The Week in Breach News: 03/13/24 – 03/19/24
This week: Thousands have personal data stolen in a cyberattack on a mortgage company, 11 email accounts compromised at IMF, Scotland’s NHS has a data breach and a step-by-step guide to assessing an organization’s penetration testing needs.
Nations Direct Mortgage
https://therecord.media/nations-direct-mortgage-data-breach
Exploit: Hacking
Nations Direct Mortgage: Lender
Risk to Business: 1.341 = Extreme
Nations Direct Mortgage said more than 83,000 customers were affected by a data breach in which bad actors gained access to sensitive information. The company said it discovered a cybersecurity incident on December 30, 2023, that prompted an investigation. It ultimately determined that an unauthorized party obtained customer data including a customer’s name, address, social security number and unique Nations Direct loan number. Victims will be given two years of identity protection services from Kroll.
How It Could Affect Your Customers’ Business: Cybercriminals have been continuing to pressure targets in the financial sector, and not all of those targets are banks.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
International Monetary Fund (IMF)
https://therecord.media/imf-february-cyberattack-email-accounts-compromised
Exploit: Hacking
International Monetary Fund (IMF): United Nations Agency
Risk to Business: 1.766 = Severe
A February 2024 cyberattack resulted in the compromise of 11 email accounts at the International Monetary Fund (IMF). Officials said that the incident occurred on February 16. IMF noted that it sought the help of independent cybersecurity experts, and their investigation determined that 11 accounts were compromised and assisted IMF in limiting the spread of the problem. A spokesperson stressed that these were not email addresses used by its top officials.
How It Could Affect Your Customers’ Business: This was a lucky break for IMF. Hackers only have to gain access to one strategic user account to do big damage fast.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Scranton School District (Pennsylvania)
https://therecord.media/pennsylvania-scranton-school-district-ransomware-attack
Exploit: Ransomware
Scranton School District (Pennsylvania): Regional Education Authority
Risk to Business: 1.801 = Severe
Schools in Pennsylvania’s Scranton School District were impacted by a cyberattack last week. The district said on social media that it is experiencing widespread technology outages as a result of the attack. Students in many areas have been unable to connect to school networks and forced to resort to old-fashioned paper and pencil. School officials also noted that some files are unavailable. The district is investigating the incident with a third-party forensics firm.
How It Could Affect Your Customers’ Business: Schools have been the top target for ransomware attacks for the last few years, putting sensitive student data and learning at risk.
Kaseya to the Rescue: Our infographic The Top Cyberthreats Schools Face and How to Stop Them helps faculty and staff understand the dangerous cyber risks that K-12 schools face. DOWNLOAD IT>>
Encina Wastewater Authority (EWA)
https://thecyberexpress.com/encina-wastewater-authority-cyberattack/
Exploit: Hacking
Encina Wastewater Authority (EWA): Utility
Risk to Business: 1.803 = Severe
The Encina Wastewater Authority (EWA) in Carlsbad, California has disclosed that it has been the victim of a ransomware attack. EWA serves over 379,000 residents and businesses across North San Diego County, California covering a 125-square-mile area. BlackByte has claimed responsibility for the attack and posted sample data to its dark web leak site as proof. EWA’s website did not go down, leading to cybersecurity experts suggesting that the gang may have penetrated the organization’s backend systems or databases instead of its visible spaces.
How It Could Affect Your Customers’ Business: Infrastructure like water treatment plants are prime cyberattack targets, creating a need for sophisticated cyber defenses.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
The Office of the Colorado State Public Defender
https://statescoop.com/colorado-ransomware-personal-data-february-cyberattack/
Exploit: Ransomware
The Office of the Colorado State Public Defender: Government Agency
Risk to Business: 1.702 = Severe
The Office of the Colorado State Public Defender has announced that it has experienced a data breach as the result of a February 9 ransomware attack. The agency said that it was forced to shut down systems after detecting the malware. Officials cautioned that some personal client data was exposed but could not offer any specifics. Public defenders were prevented from accessing case information, which prompted a flurry of requests for postponements that could result in a backlog of cases across Colorado.
How it Could Affect Your Customers’ Business: A ransomware attack like this could lead to the exposure of very sensitive information about court cases.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Scotland – National Health Service (NHS Dumfries and Galloway)
https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-galloway
Exploit: Ransomware
National Health Service (NHS Dumfries and Galloway): Government Agency
Risk to Business: 2.576 = Moderate
Scotland’s National Health Service (NHS) has announced that NHS Dumfries and Galloway has experienced a cyberattack. Officials say that patients may have had sensitive data exposed in the incident, but no services have been disrupted. NHS said that it is cooperating with a variety of agencies to investigate the incident including Police Scotland, the National Cyber Security Centre and the Scottish Government. Dumfries and Galloway is a region in the south of Scotland with a population of about 150,000 people.
