The Week in Breach News: 02/22/23 – 02/28/23
This week: Ransomware crops up at Dole, the big fallout of a Business Email Compromise (BEC) attack on a small city in Ohio, a major blunder at the U.S. Department of Defense and how to build a killer incident response team.
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Dish Network
Exploit: Ransomware
Dish Network: Television Service
Risk to Business: 1.402 = Extreme
Major U.S. satellite television provider Dish Network has been knocked off the air by a suspected ransomware attack. Customers first noticed the service outage last Thursday and the problem persisted through the weekend. The outage appears to affect most parts of the company, including online bill payment services, customer service and Boost Mobile, the prepaid wireless carrier acquired by Dish in 2020. Dish has not made a formal statement about the incident and no ransomware group has claimed responsibility
How It Could Affect Your Customers’ Business: This kind of ongoing service interruption is a nightmare and will certainly push customers to switch to another service.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
U.S. Department of Defense
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/
Exploit: Misconfiguration
U.S. Department of Defense: Federal Government Agency
Risk to Business: 1.702 = Severe
The U.S. Department of Defense (DoD) is facing a storm of trouble after a wealth of sensitive information was accidentally left unprotected by a password or security measures on a misconfigured server. The exposed server was hosted on Microsoft’s Azure government cloud. The server in question functioned as part of an internal mail system. It held an estimated three terabytes of internal military emails including messages related to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations. Personnel files with records of clearance investigations may have been exposed in this incident. The data remained unprotected for at least two weeks until the blunder was reported to DoD by an outside researcher.
How It Could Affect Your Customers’ Business: Even the strictest and most secure environments can experience trouble thanks to human error.
ID Agent to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
The City of Hilliard, Ohio
Exploit: Business Email Compromise
The City of Hilliard, Ohio: Municipal Government
Risk to Business: 1.808 = Severe
A business email compromise attack that netted cybercriminals more than $200k against the city of Hilliard, Ohio has resulted in the city’s finance director being fired. The trouble started on December 8, 2022, when an accounting assistant in the city’s finance department fell for phishing messages from an unnamed bad actor pretending to be an existing city vendor, Strawser Paving Company. The cybercriminals corresponded with the employee about payment due for services supposedly rendered. The cybercriminals struck again with the next phase of the scam on December 19, 2022, this time convincing the same employee to change the bank account routing information the city had for the company. On December 20, 2022, the city employee then paid the company’s fraudulent bill for $218,992.06. The finance employee involved in this affair and the city’s finance director were placed on paid administrative leave on February 6, 2023. Ultimately, the finance director was fired for failing to report the event to other officials in a timely manner, and the employee resigned. The city is working to get its money back and has filed an insurance claim.
How It Could Affect Your Customers’ Business: Municipal governments have been prime targets for the bad guys because often lax security means there is easy money to be made.
ID Agent to the Rescue: Learn how to reduce risk and prevent damage from devastating BEC attacks in our Comprehensive Guide to Business Email Compromise. DOWNLOAD IT>>
Stanford University
https://gbhackers.com/stanford-university-data-breach/
Exploit: Hacking
Stanford University: Institution of Higher Learning
Risk to Business: 2.779 = Moderate
California’s Stanford University has reported a data breach that impacted 897 candidates in its Ph.D. program. Bad actors gained access to files containing sensitive admission information for the Economics Ph.D. program from the university’s website. The incident occurred between December 2022 and January 2023, and the university says that two unauthorized downloads of the data were made during that period. applicants’ applications as well as the materials that accompanied them. Applicants may have had personal information exposed including their first and last name, date of birth, home address, mailing address, phone number, mail address, race, ethnicity, citizenship, gender, transcripts, personal statements, resume and letters of recommendation. No financial data was involved in this incident.
How It Could Affect Your Customers’ Business: In states with especially stringent data privacy laws, incidents like this can be punishingly expensive.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Reventics
Exploit: Hacking
Reventics: Business Services Provider
Risk to Business: 1.899 = Severe
Medical revenue management company Reventics suffered a data breach that has affected several major U.S. Healthcare providers. The company filed a data breach notice on February 10, 2023, detailing the incident to regulators in Montana. Reventics says that a hacker accessed the company’s network in December 2022 and stole confidential consumer information from the company’s computer network. Information exposed in the incident included consumers’ names, Social Security numbers, dates of birth, financial information, and protected health information. More than 200k people have been impacted in this incident.
