The Week in Breach News: 02/28/24 – 03/05/24
This week: China may be behind a data breach at Taiwan’s biggest telecom, American Express suffers a data breach through its supply chain, eight new cybersecurity awareness training courses in BullPhish ID, and the unbeatable benefits that come from the synergy of AV, EDR and Managed SOC.
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Golden Corral
Exploit: Hacking
Golden Corral: Restaurant Chain
Risk to Business: 1.771 = Severe
Golden Corral, a nationwide restaurant chain in the U.S., has announced that it has experienced a data breach that impacted an estimated 180,000 people. The company said that bad actors had access to its systems between August 11 and August 15, 2023. During that period, they grabbed sensitive data belonging to about 180,00 employees and former employees. The stolen information could include employee, dependent, and beneficiary names, Social Security numbers, financial account information, driver’s license numbers, medical information, username and password and health insurance information.
How It Could Affect Your Customers’ Business: Businesses like restaurants are at just as much risk for cybersecurity trouble as businesses in other service industries.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
U-Haul
Exploit: Hacking
U-Haul: Truck Rental Company
Risk to Business: 1.691 = Severe
Ubiquitous truck rental firm U-Haul has announced that it has experienced a data breach that impacts customers in the U.S. and Canada. The breach took place between July 20 and October 2, 2023, and affected about 67,000 customers. Those customers may have had their personally identifiable information (PII) exposed including their names, dates of birth and driver’s license numbers. U-aul is informing the victims by letter.
How It Could Affect Your Customers’ Business: Companies like U-Haul serve both consumers and businesses, making them likely to hold a wide variety of data.
Kaseya to the Rescue: Ransomware is often an email-based cyberattack. Our 5-Minute Guide to Phishing Attacks and Prevention offers a quick guide to stopping phishing. DOWNLOAD IT>>
American Express
Exploit: Supply Chain Data Breach
American Express: Credit Card Company
Risk to Business: 1.301 = Extreme
American Express has filed a data breach notification warning customers that their data may have been exposed. In the notification, American Express said that a third-party service provider engaged by numerous merchants experienced unauthorized access to its systems. Cardholders’ American Express Card account numbers, names and card expiration data may have been exposed in the incident. American Express did not disclose how many customers were impacted or name the merchant processor involved.
How It Could Affect Your Customers’ Business: Even big companies can experience a data breach because of a cybersecurity problem at one of their service providers.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Scotland – Scottish Ambulance Service (SAS)
https://sg.news.yahoo.com/scottish-ambulance-apologise-staff-data-093340514.html
Exploit: Human Error
Scottish Ambulance Service (SAS): Ambulance Service
Risk to Business: 1.462 = Extreme
Scottish Ambulance Service (SAS) has released an apology for their recent data breach. The January 16 incident was caused by an employee carelessly attaching the wrong document to an email, giving the recipients a look at a confidential spreadsheet. The email went out to first responders and the spreadsheet contained personal data about other first responders.
How It Could Affect Your Customers’ Business: The most likely vector for a data breach is always going to be people, but security awareness training helps eliminate careless mistakes.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Malawi – Malawi Department of Immigration
Exploit: Ransomware
Malawi Department of Immigration: Government Agency
Risk to Business: 1.702 = Severe
A ransomware attack has disrupted the operations of the Malawi Department of Immigration. The agency has been unable to issue passports for the last two weeks due to the attack on the immigration service’s computer network. The President of Malawi said that the cybercriminals have made a ransom demand, but the government will not pay it. The agency is working on a plan to begin issuing passports in the next three weeks and reinforcing its security long-term.
How it Could Affect Your Customers’ Business: It’s never a wise move for anyone to pay extortionists who will almost certainly come back for more.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Taiwan – Chunghwa Telecom
https://www.darkreading.com/cyberattacks-data-breaches/taiwan-telco-breached-data-sold-on-dark-web
Exploit: Ransomware
Chunghwa Telecom: Telecommunications Company
Risk to Business: 1.836 = Severe
Suspected Chinese hackers gained entry into the systems of Taiwan’s largest telecom, Chunghwa Telecom. The attackers made off with 1.7TB of data that was published on the dark web. Taiwanese officials confirmed that the stolen data includes documents from the armed forces, foreign affairs ministry and coast guard. However, officials at Taiwan’s Defense Ministry were quick to say that the leaked data, including contracts, did not contain confidential information.
