The Week in Breach News: 03/06/24 – 03/12/24
This week: Highly sensitive data may have been exposed at CISA, another big casualty of the Infosys McCamish breach is announced, cyberattacks leave both coffee fans and beer drinkers in Belgium thirsty and a fascinating complete walk-through of the penetration testing process.
Fidelity Investments Life Insurance Company (FILI)
Exploit: Supply Chain Data Breach
Fidelity Investments Life Insurance Company (FILI): Insurer
Risk to Business: 1.771 = Severe
Fidelity Investments Life Insurance Company (FILI) is informing about 20,000 customers that it has experienced a data breach due to a cybersecurity incident at one of its vendors, Infosys McCamish (IMS). That vendor was also responsible for the recent Bank of America data breach. In November 2023, IMS notified FILI about an unspecified “cybersecurity event” that disrupted its services. After an investigation, IMS discovered that its systems were breached between October 29 and November 2, 2023. IMS determined that the bad actor was able to obtain data stored on those systems. FILI informed customers that their stolen data may have included individual names, Social Security numbers, states of residence, bank account and routing numbers and dates of birth.
How It Could Affect Your Customers’ Business: Business service providers are prime targets for cyberattacks because they often hold large stores of data without sophisticated security.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Cybersecurity and Infrastructure Security Agency (CISA)
https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise
Exploit: Hacking
Cybersecurity and Infrastructure Security Agency (CISA): Federal Agency
Risk to Business: 1.691 = Severe
Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that it was forced to take two servers offline after bad actors were able to breach them in February. The agency said that the cause of the trouble was vulnerabilities in Ivanti products. While CISA would not comment on which systems or what data was accessed, reports point to hackers accessing the Infrastructure Protection (IP) Gateway, which houses critical information about the interdependency of U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), which houses private sector chemical security plans. CISA said in a statement “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”
How It Could Affect Your Customers’ Business: Even big players in the security space can have trouble because of an unexpected vulnerability.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
South Saint Paul Public Schools
Exploit: Hacking
South Saint Paul Public Schools: Regional Education Authority
Risk to Business: 1.301 = Extreme
South Saint Paul Public Schools in Minnesota has informed parents, students and faculty that it is experiencing a cybersecurity problem that has knocked out online platforms, email and other digital services. The district said they were forced to shut some systems down after discovering an intrusion. Officials stressed that they are prioritizing ensuring that students and staff are able to maintain a productive learning environment.
How It Could Affect Your Customers’ Business: Schools have been the top target for ransomware attacks for the last few years, putting sensitive student data and learning at risk.
Kaseya to the Rescue: Our infographic The Top Cyberthreats Schools Face and How to Stop Them helps faculty and staff understand the dangerous cyber risks that K-12 schools face. DOWNLOAD IT>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
https://therecord.media/canada-fintrac-cyberattack-systems-offline
Exploit: Hacking
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC): Government Agency
Risk to Business: 1.462 = Extreme
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s financial intelligence agency, has announced that it has had to pull its systems offline due to a cyber incident that struck over the weekend. The agency was quick to reassure the public that the incident did not involve the Centre’s intelligence or classified systems but did not further specify exactly which systems or functions were impacted. The incident remains under investigation.
How It Could Affect Your Customers’ Business: Government agencies at every level are prime cyberattack targets, creating a need for sophisticated cyber defenses.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
The City of Hamilton, Canada
https://therecord.media/canadian-city-hamilton-ransomware-recovery
Exploit: Ransomware
The City of Hamilton, Canada: Municipal Government
Risk to Business: 1.702 = Severe
The City of Hamilton, Canada, a municipality located about 40 miles away from Toronto, has experienced a ransomware attack that has impacted city systems and services. The attack was discovered on February 25. Critical infrastructure including water and wastewater treatment, waste collection and transit are operational but many other city services are not. Citizens must pay taxes, tickets or fines in person. Most public agencies are without phone service, and libraries are unable to offer Wi-Fi. All city council meetings before March 15 have been canceled. No ransomware gang has claimed responsibility for the attack.
