The Week in Breach News: 03/14/23 – 03/21/23
This week: The Cl0p ransomware gang goes on a zero-day exploitation spree, a supply chain attack nets trouble for the NBA, a data breach at Australia’s Latitude Financial, a new checklist to help mitigate email-based cyberattack risk and a deep dive into the risks that today’s dark web presents for businesses.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Essendant
Exploit: Ransomware
Essendant: Office Supply Retailer
Risk to Business: 1.702 = Severe
Essendant, a wholesale distributor of office products, has disclosed that it is experiencing a significant and ongoing outage due to ransomware that knocked the company’s operations offline. The LockBit ransomware group had claimed responsibility for the attack, adding Essendant to its dark web leak site on March 14, 2023. Essendant’s network outage began around March 6 and has impacted many facets of the company’s operations including placement and fulfillment of online orders as well as freight carrier pickups. No ransom amount was specified.
How It Could Affect Your Customers’ Business: Suppliers and service providers have been squarely in cybercriminal sights.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
U.S. National Basketball Association (NBA)
Exploit: Misconfiguration
U.S. National Basketball Association (NBA): Sports League
Risk to Business: 2.711 = Moderate
The U.S. National Basketball Association (NBA) is notifying fans of a data breach after some of their personal information was found to have potentially been exposed through a contractor for the league. A breach notice mailed to impacted fans said: “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA.” The third-party contractor has not been named. The NBA reassured fans that its network has not been hacked and that fans usernames and passwords for NBA sites were safe.
How It Could Affect Your Customers’ Business: Supply chain attacks have been consistently rising as cybercriminals look for new ways to squeeze businesses.
ID Agent to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
NorthStar Emergency Paramedic Services
Exploit: Hacking
NorthStar Emergency Paramedic Services: Ambulance Service
Risk to Business: 1.808 = Severe
Tuscaloosa, Alabama’s NorthStar Emergency Paramedic Services has informed patients that their information may have been exposed in a hacking incident. In an announcement on its website, the service told customers that on September 16, 2022, NorthStar discovered unusual activity on its network. Investigators determined that a threat actor had gained access to patient information. Patient data that may have been exposed includes individuals’ names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number and/or health insurance information. Impacted patients have been informed by letter.
How It Could Affect Your Customers’ Business: Even a small healthcare sector business will incur a big fine if they have an information security issue.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Belgium – Centre Hospitalier Universitaire (CHU) Saint-Pierre
https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre
Exploit: Hacking
Centre Hospitalier Universitaire (CHU) Saint-Pierre: Medical Center
Risk to Business: 1.623 = Severe
Centre Hospitalier Universitaire (CHU) Saint-Pierre in Brussels experienced a major disruption last week as the result of an unnamed cyberattack. The incident led to ambulances being diverted and staffers were forced to resort to old-school paper records because of a systems outage that lasted for several days. The hospital managed to get its servers back up and running over the weekend. An investigation into the incident is ongoing and appropriate law enforcement authorities have been notified. The hospital’s website remained unavailable on Monday.
How It Could Affect Your Customers’ Business: IBad actors know that hospitals are time-sensitive institutions, making them especially attractive ransomware targets.
ID Agent to the Rescue: Dark web data and other dark web-related risks are big threats to businesses. Learn more about them in our infographic 5 Ways the Dark Web Can Harm Businesses. GET IT>>
The Netherlands – Royal Dirkzwager
https://securityaffairs.com/143714/cyber-crime/play-ransomware-royal-dirkzwager.html
Exploit: Ransomware
Royal Dirkzwager: Maritime Logistics Company
Risk to Business: 2.899 = Moderate
Dutch maritime logistics firm Royal Dirkzwager has been struck by a ransomware attack by the Play ransomware group. The company was added to Play’s leak site over the weekend, with 5G of sample data provided as proof of the hack. The group claims to have snatched proprietary data as well as personal confidential data like employee IDs, passports and contracts. The company confirmed the attack but did not say whether or not they planned to pay a ransom, also saying that they have notified the Dutch Data Protection Authority.
How it Could Affect Your Customers’ Business: Shipping companies, both on land and by sea, have become favored targets for cybercriminals in the last two years.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Switzerland – Hitachi Energy
https://securityaffairs.com/143640/data-breach/hitachi-energy-data-breach.html
Exploit: Hacking
Hitachi Energy: Energy Technology Company
Risk to Business: 1.709 = Severe
Hitachi Energy is the latest company to admit that they fell victim to an attack by the Cl0p ransomware group. The gang has been on a spree, exploiting a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. Cl0p claims to have breached more than 130 organizations through the vulnerability. California-based digital bank Hatch Bank, healthcare provider Community Health Systems and cybersecurity firm Rubrik have publicly admitted to being hit in that wave of attacks. Hitachi said that the incident may have resulted in the exposure of employee personal data but not consumer data, and that its network operations were not impacted.
