The Week in Breach News: 03/08/23 – 03/14/23
This week: big breaches at AT&T and Acer, bad actors have some unusual demands for a Ukrainian video game company, Cerebral’s expensive tracking pixel disaster and a look at our previously unpublished data about incident response and recovery plans around the world.
Give your clients 7 lucky tips to secure their data & remind them that they can’t rely on luck to stay safe! GET THE INFOGRAPHIC>>
AT&T
Exploit: Supply Chain Attack
AT&T: Communications Conglomerate
Risk to Business: 1.802 = Severe
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January 2023. The company did not name the vendor, and they were quick to reassure customers that financial data and Social Security numbers were not involved. Impacted customers have been informed that some or all of their Customer Proprietary Network Information (CPNI) has been exposed, including customer first names, wireless account numbers, wireless phone numbers and email addresses. The company said that a small percentage of customers also had additional data exposed including their rate plan name, past due amount, monthly payment amount, minutes used and various other monthly charges. AT&T said that the data was several years old but didn’t specify a time period.
How It Could Affect Your Customers’ Business: Supply chain risk is spinning out of control for businesses, and IT professionals need to be ready to mitigate it fast.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
DC Health Link
Exploit: Hacking
DC Health Link: Health Insurance Marketplace
Risk to Business: 1.702 = Severe
The U.S. Federal Bureau of Investigation (FBI) is investigating a cyberattack on DC Health Link that Left some information exposed for more than 56,000 people including members of Congress. The health insurance marketplace became aware it had been hacked last Wednesday. People whose information was leaked include small business owners, uninsured District residents and lawmakers, including members of Congress and their staff. The data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status.
How It Could Affect Your Customers’ Business: This kind of information security disaster will be a big, expensive and painful mess to clean up.
ID Agent to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes in an infographic. LEARN MORE>>
Cerebral
Exploit: Human Error
Cerebral: Telehealth Provider
Risk to Business: 1.267 = Extreme
Mental health platform Cerebral is informing 3.8 million customers that it has experienced a data breach. The company recently admitted that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok and other third parties on its online services since October 12, 2019. Those pixels had data logging features, resulting in the exposure of sensitive medical information of people who used the provider’s platform to third parties without the customer’s knowledge. Exposed patient information includes a client’s full name, phone number, email address, date of birth, IP address, client ID number, demographic information, self-assessment responses and associated health information, subscription plan type, appointment dates, treatment details, clinical data, and health insurance and pharmacy benefit information. Social Security numbers, credit card information, and bank account information have not been impacted.
How It Could Affect Your Customers’ Business: This debacle is a disaster for Cerebral and will end up costing the company a fortune after regulators get finished with it.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Group 1001 Insurance
https://www.cybersecuritydive.com/news/insurance-holding-1001-restored-ransomware/644330/
Exploit: Ransomware
Group 1001: Financial Services Company
Risk to Business: 2.779 = Moderate
New York-based financial services and insurance holding company Group 1001 has announced that it was the victim of a ransomware attack that impacted some of its member companies. The February 9, 2023, attack snarled operations for several member companies, including Delaware Life Insurance, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity, Clear Spring Property and Casualty and Clear Spring Health. The company said that it did not pay a ransom but offered no specifics about the attacker, noting that they’ve brought in a third-party forensics team to investigate this incident along with the FBI. The Gainbridge subsidiary of Group 1001 was not affected. Operations have since been restored. People who were impacted are being informed by mail.
How It Could Affect Your Customers’ Business: Ransomware attacks against financial industry targets like this have proliferated in the past three years.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Black & McDonald
https://therecord.media/canada-national-defence-black-mcdonald-ransomware
Exploit: Ransomware
Black & McDonald: Defense Contractor
Risk to Business: 1.783 = Severe
Engineering firm Black & McDonald, a major defense contractor for the Canadian military, has been struck by a ransomware attack. Black & McDonald is the parent company of Canadian Base Operators, a contractor for Defence Construction Canada, a contractor that provides facilities management and other military infrastructure across Canada. Canada’s Department of National Defence (DND) told reporters that it was informed of the incident on February 10, 2023. DND does not believe that any sensitive information or systems were compromised. The incident is under investigation, and no ransomware group had claimed responsibility as of press time.