How it Could Affect Your Customers’ Business: Attacks on healthcare providers can be very dangerous for the communities they serve.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
France – France Travail
Exploit: Hacking
France Travail: Government Agency
Risk to Business: 1.566 = Severe
France’s unemployment authority France Travail has disclosed that it has experienced a data breach. The agency said that hackers broke in between February 6 and March 5 and stole details belonging to job seekers who registered with the agency in the last 20 years. Individuals’ job candidate profiles were also exposed. The data that has been exposed includes a job seeker’s full name, date of birth, place of birth, social security number (NIR), France Travail identifier, email address, physical address and phone number. Officials stressed that people’s bank details or account passwords were not compromised.
How it Could Affect Your Customers’ Business: 20 years of data from a large government agency is a treasure trove for bad actors.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Japan – Fujitsu
Exploit: Malware
Fujitsu: Technology Company
Risk to Business: 2.602 = Moderate
Japanese tech giant Fujitsu has determined that some of its systems were infected by malware. The company said that files containing personal information and information related to customers were stolen. In a statement, the company said A Fujitsu spokesperson said that the company has quickly shut down systems to limit the spread of the unidentified malware. Fujitsu has informed the Personal Information Protection Commission about the incident.
How it Could Affect Your Customers’ Business: Ransomware isn’t the only dangerous type of malware that businesses face; nasty surprises like wiper malware are also out there.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Did You Register for Kaseya’s Security Suite Q2 Product Innovation Update Webinar Yet?
Security Suite Q2 Product Innovation Update Webinar | April 9| 10 AM ET | 7 AM PT | 2 PM GMT
We’ve got so much going on, and we can’t wait to share it all with you! Get the first look at innovations and enhancements for Datto EDR, RocketCyber Managed SOC, Graphus, BullPhish ID and Dark Web ID. Plus, get a look at our new next-gen antivirus solution Datto AV.
Don’t wait – Secure your spot for our Q2 Product Innovation Update Webinar right away!
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
A Comprehensive Guide to Email-based Cyberattacks
Email is the top threat vector for cyberattacks against businesses in every sector. But there are steps that businesses can take to mitigate their risk. Many email-based attacks can be prevented by understanding the attackers’ techniques and preparing a strategy against them.
Download this eBook to learn about different types of email-based cyberattacks and how you can protect your organization from trouble. DOWNLOAD IT>>
Did you miss…The Educator’s Handbook to Network Pentesting? DOWNLOAD NOW>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
How to Assess an Organization’s Pen Testing Needs
As cyber threats become increasingly sophisticated and pervasive, organizations across the globe are recognizing the critical need for robust cybersecurity measures. Among the most effective strategies to enhance an organization’s defense against cyber attacks is penetration testing—a simulated cyber attack against your own network to check for exploitable vulnerabilities. However, determining the specific penetration testing needs of an organization and evaluating the myriad of testing solutions available can be a daunting task. This introductory exploration seeks to demystify the process, offering insight into how businesses can assess their unique cybersecurity challenges and navigate the complex market of penetration testing services. By understanding the key factors that influence these decisions, organizations can make informed choices that bolster their defenses and ensure their digital assets remain secure in a landscape marked by ever-evolving threats.
Excerpted in part from The Network Penetration Testing Buyer’s Guide DOWNLOAD IT>>
Why should MSPs offer pen testing?
Traditionally, penetration testing was expensive and time-consuming, requiring special tools and specialized personnel. But not anymore. Recent progress in AI and automation has benefitted both bad actors and defenders. Fortunately, these advances effectively removed the obstacles MSPs used to face when thinking about incorporating services such as penetration testing into their security offerings. AI-powered tools are now capable of emulating the tactics, techniques, and procedures (TTPs) of actual attackers, including seamless adaptation to various environments and the identification of previously hard-to-find vulnerabilities.
Through pentesting, MSPs gain detailed insights into an organization’s specific security landscape. This enables them to tailor security strategies and solutions to precisely fit the needs of their clients, enhancing overall protection. Adding pentesting to their security stack not only helps MSPs protect their clients against the evolving landscape of cyber threats but also positions them as essential partners in their clients’ efforts to maintain robust, compliant, and efficient cybersecurity defenses.
