattack on the organization. A dark web monitoring solution scans through billions of pages on the internet to find leaked or stolen information, such as compromised passwords, credentials, intellectual property and other sensitive data. Once the solution finds compromised data, it alerts the impacted organization, enabling it to devise remediation strategies.
Security awareness training: Most cyberattacks are caused due to a human error with cybercriminals increasingly using social engineering techniques to trap an organization’s employees. A security awareness training solution empowers an organization’s employees to detect phishing lures easily and prevent their organization from costly cyberattacks. Organizations that engage their employees in regular security awareness training have 70% fewer security incidents.
Email security: Since email is the primary communication channel for almost all organizations, cybercriminals look for vulnerabilities in an organization’s email environment that they can exploit. Email security solutions monitor an organization’s email traffic continually and rapidly detect and report any unusual and malicious emails that enter its network. This allows organizations to eliminate threats before they can inflict any harm.
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Get the Security Tools You Need in Kaseya’s Security Suite
Our security solutions can help keep businesses out of trouble effectively and affordably.
Security awareness training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
EDR
Datto Endpoint Detection and Response (EDR) gives MSPs the edge that enables them to detect and respond to advanced threats.
- Provide insight into the suspicious behavior that has been detected and stopped on your customers’ endpoints
- Highlight smart recommendations for security best practices to make security standard compliance easy
- Our click-to-respond feature supports your team in taking action against cyber-attacks as quickly as possible to reduce potential damage
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Sydney, Australia REGISTER NOW>>
February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 8: Security Suite Product Demo Webinar REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 16: Kaseya + Datto Connect Local London REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!