How it Could Affect Your Customers’ Business: Defense contractors and other military service providers are prime targets for ransomware thanks to the data they hold.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
Spain – Hospital Clínic de Barcelona
Exploit: Ransomware
Hospital Clínic de Barcelona: Medical Center
Risk to Business: 1.709 = Severe
The RansomHouse ransomware operation has claimed responsibility for an attack on Hospital Clínic de Barcelona that caused a major disruption to the facility’s operations. All applications and communications remained down over the weekend as hospital staff were forced to resort to manual recordkeeping, slowing care and preventing doctors from accessing patients’ records. Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally. Officials said that three associated medical centers, CAP Casanova, CAP Borrell and CAP Les Corts were also impacted. No information about a ransom demand was available at press time.
How it Could Affect Your Customers’ Business: Ransomware is an especially nasty risk for medical centers that can’t afford downtime, making them a popular target.
ID Agent to the Rescue: The IT Professional’s Guide to the Dark Web helps IT pros learn about dark web threats and cybercrime trends to help them keep businesses out of trouble! DOWNLOAD IT>>
Czech Republic – GSC Game World
Exploit: Hacking
GSC Game World: Videogame Developer
Risk to Business: 2.701 = Moderate
Ukrainian game studio GSC Game World, which moved its headquarters to Prague in response to the Russian invasion of that country, announced on Twitter that it has been the victim of a successful cyberattack, the latest in a series of cyber incidents that has buffeted the game developer. According to GSC Game World, a Russian hacker group known as Vestnik TSS gained access to staff accounts and stole about 30 GB of unpublished content about the game. The group has made some unique demands, saying that they will leak 30 GB of content from the studio’s upcoming Stalker 2 game if they aren’t met by March 15. The hackers are demanding that the company apologize to players in Russia and Belarus, that the game have a Russian translation and that the game’s launch in the region is guaranteed. GSC Game World maintains that it has been the victim of a campaign of ongoing cyber harassment from pro-Russia hackers for months.
How it Could Affect Your Customers’ Business: This incident is interesting because while it doesn’t meet the definition of nation-state cybercrime, it is an attack with political overtones
ID Agent to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Taiwan – Acer
https://www.channelnews.com.au/acer-hit-with-cyberattack/
Exploit: Hacking
Acer: Computer Hardware Manufacturer
Risk to Business: 2.697 = Moderate
Technology giant Acer has confirmed that its servers were breached in a cyberattack in mid-February. However, the company says that no customer data was stolen or exposed in this incident. A hacker has advertised the data for sale on dark web marketplace BreachForums including 655 directories and 2,869 files. The threat actor claims to have snatched confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files.
How it Could Affect Your Customers’ Business: Data pertaining to operational technology (OT) is very valuable, and attacking manufacturers is an easy way for bad actors to get their hands on it.
ID Agent to the Rescue: Show the dollars and cents value of security awareness training with the data you’ll find in our eBook The Business Case for Security Awareness Training. DOWNLOAD IT>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how today’s biggest threats may impact businesses in our security blogs.
- ChatGPT & GPT-3 Power Up Cyberattacks
- 7 Security Solutions That Make Incident Response Faster & Easier
- GPT-3 Makes Phishing Scams Like These Worse
- Why Should Businesses Choose a Managed SOC?
- The Week in Breach News: 03/01/23 – 03/07/23
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
New BullPhish ID User Reports Give You Detailed Campaign Results for Each End User
The BullPhish ID team is excited to announce the availability of new individual user reports that provide the phishing and training campaign status for every end user you manage. You can now easily obtain a single user view for all training/phishing campaigns you manage within a specified period.
To generate an individual user report, select an SMB organization, define a date range and download a CSV report that will display phishing and training campaign results at the user level. The report will contain:
- The names and email addresses of users that have received a campaign within your selected date range
- The training course/phishing kit name followed by the campaign name
- The status of each user/what action they’ve taken and the progress they’ve made with the course/kit
For step-by-step instructions on how to create individual user reports, please check out the BullPhish ID release notes.