How it Could Affect Your Customers’ Business: Infrastructure targets are constantly at risk, and bad actors discovering a zero-day exploit doesn’t help the cause.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Australia – QIMR Berghofer
https://www.abc.net.au/news/2023-03-20/australias-largest-cancer-survey-hit-by-data-breach/102105720
Exploit: Supply Chain Attack
QIMR Berghofer: Medical Researcher
Risk to Business: 1.711 = Severe
Patients who participated in Australia’s largest skin cancer study are learning that their personal data may have been accessed by bad actors as part of a data security incident at a third-party contractor for the medical research company QIMR Berghofer. Servers owned and operated by Datatime, a technology company hired by QIMR Berghofer to scan and process surveys, were hacked, resulting in the personal data of an estimated 1,000 Australians becoming exposed. Impacted patients may have had data including their name, address and Medicare numbers accessed by cybercriminals. Datatime maintained that it intended to delete the survey data after 12 months, but hackers struck before that time had elapsed.
How it Could Affect Your Customers’ Business: A hack like this scores medical data and personal data at the same time, giving bad guys two valuable commodities on the dark web.
ID Agent to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
Australia – Latitude Financial
Exploit: Credential Compromise
Latitude Financial: Financial Services Firm
Risk to Business: 1.473 = Extreme
Consumer credit and finance provider Latitude Financial said it has been the victim of a hacking incident. The company provides consumer finance services to a variety of retailers including Harvey Norman, JB Hi-Fi and The Good Guys. Latitude has disclosed that bad actors made off with the identification documents of 328,000 consumers including the driver’s license details of about 100,000 customers. Reports say that Latitude’s network was breached directly, enabling bad actors to gain access to two of Latitude’s service providers. The incident is ongoing, and Latitude has admitted that the scope of the stolen data may grow.
How it Could Affect Your Customers’ Business: Credential compromise inevitably leads to bad outcomes like this expensive, damaging disaster.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
Register Now for the ID Agent & Graphus Q2 Product Update
Tuesday, April 11, 2023, 10:00 AM ET & 6:00 PM ET
The Q2 ID Agent and Graphus Product Update is the Product Management team’s opportunity to share with our customers the newest innovations and integrations coming to our security products, including BullPhish ID, Dark Web ID, Passly and Graphus.
This action-packed webinar will present the new features and enhancements that were delivered in Q1, the reasons behind our roadmap decisions and preview of what’s to come in Q2 and for the rest of the year.
Beyond the roadmap, we’ll have micro-demos of the new capabilities, exclusive previews of upcoming features and a robust Q&A session.
Tune in to learn more about:
- BullPhish ID: Individual user reports, user synchronization with IT Glue, centralized custom email templates, and new training courses
- Graphus: New MS 365 Activation Wizard and the upcoming Graphus Spam Filter
- Dark Web ID: Implementation of new data related to breaches and breach context and improvements to Kaseya One SSO
- Passly: Active / Azure directory syncing (aka AUSI)
- UI improvements to create a uniform look and feel across all products, and more
We can’t wait to share all of these exciting updates with you — be sure to register today to reserve your spot! REGISTER NOW>>
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
NEW CHECKLIST! Preventing Email Based Cyberattacks
Email is the most likely way for an employee to come into contact with a cyberattack attempt. But some innovative technologies can mitigate cyber threats before they harm an organization. This checklist helps IT professionals ensure that they’ve got the right protection in place to handle email-based cyberattack risk. GET YOUR CHECKLIST>>
Did you miss… The IT Professional’s Guide to the Dark Web? DOWNLOAD THIS EBOOK>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
How Can the Dark Web Hurt Businesses Today?
The dark web is often seen as a mysterious place. Sometimes, it is used for legitimate reasons by people like dissidents and journalists who want to keep their business and their identities secret. But more commonly, this shadowy part of the internet is the domain of cybercriminals, nation-state threat actors and other shady characters — and most of these players engage in activities that can harm businesses. In our new eBook The IT Professional’s Guide to the Dark Web we’ll explore today’s dark web, who uses it, what they use it for and what’s for sale in dark web markets. We’ll also look at the biggest risks the dark web presents for businesses. Learning more about the dark web and its booming economy will help you understand the perils your organization faces, making it easier to find the right solutions and strategies to mitigate dark web danger.
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
4 Ways the Dark Web Can Hurt Businesses
The dark web is the point of origin for many of today’s most nasty and damaging cyberattacks. Cybersecurity Ventures predicts that global cybercrime costs will grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. These are four of the most common hazards that businesses face from the dark web.
