The Week in Breach News: 03/20/24 – 03/26/24
This week: Roku customers face a spate of account takeover attacks, hackers snatched the data of over 200k people in New Zealand, a new feature in Dark Web ID and a look at five ways an employee becomes an insider risk.
Learn about the challenges that MSPs face in 2024 in Datto’s State of the MSP 2024 Report. GET YOUR COPY>>
MarineMax
https://therecord.media/boat-seller-marinemax-reports-cyberattack-sec
Exploit: Ransomware
MarineMax: Luxury Boat Retailer
Risk to Business: 1.741 = Severe
The Rhysida ransomware group has taken credit for an attack on Maryland-based boat dealer MarineMax. MarineMax announced in a filing with federal authorities that it fell victim to a cyberattack that led to some disruption. The gang claims to have snatched a variety of data from the boat dealer. Rhysida offered proof on its dark web site in the form of a couple of screenshots showing financial documents and spreadsheets. The gang has demanded a 15 bitcoin ($950,000) ransom.
How It Could Affect Your Customers’ Business: Specialty retailers can hold a wide variety of data and they must take protecting it seriously to avoid embarrassment and fines.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Equilend Holdings
Exploit: Ransomware
EquiLend Holdings: Financial Services Company
Risk to Business: 1.766 = Severe
Securities lending platform Equilend Holdings has informed employees and former employees that their data was stolen in a January ransomware attack. The company claims that it first noticed an intrusion on January 22, 2024, and was forced to shut down systems to prevent further spreading on January 24. The LockBit ransomware group has claimed responsibility. Equilend said that all client-facing services were back online, and it did not find evidence that any client transaction data was exposed or stolen.
How It Could Affect Your Customers’ Business: The financial sector has been a top target for years, and every organization in the industry needs to take proactive steps for strong cybersecurity.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Radiant Logistics
https://therecord.media/radiant-logistics-cyberattack-canada-operations
Exploit: Ransomware
Radiant Logistics: Freight Technology Company
Risk to Business: 1.801 = Severe
Washington-based logistics technology provider Radiant Logistics says that it has been forced to shut down many of its systems in Canada due to a cyber-attack. In a regulatory filing, the company said that it first noticed an intrusion in its Canadian systems on March 14, 2024. Radiant Logistics said that upon discovery it immediately isolated its Canadian operations from the rest of its network and engaged the services of cybersecurity and forensics professionals to investigate. Some clients in Canada are experiencing shipping delays that the company claims will be resolved within the week.
How It Could Affect Your Customers’ Business: Cybercriminals have hit many large logistics and trucking companies in the past few years.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Crinetics Pharmaceuticals
https://www.scmagazine.com/brief/crinetics-pharmaceuticals-cyberattack-under-investigation
Exploit: Ransomware
Crinetics Pharmaceuticals: Pharmaceutical Company
Risk to Business: 1.803 = Severe
Lockbit is claiming responsibility for a ransomware attack on Crinetics Pharmaceuticals. The company said that it discovered that bad actors had gained access to its network through a compromised employee email account. The gang is demanding a $4 million payment. Crinetics said that upon discovery of the problem, it enacted its incident response plan and contracted outside cybersecurity experts to investigate. The company specified that the incident has not affected the company’s operations or its discovery and study databases.
How It Could Affect Your Customers’ Business: Cybercriminals can make a profit off of scientific data and research data just as well as personal data.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
The City of Jacksonville Beach (Florida)
https://therecord.media/jacksonville-beach-municipalities-hit-by-cyberattacks
Exploit: Ransomware
The City of Jacksonville Beach (Florida): Municipality
Risk to Business: 1.702 = Severe
The city government of Jacksonville Beach, Florida has disclosed that residents likely had data exposed in a January cyberattack. City officials disclosed that in the January 29, 2024, incident, bad actors may have obtained names, Social Security numbers, driver’s license numbers and bank account information for some employees and customers of Beaches Energy Services. The incident forced City Hall and most city facilities to shut down as well as knocking out employee email and phone systems. LockBit has claimed responsibility for the attack.