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
NEW EBOOK! Explore Today’s Dark Web Threats
In The IT Professional’s Guide to the Dark Web, you’ll gain valuable knowledge to help you mitigate dark web risk. You’ll learn:
- Who the major cybercrime players are and their motivations
- What they’re trading and selling and how much it costs
- How to mount a strong defense against dark web threats to businesses
Did you miss… our NEW infographic 5 Ways the Dark Web Endangers Businesses? DOWNLOAD INFOGRAPHIC>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Are SMBs Around the World Ready to Recover from a Cyberattack?
In today’s volatile cybersecurity landscape, it’s less of a question of “if” a business is hit by a cyberattack and more of a “when”. Constantly rising risk means that every business of every size needs to be ready to handle a cybersecurity incident like a cyberattack and have a plan in place that enables them to smoothly swing into recovery mode and get back to work. But that’s not always the case, and many businesses need help preparing for the worst. In the Datto SMB Cybersecurity for MSPs Report, we asked cybersecurity decision-makers around the world about their organizations’ incident response and recovery plans to give MSPs and other IT security professionals a glimpse behind the curtain into SMB thinking about what to do when disaster strikes.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Only half of businesses are ready for trouble
Over half of the overall respondents said that they have a standard recovery plan ready to go. However, some businesses still need serious help making a recovery plan. About one-quarter of respondents in Germany don’t have a recovery plan in place or don’t know about their company’s recovery plan. Respondents in Australia and New Zealand were the second most likely to say that they didn’t have or know about recovery plans for their company. Organizations in Singapore were most likely to have a best-in-class plan ready. This opens up a world of opportunity for MSPs to guide clients into investing in the resources they’ll need to create or enact a strong recovery plan like BCDR or remote identity and access management tools.
Does your organization have a best-in-class recovery plan in place?
| Recovery Plan Status | US | UK | Germany | The Netherlands | Australia & New Zealand | Singapore |
| We have a best-in-class recovery plan in place | 32% | 25% | 26% | 29% | 26% | 30% |
| We have a standard recovery plan in place | 51 | 55 | 48 | 53 | 52 | 52 |
| We have solutions to protect us, but do not have a formal recovery plan in place | 13 | 13 | 17 | 12 | 15 | 15 |
| We do not have any recovery plan in place | 1 | 2 | 3 | 1 | 2 | 2 |
| I believe my service provider has a recovery plan in place, but I do not know the details | 2 | 3 | 5 | 3 | 4 | 2 |
Source: Datto
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
SMBs around the world face big recovery challenges
Many companies told us that recovery after a cyberattack would be a major challenge or even impossible. About half of our respondents worldwide categorized recovery from a cyberattack as difficult. Even worse, many businesses say they won’t recover at all. Businesses in Australia and New Zealand and Singapore that the grimmest recovery outlooks. There is ample opportunity for MSPs to dive into in this area, like suggesting new solutions to mitigate risk or encouraging clients to invest in security solutions that can also help in an incident response or recovery. upgrades to a client or prospect’s security buildout to make it even stronger.
How easily would your organization recover from a cyberattack?
| Recovery Status | US | UK | Germany | The Netherlands | Australia & New Zealand | Singapore |
| We would recover easily | 41 | 36 | 38 | 32 | 26 | 38 |
| Recovery would be difficult | 46 | 56 | 45 | 53 | 45 | 41 |
| We would not recover | 13 | 8 | 17 | 15 | 28 | 21 |
Source: Datto
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Successful disaster recovery is easier said than done
Recovery of systems and data is the biggest challenge that businesses face in the event of a cybersecurity disaster. This is especially true in a ransomware or wiper malware situation, both risks that should be front and center for every business’s incident response and recovery planning efforts. About one-third of our respondents in the U.S., Germany, Australia and New Zealand and Singapore said that when they’d experienced their last cyberattack, they’d been able to perform full, smooth recovery using backups. However, just under half of respondents worldwide said that they had to reinstall and reconfigure at least some systems to get on the road to recovery. MSPs can provide SMBs with invaluable guidance here to steer their clients toward the help that they need to improve their backup and recovery processes.