How it Could Affect Your Customers’ Business: Nation-state hacking is frequently the cause of cyber attacks on infrastructure targets like telecommunications companies.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
Hong Kong – Cutout.Pro
Exploit: Hacking
Cutout.Pro: AI Photo Editing Tool
Risk to Business: 1.566 = Severe
AI-powered photo and video editing platform Cutout.Pro has admitted that it suffered a data breach. An estimated 21.4 million customer records were exposed. A hacker going by the name “KryptonZambie” shared a link to CSV files containing 5.93 GB on a popular dark web leak forum. About 20 million of the stolen records contained unique email addresses. The purloined records contained a variety of information, including a user’s User ID and profile picture, API access key, account creation date, email address, user IP address, mobile phone number, password and salt used in hashing, user type and account status.
How it Could Affect Your Customers’ Business: Data is still a valuable and profitable commodity on the dark web, and cybercriminals are always hunting for fresh sources.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
China – YX International
https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/
Exploit: Misconfiguration
YX International: Technology Company
Risk to Business: 1.802 = Severe
YX International, a company that specializes in routing SMS messages, has experienced a data breach thanks to an unsecured database. The researcher who discovered the database noted that it contained information that went back to July 2023, and it was apparently still in use. That information includes the contents of text messages sent to users on behalf of some of the world’s biggest tech companies like Facebook, WhatsApp, Google and TikTok. Those messages contained a variety of data including one-time passcodes and password reset links.
How it Could Affect Your Customers’ Business: Employee errors like failing to secure a database can turn into expensive nightmares for businesses fast.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Eight new cybersecurity awareness training courses just dropped!
Ensuring every employee is following smart security practices is critical for keeping companies out of cybersecurity trouble. To aid in that effort, eight new training courses are now available in the BullPhish ID Training portal. In these courses, users can learn all about:
- Business Email Compromise: Explore the tactics used in business email compromise attacks.
- Choosing Strong MFA Second Factors: Learn how to choose the right second factor for MFA
- Common Attack Methods: Learn about pretexting, malicious links and malicious attachments.
- Creating Strong Passwords: Examine techniques for creating and managing strong passwords.
- Dangers of Password Reuse: Explore the dangers of password reuse
- Intro to Social Engineering: Learn how social engineering attacks work
- Pretexting: Learn about a specific type of social engineering attack known as a pretexting attack.
- Spotting and Reporting Phishing: Learn how to spot and report phishing emails
Check them out in the BullPhish ID Release Notes. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Download “The Network Penetration Testing Buyer’s Guide”
Network penetration testing is the best way to evaluate security risks and close security gaps before the bad guys exploit them. It used to be an expensive and slow process, but not anymore! Learn how advances in automation technology have revolutionized pen testing, making it affordable and accessible for MSPs and organizations. This guide helps you become an informed buyer.
Download The Network Penetration Testing Buyer’s Guide. GET THE GUIDE>>
Did you miss…The 5-Minute Guide to Phishing Attacks and Prevention Infographic? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Unlocking the Power of AV, EDR, and Managed SOC Synergy
The cybersecurity world moves fast, with both attackers and defenders constantly looking for ways to up their game. That’s a big reason why today’s sophisticated cyber threats require a higher level of security expertise and faster incident response than ever before. Fortunately, there’s good news for defenders: the combination of an endpoint detection and response (EDR) solution, next-generation antivirus (AV) technology and a managed security operations center (SOC) produces an amazing synergy that arms IT professionals with the tools, expertise and intelligence they need to keep businesses out of cyber trouble.
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
What are AV, EDR and MDR?
EDR, AV and a managed SOC are a powerful trio. These solutions bolster cyber resilience by helping companies detect and handle cyberthreats while providing 360-degree visibility into an organization’s threat picture. The super trio also provides critical tools to speed up incident response.
EDR focuses on detecting and responding to threats at the endpoint level, such as laptops, servers and other computing devices. It employs advanced techniques, like behavioral analysis, machine learning and deep threat intelligence, to catch sophisticated threats that antivirus solutions may miss.
Managed SOC or Managed Detection and Response (MDR) is a security solution that encompasses people, processes and technology to detect, investigate and respond to security incidents across the entire organization. It’s like having a dedicated security team monitoring the network and endpoints for any signs of malicious activity. A smart SOC is especially beneficial for overcoming the cybersecurity talent shortage.
AV is designed to detect, prevent and remove malicious software, including viruses, worms, Trojans and other types of malware. It comes in two basic styles: traditional and next-generation. Traditional AV works by scanning files and programs for patterns characteristic of known malware and employing various methods to neutralize threats. Next-generation AV leverages advanced techniques like machine learning and behavioral analysis to detect and thwart previously unknown threats based on their behavior rather than static signatures.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
AV, EDR and managed SOC: A terrific trio
While AV, EDR and Managed SOC are valuable cybersecurity solutions that stand on their own, the combination of all three together is magic.