How it Could Affect Your Customers’ Business: Security problems at service providers quickly end up becoming security problems for their clients.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Ireland – Dole Food Company
Exploit: Ransomware
Dole Food Company: Agribusiness
Risk to Business: 1.709 = Severe
Fruit and vegetable giant Dole Food Company announced that they have experienced a ransomware attack that has snarled much of the company’s systems. Dole told retailers that the February 22 attack caused the company to shut down its North American network, including processing plants, and press pause on all shipments, resulting in produce shortages at some North American grocers. No group has claimed responsibility. Dole said in a statement that it has hired a third-party cybersecurity firm to investigate the incident.
How it Could Affect Your Customers’ Business: Bad actors have been setting their sights on manufacturers of every stripe as supply chain attacks increase.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Kaseya’s Security Suite makes keeping businesses out of cybersecurity trouble easy & affordable. SEE HOW>>
Australia – The Good Guys
https://www.channelnews.com.au/1-85m-good-guys-customers-impacted-by-data-breach/
Exploit: Supply Chain Attack
The Good Guys: Discount Retailer
Risk to Business: 1.711 = Severe
Discount warehouse retailer The Good Guys has experienced a data breach as a result of an incident at a service provider. The company is contacting 1.85 million past and present members of its Concierge loyalty program to let them know that some of their personal information may have been exposed in 2021 in an incident at the company that ran Good Guys’ loyalty program, Pegasus Group Australia (now called My Rewards). A Good Guys spokesperson said that the company no longer has a relationship with My Rewards. The company said that no customer data like identity documents or financial information such as driver’s license, passport or credit card data was exposed in this breach.
How it Could Affect Your Customers’ Business: Supply chain attacks are increasing and every company needs to be ready for trouble with a strong incident response plan.
ID Agent to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
See how today’s biggest threats may impact businesses in our security blogs.
- GPT-3 Makes Phishing Scams Like These Worse
- Why Should Businesses Choose a Managed SOC?
- A Guide to Phishing Incident Response
- The Week in Breach News: 02/15/23 – 02/21/23
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
9 New Phishing Kits Added to BullPhish ID
Phishing is the biggest cybersecurity hazard that businesses face today. Training employees to resist phishing with phishing simulations through BullPhish ID is an effective way to mitigate that risk. We’ve recently added 9 new phishing campaign kits in three languages to help you train users to spot and stop branded phishing attempts.
- Adobe – Special Offer
- Adobe – Adobe offre une réduction de 50%
- AirBnB – 50% off Offer
- AirBnB – Obtenez 50% de votre Prochain
- Amazon – Verify Account
- Amazon – Vérification
- American Express – High Volume Purchase
- LinkedIn Custom
- LinkedIn – Réinitialisation de mot de passe
Learn more about these new kits and other fresh innovations in the BullPhish ID Release Notes.
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
New Incident Response Planning Resources Are Available Now!
Did you know that 1 in 3 businesses have neglected incident response planning? These days, it’s less a matter of “if” a company has a cybersecurity incident and more of a “when”. A formal, tested incident plan is a necessity to help a business survive. These resources can help you and your clients make the right plan.
- 5 Tips for Incident Response – This infographic is packed with tips that can help you build a strong incident response plan. DOWNLOAD IT>>
- Elements of an Incident Response Plan – This checklist outlines must-haves in any incident response plan. DOWNLOAD IT>>
- How to Build an Incident Response Plan – Our eBook helps you build an incident response plan that gets businesses back to work fast. DOWNLOAD IT>>
Did you miss… 10 Tips for Successful Employee Security Awareness Training? DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
How to Build a Killer Incident Response Team
With a significant rise in cyberattacks and cybercriminals constantly on the prowl, organizations must not discount the possibility of falling prey to a cyber incident. It is paramount for every company to have a formal, tested incident response plan in place to minimize damage and get back to work quickly should an attack occur. The second half of 2022 witnessed a 21% increase in security incidents, spoiling what would have been an excellent year for organizations in terms of cyber incidents. Supply chain attacks have also become more common, outpacing malware like ransomware with 40% more businesses experiencing supply chain attacks than malware attacks in 2022. Constantly shifting cybercrime risks like this are a great example of why it pays to be ready for anything, and incident response planning is the foundation of readiness. These tips can help you build a killer incident response team.