What should you be looking for in an EDR solution? This checklist helps you make a smart choice! GET IT>>
Steps for Assessing an Organization’s Pen Testing Needs
Every organization’s pen testing needs are unique. These steps can help IT professionals ensure that they’ve taken the right steps to determine what their organization needs from a pen testing solution.
Identify organizational goals and requirements
Define clear objectives for the test, like meeting compliance requirements, risk mitigation, improving incident response or overall security enhancement. There may be multiple objectives that can be achieved in the same test.
Assess network complexity and size for scalability
Determine the critical assets in your network, such as customer data, intellectual property, or financial information. Focus testing efforts on protecting these assets. The scalability of the chosen solution should match your network’s complexity and size, especially if your organization is expanding.
Consider compliance and industry-specific regulations
Compliance is crucial. Ensure your chosen solution for penetration testing aligns with regulatory requirements in your industry, such as GDPR, HIPAA, or PCI DSS.
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Scope the testing engagement
Define the scope of your penetration testing project by specifying the systems, networks and applications to be tested. Clear scoping ensures a focused and effective assessment.
Set a budget and get quotes
Explore the cost factors associated with penetration testing, including initial testing, ongoing assessments and potential remediation costs. Weigh the cost-effectiveness of automated solutions against manual testing services. Request quotes from potential providers and compare them based on your budget and objectives. A small investment in a pen testing solution now could lead to major savings and a major security boost down the road.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Evaluating Network Penetration Testing Methods
In the ever-evolving landscape of network security, choosing the right network penetration testing solution or provider is very important. These factors should guide your decision.
In-house vs. third-party testing
Decide whether to perform penetration testing in-house or hire a third-party provider. Consider factors like cost, expertise and objectivity. Advanced technology like automation makes it easy for businesses to save money by doing pen testing in-house.
Experience and certifications
Evaluate potential providers based on their qualifications, certifications and expertise in network penetration testing. Look for a provider with a proven track record. Seek references and case studies to gauge their capabilities.
Testing methodologies and techniques
Evaluate the range of testing methodologies and techniques the provider employs to ensure thorough assessment and coverage. Ensure that the solution offers a wide range of testing methodologies, including external and internal assessments, to provide a holistic view of a network’s security posture. It should cover vulnerabilities in systems, applications and configurations
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Reporting and analysis
Comprehensive, easy-to-understand reporting is crucial for both accurately finding vulnerabilities and proving the value of testing to budget controllers. Look for detailed reports that clearly outline identified vulnerabilities, their severity and recommended remediation actions.
Compliance alignment
Verify that the provider or solution aligns with industry standards and compliance requirements specific to the organization’s sector. A network penetration testing solution should assist in meeting regulatory obligations and support your organization’s compliance efforts.
Ease of deployment
Streamlined deployment processes are essential. The solution should be user-friendly, easy to integrate with your existing network, and minimize disruption to your operations.
Ongoing support and guidance
Cyber threats evolve rapidly, and bad actors discover and exploit new vulnerabilities every day. Choose a vendor or service provider with a reputation for innovation and excellent communication to ensure that they take a proactive approach to support that addresses emerging vulnerabilities and provides guidance into strengthening a company’s network security over time.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
vPentest makes pen testing easy and affordable
The right penetration testing solution can significantly improve an organization’s security posture and help businesses bolster cyber resilience. Buth finding the right solution may seem like a daunting task. Fortunately, one penetration testing solution stands out from the pack by offering all of the right features at a surprisingly affordable price.
vPenTest from Vonahi offers businesses an array of unbeatable benefits to help them stay ahead of bad actors and quickly find security flaws like vulnerabilities. Some of the major advantages include:
- Making it easy to find and fix problems faster by conducting internal or external network penetration testing monthly instead of annually.
- Saving more than 60% of the cost of a traditional or manual network penetration test.
- Real-time monitoring of network penetration testing and its progress.
- Meeting compliance requirements for regulated industries, like PCI-DSS, HIPAA, SOC2 and cyber insurance requirements.
- Peace of mind knowing that vPenTest is backed by OSCP and OSCE-certified consultants with over 10 years of experience.
Learn more about vPenTest LEARN MORE>>
Download a data sheet about vPenTest DOWNLOAD IT>>
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
March 27: Unraveling Cyber Warfare: Offensive vs Defensive AI Tactics REGISTER NOW>>
April 9: Kaseya Security Suite Q2 Product Innovation Update Webinar REGISTER NOW>>
April 11: Kaseya+Datto Connect Local Vancouver REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!