Comprehensive threat detection: AV provides the first level of protection, EDR detects threats at the endpoint and a managed SOC covers the entire IT infrastructure, such as cloud, networks and various endpoints, ensuring a comprehensive defense against cyber threats.
Faster incident response: AV conducts automatic quarantine and remediation for threats, while EDR can quickly detect and respond to sophisticated threats with its deep behavioral analysis. Adding managed SOC to the mix provides even faster incident response by correlating threat data from multiple sources and operating 24/7/365.
What should you be looking for in an EDR solution? This checklist helps you make a smart choice! GET IT>>
Improved threat intelligence: EDR and AV can provide valuable threat intelligence to managed SOC services, which can help them improve their detection capabilities. For example, if EDR or AV detects a new type of malware, it can immediately send that information to managed SOC analysts, allowing them to update their detection capabilities.
Reduced false positives: EDR can help reduce the number of false positives that an IT team has to sift through by providing providing more context around alerts. For example, if EDR detects a suspicious file on an endpoint, it can provide additional information about that file to analysts, allowing them to better determine whether it is a true threat or a false positive.
Reduced tool and vendor fatigue: By leveraging a joint AV, EDR and managed SOC solution, IT professionals simplify their cybersecurity tool stack and reduce the number of disparate security vendors that they must use to stay secure. Not only does this save time and money but also makes the day-to-day workload more efficient for the IT professional.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Put this powerhouse trio to work for you
EDR, AV and managed SOC are powerhouse technologies that complement each other perfectly and integrate seamlessly together. This winning combination can affordably provide organizations with a better defense-in-depth posture. MSPs can achieve faster incident response, improve threat intelligence and reduce false positives while minimizing tool and vendor fatigue, giving them and their clients the security edge needed in today’s dangerous world.
Datto AV: Next-generation antivirus
Datto AV is your first line of protection by catching both known and unknown threats. Through its cloud-based threat intelligence, it consistently updates threat signatures to protect against adversaries. Its next-generation AV engine incorporates advanced techniques, like machine learning, heuristic analysis and built-in AI, to protect against threats.
- Automatic quarantine and remediation – Automatically stops and removes threats from your endpoints without user intervention.
- Efficacy meets performance – Top-notch antivirus security without compromising your system’s performance.
- Strong self-defense – Anti-tamper technology stops unauthorized modifications to its processes, registry keys and files.
- Schedule a demo now! SCHEDULE IT>>
Datto EDR – Endpoint detection made easy
Datto EDR empowers IT teams to detect and respond to advanced threats quickly and efficiently. An easy-to-use cloud-based EDR solution that’s purpose-built for managed service providers (MSPs), Datto EDR defends all endpoints — desktops, notebooks and servers — across Windows, macOS and Linux operating systems.
- Patented deep memory analysis ensures that you’re informed of even the most elusive threat actors.
- Take action against advanced threats right from your alert dashboard to isolate hosts, terminate processes, delete files and more without wasting precious seconds.
- Alerts are mapped to the MITRE ATT&CK framework to provide context and helpful clarity to your team.
- Includes Ransomware Rollback, which instantly reverts encrypted files to their original state after a ransomware attack, ensuring normal business operations are up and running without loss of time, money or data.
- Schedule a demo now! SCHEDULE IT>>
RocketCyber Managed SOC
RocketCyber is a white-labeled managed service that leverages our threat monitoring platform to detect malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud. Our elite team of security veterans hunt, triage and work with your team when actionable threats are discovered, including:
- Continuous monitoring — Round-the-clock protection with real-time threat detection.
- World-class security stack — 100% purpose-built platform backed by over 50 years of security experience.
- Breach detection — The most advanced detection to catch attacks that evade traditional defenses.
- Threat hunting — An elite security team proactively hunts for malicious activity.
- No hardware required — Patent pending cloud-based technology eliminates the need for on-prem hardware.
- Schedule a demo now! SCHEDULE IT>>
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Practical Tips for Raising Cyber Resilience With Phishing Simulations
Wednesday, March 6 |1 PM EST / 10 AM PST
You won’t want to miss getting actionable advice on running an effective and easy-to-manage phishing simulation and security awareness training program from an expert! Phishing defense advisor Brian Doty will share his expertise including:
- Tips for setting up and running your phishing simulations for maximum effectiveness.
- How to use campaign reports to track progress and identify vulnerable users.
- Ways to reduce cyber risk with follow-up training for high-risk users and new hire training.
March 7: Kaseya + Datto Connect Local Symposium NJ REGISTER NOW>>
March 7: Kaseya + Datto Connect Local Auckland REGISTER NOW>>
March 12: Kaseya+Datto Connect Local Security & Compliance Series Toronto REGISTER NOW>>
March 14: Kaseya+Datto Connect Local Security & Compliance Series Lansing REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!