Excerpted in part from our new eBook How to Build an Incident Response Plan. DOWNLOAD IT NOW>>
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Building the right incident response team in advance is crucial
People are any company’s biggest asset when a crisis crops up. The key to effective incident management is having the right people in the right roles. Then it’s essential to ensure that those people know their jobs in the event of a crisis and are ready to swing into action. To accomplish that complex task, every business needs to establish a Computer Security Incident Response Team (CSIRT) that can respond to incidents promptly and effectively.
An effective CSIRT team covers all of the areas that a company may need to be concerned about in an incident response. Because no two incidents are the same, not everyone on the team may have a major role to play in every incident. However, it is important to ensure that each of the roles in a CSIRT is filled. Incidents develop and evolve quickly. Standing by waiting to find someone to give legal advice during an incident could be disastrous. Ensuring that you’ve covered all of the bases and that everyone knows their roles prevents delays and friction when specialized advice or action is required.
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
The roles in a CSIRT
A solid team requires a variety of professionals with the appropriate skill sets. The team should be able to handle all aspects of an incident and provide a broad range of expertise. A CSIRT team should include the following roles:
Management: The management members include the upper-level management, such as C-suite execs, working across the organization. The management role is responsible for establishing incident response policy, budget and staffing. They are also responsible for coordinating incident response among various stakeholders, minimizing damage and reporting to appropriate authorities.
Technical lead: The CSIRT technical lead is responsible for coordinating IT and security activities and making strategic decisions. They are accountable for the company’s operations, incident response budget and strategic direction. They also report to upper-level management and render advice on security issues, current threats and issues related to meeting compliance standards.
Lead Investigator: The lead investigator works with an extended team of security analysts and forensic investigators to investigate the occurrences during a security incident.
Communications: The communications team members are responsible for managing communications within the CSIRT team and organization as a whole to defuse the situation after a breach. They also ensure that stakeholders, clients and appropriate authorities are duly informed about an incident.
Legal: The legal expert advises the organization about compliance and disclosure requirements and the types and scope of any potential legal implications the incident may have for the organization.
Create a decision matrix
Once the roles and responsibilities of the incident response team have been established, it is important to ensure it can respond quickly to any breach. To facilitate a quick response, organizations must create a high-level decision matrix. Here are some of the roles that make up an effective decision matrix:
Owner: Ideally, the technical lead is the owner of the decision matrix who makes the decisions and owns the process. In the event of a security breach, he/she updates all team members regarding the incident and advises the technical team on the way forward.
Helpers: CSIRT helpers help other team members accomplish their tasks.
Advisors: Advisors counsel teams on addressing the issues after an incident.
Implementers: Implementers are associate-level employees who work with senior members to limit incident-related damages.
Updaters: Updaters inform all CSIRT team members about the incident status and actions of other team members.
Finding the fix for your security & compliance training challenges is easy with our buyer’s guide! GET YOUR GUIDE>>
Detect and mitigate incidents with Managed SOC
With the growing numbers and sophistication of cyberattacks, organizations need round-the-clock security for timely and effective response to security threats or incidents. A security operations center (SOC) can help you detect and mitigate security gaps and breaches fast. However, building a SOC is costly and complex and can be a daunting task.
You can boost your organization’s cyber defense by choosing to partner with Kaseya’s Managed SOC. With Managed SOC, your organization has access to the tools and help it needs to stop advanced cyberthreats from damaging your organization. Our world-class, white-labeled managed detection and response (MDR) solution is an innovative, affordable and effective way to power up your security.
An elite team of cybersecurity experts leverages our Threat Monitoring Platform to detect malicious and suspicious activity across three critical attack vectors — endpoint, network and cloud. Plus, you’ll have a team of security veterans available to you 24/7/365 to dive in immediately and work with your team when actionable threats are discovered.
Benefits of Kaseya’s Managed SOC
- Continuous monitoring: Get round-the-clock protection with real-time advanced threat detection.
- Breach detection: Thwart sophisticated and advanced threats that bypass traditional AV and perimeter security solutions.
- Threat hunting: Focus on other pressing matters while an elite cybersecurity team proactively hunt for malicious activities.
- SIEM-less log monitoring: Monitor, search, alert and report on the three attack pillars’ (network, cloud and endpoint) log data spanning Windows and macOS, firewalls, network devices, Microsoft 365 and Azure AD without requiring heavy security event and incident management investment.
- No hardware requirements: Eliminate the need for costly and complex on-premises hardware with our patent-pending, cloud-based technology.
Learn more about Managed SOC.
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 8: Security Suite Product Demo Webinar REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 16: Kaseya + Datto Connect Local London REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
June 26-28: DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!