How it Could Affect Your Customers’ Business: Because they can’t afford downtime, local and municipal governments are prime targets for threat actors looking to score a quick payday.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Roku
Exploit: Account Takeover
Roku: Streaming Service
Risk to Business: 2.576 = Moderate
Roku is informing customers that it has experienced a data breach. The company has disclosed that bad actors were able to gain access to an estimated 15,000 customers’ credit card information. Roku told regulators that it discovered the intrusion between January 4 and February 21, 2024, and determined that threat actors compromised its network between December 28, 2023, and February 21, 2024. Roku said that “a limited number of accounts” were accessed by bad actors using login credentials obtained from previous breaches of third-party services. Once they gained access, the cybercriminals changed the login information to gain unrestricted access and attempted to purchase streaming subscriptions using the stored credit cards. Roku was quick to reassure customers that the unauthorized actors did not gain access to customers’ Social Security numbers, full payment account numbers, dates of birth or other sensitive personal information.
How it Could Affect Your Customers’ Business: Credit cards are a gold mine for cybercriminals, each selling for about $1 to $10 on dark web marketplaces.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
Spain – Air Europa
https://sg.news.yahoo.com/air-europa-customers-warned-data-112102858.html
Exploit: Hacking
Air Europa: Airline
Risk to Business: 1.566 = Severe
Spanish air carrier Air Europa has experienced a data breach as the result of an October 2023 cyberattack. The airline, Spain’s third largest air carrier, was recently acquired by International Consolidated Airlines Group (IAG). Customers who had data exposed have been informed by letter that their names, dates of birth, nationalities, ID cards, passport information and phone numbers may have been taken by the hackers.
How it Could Affect Your Customers’ Business: Passport data is very valuable for creating and selling stolen identities.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
New Zealand – MediaWorks
Exploit: Hacking
MediaWorks: Advertising Agency
Risk to Business: 2.602 = Extreme
A cyberattack on MediaWorks may have resulted in data exposure for an estimated 403,000 people. The company said that the attack took place on March 14. The perpetrator has been identified as OneERA, who claims they stole 2,461,180 records purportedly containing personally identifiable information (PII) of individuals in New Zealand. The attackers have advertised the sale of MediaWorks’ data including PII and data from other sources like survey responses, videos, music content and electoral information. MediaWorks said that The Privacy Commissioner and police have been notified.
How it Could Affect Your Customers’ Business: As this breach shows, sometimes bad actors can gain access to a wide variety of valuable data in one attack.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
New Feature Lets You Limit Compromise Results to Active Users Only
The Dark Web ID team is excited to announce a significant product enhancement that allows you to filter compromises based on your needs, leveraging a new synchronization with Azure Active Directory. The new Active User Filtering functionality allows directory synchronization with Azure AD. With just a few clicks, you can create a sync between your organization/your client’s organization to receive compromises for existing/active end users only. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The 5-Minute Guide to Phishing Attacks & Prevention
This handy infographic is a quick but thorough rundown of the current state of phishing. It’s ideal for explaining phishing prevention to a company’s employees from the interns to the executive suite. MSPs: This is a quick way to give customers and prospects a basic phishing education. Download it to see:
- How to guard against more sophisticated email attacks
- How to avoid false positives that bog down your IT team
- How artificial intelligence can beat hackers at their own game
Did you miss… A Comprehensive Guide to Email-based Cyberattacks? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Five Ways an Employee Becomes an Insider Risk
The actions that employees take every day have an enormous impact on the security of a company’s IT environment. Sometimes these actions are caused by human error, like mishandling data or getting conned by a phishing email. Sometimes those actions are intentional, like an employee selling their access credentials to a cybercriminal. One bad decision by an employee take can open a business up to trouble like ransomware, business email compromise and other cyberattacks.
But is it fair to just let the IT department take on the full responsibility of safeguarding the enterprise? No. Security is a team sport and everyone in the company needs to be mutually committed to achieving the same goal: maintaining the security of systems and data. Unfortunately, that’s often not at the top of every employee’s priority list, creating negative cybersecurity consequences for their employer.
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Five actions that turn an employee into an insider risk
During the course of their daily activities, employees are frequently faced with making decisions that can positively or negatively impact their company’s security. The following five factors often determine a company’s insider risk level, creating vulnerabilities that cybercriminals are more than happy to exploit.
Making honest mistakes: Human beings make mistakes; it’s inevitable. That’s why the number one cause of a data breach never changes — it’s always human error. Even your most conscientious employees will make security blunders, like sending someone wrong files, setting weak passwords on their devices, like birthdays and names of their pets or accidentally sharing confidential corporate data on a public platform.