How did your organization recover systems and data after experiencing a successful cyberattack?
| Action taken to return to baseline | US | UK | Germany | The Netherlands | Australia & New Zealand | Singapore |
| Performed disaster recovery (DR) and restored everything from full backups | 30 | 28 | 32 | 26 | 30 | 35 |
| Restored a portion of the systems, and reinstalled and reconfigured the rest | 31 | 28 | 29 | 29 | 29 | 28 |
| Reinstalled and reconfigured all our systems from scratch | 21 | 20 | 19 | 25 | 21 | 20 |
| Paid the ransom to have our data decrypted | 3 | 1 | 2 | 2 | 2 | 3 |
| Did not pay the ransom and lost our data completely | 1 | 1 | 3 | 4 | 2 | 2 |
| Paid the ransom but still could not decrypt our data, losing it completely | 1 | 1 | 0 | 2 | 2 | 2 |
| Could not recover and have closed / are closing our business | 1 | 2 | 2 | 1 | 2 | 2 |
| Something else | 1 | 1 | 1 | 1 | 2 | 1 |
| No action was needed | 10 | 16 | 11 | 9 | 9 | 5 |
Source: Datto
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Downtime is punishingly expensive at an average cost of $126k
One of the most expensive and damaging results of a cyberattack is downtime, and about half of our survey respondents experienced it in the past year. Our survey showed that the average cost of downtime worldwide is $126k. Unfortunately, that cost is significantly higher for organizations in Australia and New Zealand ($190k) and Singapore ($175k). The business impact and punishing expense of downtime present MSPs with a profitable pathway to recommend solutions, like making and testing an incident response plan, that can reduce downtime in the case of a security incident. The cost of downtime is also a factor that can be put into play when talking about the value of preventative measures like security awareness training and phishing simulation.
How much downtime did your organization endure after experiencing a successful cyberattack?
| Downtime | US | UK | Germany | The Netherlands | Australia & New Zealand | Singapore |
| None | 11 | 18 | 17 | 9 | 8 | 8 |
| Less than 1 day | 27 | 27 | 20 | 18 | 22 | 21 |
| 1 day | 20 | 19 | 21 | 20 | 18 | 19 |
| 2 – 3 days | 30 | 25 | 31 | 41 | 31 | 31 |
| 4 – 6 days | 8 | 6 | 9 | 8 | 15 | 16 |
| 1 week or more | 4 | 3 | 1 | 2 | 5 | 4 |
| Average | 127 | 65 | 105 | 87 | 190 | 175 |
Source: Datto
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Kaseya’s Security Suite can help businesses mitigate cyber risk affordably.
Our best-in-class security solutions provide big pritection witout a big price tag.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations, featuring an extensive library of security and compliance training videos and plug-and-play or customizable phishing training campaign kits.
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security catches 99.9% of sophisticated phishing threats and deploys in minutes to stand alone or complement Microsoft 365 or Google Workspace at half the cost of the competition.
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence with 24/7/365 monitoring and live dark web search capability to find compromised credentials in seconds. Get fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses.
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered across three critical attack vectors: Endpoint, Network & Cloud. NEW! Ransomware detection is now included!
Datto EDR
Datto Endpoint Detection and Response (EDR) gives MSPs that tools that they need to quickly detect and respond to even the most advanced threats. Isolate hosts, terminate processes, delete files and protect your clients fast right from the dashboard.
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
Here’s Your Pot of Gold: Save on Your Kaseya Connect Global Ticket + New Training
Kaseya Connect is just around the corner! In addition to the amazing networking opportunities, we’re offering education and certifications that can transform your career. We’ve taken our training program to new heights with a first-ever CISSP Level 1: Introduction to Concepts, Techniques & Domains course. Enjoy everything from exam preparation to awesome tools and resources while you study 8 essential CSSIP domains. As a special bonus, you’ll receive an exclusive enrollment rate in FIU’s online CISSP certification program upon completion.
Plus, we’re sweetening the pot: Register now to take advantage of our St. Patrick’s Day Special and get $100 off* the conference pass + training for a limited time only! There are also a limited number of rooms left at the MGM Grand at our special price. Hurry – spots are filling up fast and this offer is only good until March 31
Use code PADDY23 at checkout to claim your special offer!
Does not apply to hotel bundles. Other terms and conditions may apply.
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 8: Security Suite Product Demo Webinar REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 16: Kaseya + Datto Connect Local London REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
June 26-28: DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!