How it Could Affect Your Customers’ Business: Ransomware attacks that take down city governments are especially dangerous because of the potential impact on emergency services.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Belgium – Duvel Moortgat Brewery
Exploit: Ransomware
Duvel Moortgat Brewery: Beer Brewer
Risk to Business: 1.836 = Severe
Duvel Moortgat Brewery, maker of popular Belgian beer brand Duvel and abbey beers Vedett, Maredsous and La Chouffe, has been forced to take systems offline and halt beer production due to a ransomware attack on March 5. The company said that it does not know when production will restart. However, the company says that beer drinkers don’t need to worry because they have plenty of beer on hand and do not expect any impact on distribution. But residents of Breendonk, the Belgian village where Duvel Moortgat Brewery is located, are not having a very good March so far in terms of creature comforts – local coffee roasters Koffie Beyers was also hit by a cyberattack this week.
How it Could Affect Your Customers’ Business: Food and drink manufacturers are critical infrastructure, and attacks on critical infrastructure targets are experiencing increased levels of ransomware risk.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
UK – Jersey Financial Services Commission (JFSC)
https://www.bbc.com/news/articles/cnk5zyypw24o
Exploit: Misconfiguration
Jersey Financial Services Commission (JFSC): Regional Government Agency
Risk to Business: 1.566 = Severe
The Jersey Office of the Information Commissioner is investigating a data breach at the Jersey Financial Services Commission (JFSC). The agency experienced a data breach on January 24, 2024, as a result of a misconfiguration in its third-party-supplied Registry system. The misconfiguration allowed access to non-public names and addresses. However, the stolen data did not link any individuals to registered entities or roles held. The incident is under investigation.
How it Could Affect Your Customers’ Business: Human error like this is perennially the top cause of cyber trouble but that risk can be reduced dramatically by security awareness training.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
UK – Leicester City Council
Exploit: Hacking
Leicester City Council: Municipal Government
Risk to Business: 1.802 = Severe
The Leicester City Council says that it expects its IT systems and phone lines to be down until at least midweek after a cyberattack took out some systems on March 7, 2024. The attack snarled operations for many city services. A spokesperson said that they expect that at least some services will be restored by Wednesday. Emergency phone lines have been set up for those who need urgent assistance.
How it Could Affect Your Customers’ Business: Hackers can create a cascade of trouble for local governments and the citizens who rely on them.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
The Kaseya Security Suite Q2 Product Innovation Update Webinar
Get your updates about all of the solutions in our Security Suite in one place! This webinar will equip you with the knowledge you need to stay ahead in the ever-changing cybersecurity landscape. Learn about the innovation that we’re bringing to Dark Web ID, BullPhish ID, Graphus, Datto EDR and RocketCyber Managed SOC in Q2 2024. We’ll cover:
- Everything you need to know about our brand new antivirus, Datto AV.
- How these updates can strengthen your cybersecurity defenses and protect your organization from emerging threats.
- What’s next for our Security Suite and what we’re planning in the future.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The Educator’s Handbook to Network Pentesting
Learn why network penetration testing or pen testing is the best way for schools and school districts to uncover their security risks before the bad guys have a chance to exploit them. MSPs: This guide is perfect for broaching the subject of pen testing to clients and prospects in the education sector! In this guide, we explore:
- Why pen testing is the most comprehensive way for schools to find security flaws
- How the pen testing process works
- Why automated pen testing with vPenTest is the ideal solution for budget-conscious schools
Did you miss… Our “How to Use MITRE ATT&CK to Create a Smarter SOC” eBook?DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Unlocking the Power of AV, EDR, and Managed SOC Synergy
Businesses and organizations are constantly on the lookout for effective ways to safeguard their data and infrastructure from cyber threats. Among the most effective strategies to achieve this is through cybersecurity penetration testing, a proactive and comprehensive approach designed to identify and exploit security vulnerabilities in a system, much like a hacker would, but with the intention of strengthening these weaknesses before they can be maliciously exploited. This method stands in contrast to vulnerability scanning, a more automated and surface-level examination aimed at cataloging potential vulnerabilities without delving into the depth of exploiting them. By understanding the intricate process of penetration testing and its distinction from vulnerability scanning, companies can better prepare themselves against the sophisticated cyber attacks that pose a growing threat in today’s digital world.
Excerpted in part from The Network Penetration Testing Buyer’s Guide DOWNLOAD IT>>
Aren’t pen testing and vulnerability scanning the same thing?
Penetration testing and vulnerability scanning may sound similar, but they’re not the same thing.
Vulnerability scanning is a more passive and automated process that identifies and lists known security vulnerabilities in a system or network. The primary purpose is to discover weaknesses in the target, without actively attempting to exploit them. It provides a snapshot of the system’s security posture at a particular point in time.