Falling for social engineering: Today’s sophisticated phishing scams can be hard for even a vigilant employee to see through. The adoption of AI tools by cyber criminals will make it even harder for employees to detect phishing by eliminating common red flags like language errors. Employees who are not properly trained on phishing techniques are prime targets for social engineering, especially if they’re fearful of the repercussions of missing a message or asking for help.
Inattention: Employees can be inattentive to security protocols when they’re stressed, rushed, overwhelmed or just confused. Those mistakes are understandable. However, employees can also be inattentive to security guidelines because they just don’t take them seriously, and that’s a problem.
Bad credential handling: Credential misuse is one of the fastest ways for a company to suffer a data breach. Employees who are writing down passwords on sticky notes or sharing administrator passwords to eliminate bothersome approval steps are putting the security of their company’s data in danger.
Malicious intent: A disgruntled employee can wreak havoc fast. Take steps to prevent employees from taking data with them when leaving the workplace or exiting the company. Be sure to avoid situations where employees might sell their still functional access credentials on the dark web. Malicious insiders can also directly unleash a cyberattack by deploying malware themselves.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Reduce insider threats by building a strong security culture
A company’s security culture is the attitude of the business and its employees toward cybersecurity. It can be impacted by many factors including corporate priorities, knowledge and implementation of security best practices as well as compliance with the latest security frameworks and regulatory guidelines. In a strong security culture, employees are aware of the importance and impact of maintaining security around data and systems. Those employees are more likely to make smart choices when it comes to security, ensuring their company’s defenses stay as strong as possible and safeguarding its data.
Among the benefits of a strong security culture, as outlined by the UK Centre for the Protection of National Infrastructure are:
- A workforce that is more likely to be engaged with, and take responsibility for, security issues.
- Increased compliance with protective security measures.
- Reduced risk of insider incidents.
- Awareness of the most relevant security threats.
- Employees who are more likely to think and act in a security-conscious manner.
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
5 Essential building blocks for a strong security culture
There are many steps for an organization to take in order to avoid insider risk and empower its people to better protect its IT environment. We’ve listed a few key building blocks below.
Building a strong security culture starts at the top: When the leadership team demonstrates that they take security seriously by modeling smart security behavior, employees will too. Start establishing the foundation of a healthy security culture with these building blocks.
Cybersecurity and phishing awareness training: Nothing fosters a healthy security culture than cybersecurity awareness training for every employee. Security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training.
Prioritize digital security as a success factor: It seems like the most obvious thing to do, yet many companies fail to take the necessary steps and implement effective IT security. It’s frightening to learn that over 36% of Board and C-suite members viewed cybersecurity as only a compliance obligation, and 17% of them failed to view it as a priority. Such mindset only spells trouble in a rapidly evolving threat landscape.
Align IT goals and corporate priorities: Fewer than 20% of CISOs have solid partnerships with business leaders because those focused on the business side often underestimate the complexity of cybersecurity. Even if an organization is a clothing brand, cybersecurity has a vital role in safeguarding its intellectual property and people. CISOs strive to align IT security with the company’s objectives to better relate to business executives.
Commit to raising security awareness: Security awareness training is the cornerstone of establishing a strong security culture that promotes due diligence and vigilance in any organization, ultimately helping an organization resist email-based cyberattacks and other dangers. It goes beyond just being a mere requirement for better compliance management. It helps employees at every level be more alert and responsible about their cyber hygiene and emphasizes accountability. Security awareness training can save a business a lot of cash by preventing cyberattacks.
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Kaseya’s Security Suite helps IT pros mitigate all types of risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Security Suite Q2 Product Update Webinar
April 9 | 10 AM ET | 7 AM PT | 2 PM GMT
Join us to find out about the latest advancements in our suite of cybersecurity solutions. Learn about innovations and integrations in Datto EDR, RocketCyber Managed SOC, Graphus, BullPhish ID, and Dark Web ID. Plus, discover the benefits of our new next-generation antivirus Datto AV. REGISTER NOW>>
March 27: Unraveling Cyber Warfare: Offensive vs Defensive AI Tactics REGISTER NOW>>
April 9: Kaseya Security Suite Q2 Product Innovation Update Webinar REGISTER NOW>>
April 11: Kaseya+Datto Connect Local Vancouver REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!