Stolen credentials
One of the biggest dangers to businesses from the dark web is the danger of credential compromise. Initial access brokers specialize in selling credentials that unlock the door to companies. Sometimes they gain those credentials from malicious insiders or former employees. In other cases, bad actors buy or obtain huge lists of credentials stolen in other breaches. They are often used in credential stuffing attacks — a cyberattack in which bad actors pelt a company’s defenses with thousands of credentials quickly in the hope that someone at that company has recycled a compromised password. There are more than 24.6 billion complete sets of usernames and passwords in circulation on the dark web, which is four full sets of credentials for every person on earth.
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Insecure operational technology or industrial control systems
Bad actors are hungry for information about businesses’ operational technology (OT) or industrial control systems. Every time that type of data falls into their hands, it makes it easier for them to conduct cyberattacks against infrastructure and manufacturing targets. Nation-state threat actors are interested in this data for their own purposes. Mandiant analysts discovered that one in seven cyberattacks gives the bad guys access to sensitive information about a business’s operation technology or industrial control systems.
Malicious insiders
When an employee wants to harm their employer or make money fast, the dark web is one of the first places they turn. Malicious insiders have many profitable options on the dark web, including selling their legitimate credentials or peddling company’s proprietary data, customer lists or intellectual property. Malicious insider actions are responsible for an estimated 25% of confirmed data breaches.
Stolen data
Stolen data is fuel for many cybercrimes, and all kinds of stolen data is readily available on the dark web. Cybercriminals aren’t picky. They’ll steal personal data, medical data, customer records, financial information, proprietary data, payment information, intellectual property, trade secrets and just about any other type of data they can get their hands on. For example, nearly 60 million compromised payment card records were posted for sale on dark web platforms in 2022. Some of the data that enters dark web markets can also be used to craft dangerously compelling spear phishing messages.
Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>
How can I protect a business from dark web threats?
It pays for businesses to take smart precautions against dark web threats. Fortunately, mitigating dark web risk is easy and affordable. These solutions can help.
Dark web monitoring
Dark web monitoring helps companies ensure that there aren’t any nasty surprises waiting for them because of dark web data exposure, especially exposed credentials. A best-in-class dark web monitoring solution provides security teams with critical dark web intelligence about compromises of business and personal credentials, including domains, IP addresses and email addresses.
Dark Web ID delves into every corner of the dark web to alert security professionals about trouble fast so that they can take action before the bad guys do. BOOK A DEMO OF DARK WEB ID>>
Security awareness and compliance training + phishing simulation
Phishing is the most likely way that an employee will come into contact with a cyberattack. Phishing is a cottage industry on the dark web, and data that is floating around in dark web forums is often used to fuel phishing attacks. Security awareness training that includes clear explanations of what a phishing attack looks like and phishing simulations that keep employees on their toes are vital tools for reducing employee errors like falling for a phishing message created by cybercriminals.
Look at the benefits you get from BullPhish ID, a top security awareness training platform and the Channel leader in phishing simulation. SEE BULLPHISH ID>>
Automated, AI-powered Anti phishing email security
Since phishing is the most likely way for an employee to encounter a cyberattack, that makes email security a major pillar of any successful defense against cyberattacks. For example, a spear phishing email is the most likely channel for employees to encounter specialized cyberattacks like a business email compromise (BEC) attempt powered by dark web data.
Learn more about how you’ll get a massive defensive upgrade from Graphus at half the cost of the competition. LEARN MORE>>
Managed SOC
A security operations center (SOC) is the nerve center of the security team but setting one up can be costly. That’s why choosing a managed SOC or managed detection and response (MDR) is a smart money move. A managed SOC offers companies with lean security teams the ability to benefit from major cybersecurity expertise to hunt, triage and mitigate cyber security threats including threats that emerge from the dark web without a major hit to their budget.
Find out how you’ll benefit from choosing Kaseya’s Managed SOC service. EXPLORE MANAGED SOC>>
EDR
Endpoint detection and response (EDR) goes hand-in-hand with other security measures like a managed SOC to build defense in depth. With EDR, security pros are able to quickly detect and respond to sophisticated attacks on endpoints, even zero-day attacks that are often developed on the dark web. Plus, ransomware detection helps stave off another nasty dark web threat.
Take a look at the cutting-edge technology at a great price provided by Datto EDR (now including FREE ransomware detection). SEE HOW IT WORKS>>
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
March 23: Kaseya + Datto Connect Local Miami REGISTER NOW>>
March 23: Kaseya + Datto Connect Local The Netherlands REGISTER NOW>>
March 28: Q1 Managed SOC + Datto EDR Product Update Webinar REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Melbourne REGISTER NOW>>
April 11: ID Agent & Graphus Q2 Product Update REGISTER NOW>>
April 18: Kaseya + Datto Connect Local London REGISTER NOW>>
April 24 – 27: Kaseya Connect Global in Las Vegas REGISTER NOW>>
June 26-28: DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!