Penetration Testing (Pen Testing) is a proactive, simulated attack on a system or network to identify and exploit security vulnerabilities. It attempts to exploit vulnerabilities and provides tangible evidence of potential consequences. The primary goal of penetration testing is to determine the potential impact of a successful cyberattack and to help organizations understand how an attacker might breach their security, giving them insight into vulnerabilities that could lead to a genuine breach.
What should you be looking for in an EDR solution? This checklist helps you make a smart choice! GET IT>>
Follow the steps of a penetration test
In network penetration tests, testers make multiple attempts are made to exploit security vulnerabilities with the ultimate goal of gaining access to data and systems. These attempts may include targeting patching deficiencies, authentication weaknesses, misconfigurations and even users (via man-in-the-middle attacks). After the testers score an initial compromise, they will then simulate the actions that bad actors might take like privilege escalation, lateral movement and enumeration of accessible resources to find sensitive data.
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
The Pen Testing Process
The process of a penetration test typically follows a structured methodology with several phases to ensure a thorough evaluation of an organization’s cybersecurity defenses.
Pre-engagement Phase
Define Scope: Clearly define the scope of the penetration test, including determining which systems, networks and applications will be tested.
Set Objectives: Establish specific goals and objectives for the test, such as identifying vulnerabilities, assessing the effectiveness of security controls or testing incident response procedures. There may be several goals for a penetration test that can be accomplished together.
Obtain Authorization: Written authorization from the organization’s management to conduct the test should be obtained to avoid any legal issues.
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Information Gathering
Reconnaissance: For certain types of tests, information should be collected about the target environment, such as IP addresses, domain names, network architecture and potential entry points.
Open-Source Intelligence (OSINT): Depending on the type of test being conducted, this is the stage for collecting publicly available information about the organization, its employees and infrastructure.
Vulnerability Analysis
Scan and Enumeration: At this stage, testers conduct scans and network enumeration to identify active hosts, services and potential vulnerabilities.
Vulnerability Assessment: Using automated tools and manual techniques, testers will aim to discover and assess vulnerabilities in systems and applications.
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Exploitation
Attempt Exploits: Ethical hackers begin the test by attempting to exploit identified vulnerabilities and gaining unauthorized access to the designated systems or applications.
Escalation: If initial access is achieved, testers may attempt to escalate privileges and gain deeper access within the environment.
Post-Exploitation
Maintain Access: Testers may try to maintain access to the compromised system for further exploration.
Pivoting: Testers may make lateral moves within the network to explore the vulnerabilities of other systems and assess the extent of a potential breach.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Documentation
Record Findings: The testers will carefully document all findings, including successful exploits, vulnerabilities, their severity and the steps taken to find them during the test.
Screenshots and Logs: Capturing screenshots and logs to provide evidence of successful compromises can help add context.
Reporting
Generate a Detailed Report: A comprehensive report will be provided summarizing the test’s findings, including a risk assessment, recommendations for mitigation and the potential impact of successful attacks.
Executive Summary: The report should also provide an executive-level summary of the findings for non-technical stakeholders.
Debriefing
The testing team or representatives will connect with the organization’s stakeholders to discuss the results of the test, answer questions and provide guidance on remediation steps.
Remediation and Follow-Up
Testing experts will work with the organization to prioritize and address the vulnerabilities and weaknesses identified by the test.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Re-test
A company may choose to conduct follow-up tests to verify that vulnerabilities have been remediated effectively.
Final Reporting
The company will be provided with a final report confirming the successful remediation of identified issues and a summary of the security improvements made.
Post-Test Evaluation
Conduct a post-test evaluation to assess the effectiveness of the penetration test process and identify areas for improvement.
That’s it! This process helps uncover weaknesses that bad actors could exploit before they find them so that you can act fast to eliminate them. Many businesses only run pen tests once per year for insurance and/or regulatory compliance, but that’s just not frequent enough to keep up with the rapidly evolving threat landscape. Previously, pen tests were expensive and cumbersome, but not anymore. Today’s automated pen testing solutions like vPenTest from Vonahi are affordable and easy to use, making frequent penetration testing a breeze.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Get the Integrated Security Tools You Need in One Place
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
March 14: Kaseya+Datto Connect Local Security & Compliance Series Lansing REGISTER NOW>>
April 9: Kaseya Security Suite Q2 Product Innovation Update Webinar REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!