The Week in Breach News: 03/27/24 – 04/02/24
This week: AT&T admits that dark web data belongs to their customers, a Maryland city suffers a business email compromise (BEC) loss of over $200k, learn why you need both endpoint detection and response (EDR) and next-gen antivirus (AV), plus four red flags that could indicate a non-malicious insider threat.
Learn about the challenges that MSPs face in 2024 in Datto’s State of the MSP 2024 Report. GET YOUR COPY>>
AT&T
https://www.securityweek.com/att-says-data-on-73-million-customers-leaked-on-dark-web/
Exploit: Hacking
AT&T: Telecom
Risk to Business: 1.741 = Extreme
AT&T has confirmed that a trove of data released on the dark web belongs to its customers. The company said that the data appears to be from 2019 or earlier. This data leak is expected to impact approximately 7.6 million current AT&T account holders and 65.4 million former account holders. The telecom giant also noted that it has not determined whether the data originated from AT&T or one of its vendors, specifying that AT&T does not have evidence of a security breach within its own network at this time.
How It Could Affect Your Customers’ Business: This massive data leak will impact people and companies for years to come as cybercriminals capitalize on the stolen data.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
The City of Frederick (Maryland)
https://www.wfmd.com/2024/03/29/frederick-city-says-its-recovered-from-phishing-wire-fraud-attack/
Exploit: Business Email Compromise
The City of Frederick (Maryland): Municipal Government
Risk to Business: 1.856 = Severe
The City of Frederick, Maryland has disclosed that it experienced a business email compromise (BEC) in November 2023 related to a municipal construction project. Officials said that bad actors capitalized on a project to retrofit an existing municipal building, the William Donald Schaefer Building, into a police department headquarters. The saga began with a phishing attack that resulted in a fraudulent wire transfer that cost the city $280,000. The city says its network security was never compromised during the attack. The municipal government was able to recover the money minus a $50,000 insurance deductible.
How It Could Affect Your Customers’ Business: The city was able to recover most of the money through insurance but lost $50k immediately to the deductible and will pay even more for incident response later.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Carolina Foods
https://www.qcnews.com/charlotte/charlotte-honey-bun-maker-hit-with-ransomware-attack/
Exploit: Ransomware
Carolina Foods: Snack Food Company
Risk to Business: 1.721 = Severe
Victory is sweet for cybercriminals after a ransomware attack on snack maker Carolina Foods. The Black Basta gang has claimed responsibility for the attack, claiming it snatched 450 gigabytes of company data. No ransom demand was publicized. The company has not commented on any impact that this incident may have on its operations or production of treats like its famous honey bun.
How It Could Affect Your Customers’ Business: Food companies are prime targets for ransomware attacks because of the time-sensitive nature of their business.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Hot Topic
Exploit: Credential Stuffing
Hot Topic: Retailer
Risk to Business: 2.103 = Severe
Fast fashion retailer Hot Topic is informing customers that they may have had data exposed as the result of a credential stuffing attack. In a data breach notice, the retailer said that the attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source on two occasions: November 18-19 and November 25, 2023. Customers may have their name, email address, order history, phone number, the last four digits of a payment card, date of birth and mailing addresses. Hot Topic said it has been working with cybersecurity experts in its investigation.
How It Could Affect Your Customers’ Business: Credential stuffing is powered by the vast quantities of credentials available on the dark web, making dark web monitoring essential.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Activision
Exploit: Malware
Activision: Video Game Publisher
Risk to Business: 2.202 = Moderate
Activision is alerting customers that they should reset their passwords after bad actors published a database of login data they stole using infostealer malware. The malware has impacted users of various gaming websites, including players that use cheat codes and pay-to-cheat services. At least 12 gaming-related outfits had data exposed in this database including Discord with 14 million entries, Battlenet with 3,662,647 entries and Activision with 561,183. The malware was distributed in a variety of ways. In one instance, malware was attached to some free or cheap software advertised to Call of Duty users.
How it Could Affect Your Customers’ Business: Ransomware isn’t the only malware threat that businesses face, and it pays to be prepared for other types like infostealers or wipers.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Giant Tiger
https://www.cbc.ca/news/business/giant-tiger-customer-data-breach-1.7154572
Exploit: Supply Chain Exposure
Giant Tiger: Discount Retailer
Risk to Business: 2.376 = Severe
Canadian discount retailer Giant Tiger says contact information for some of its customers was compromised in a data breach at one of its vendors. In an email to customers, Giant Tiger said that it confirmed that the unnamed service provider experienced a security incident on March 4, 2024, and concluded that customer information was involved by March 15. Customers may have had names, emails, addresses and phone numbers exposed. The company assured customers that no payment information or passwords were involved.
How it Could Affect Your Customers’ Business: Cyberattacks on business service providers are opening the organizations they serve up to data security and cybersecurity trouble.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
UK – The Communications Workers Union (CWU)
https://www.theregister.com/2024/03/25/cwu_security_incident/
Exploit: Hacking
The Communications Workers Union (CWU): Trade Union
Risk to Business: 1.866 = Severe
The UK-based trade union Communications Workers Union (CWU) has disclosed that it is working to mitigate a cyberattack. Union officials first described the incident as an IT outage but later admitted that it was a cyberattack. Officials also said that some servers have been taken offline as a precaution and its email system is unavailable. A source told The Register that finance, payroll and membership information was compromised in the attack, but this was not confirmed by CWU. The union has an estimated 185,000 members including tech and telecom workers.
How it Could Affect Your Customers’ Business: This could be a bountiful information harvest for bad actors because organizations like this one hold a lot of member data.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
UK – The Big Issue
https://therecord.media/ransomware-gang-attacks-big-issue-street-paper
Exploit: Ransomware
The Big Issue: Newspaper
Risk to Business: 2.602 = Moderate
The Big Issue, a UK street newspaper sold by the unhoused, has confirmed that it has been impacted by a ransomware attack by the Qilin group. The bad actors added the publication to its dark web forum, claiming that it stole 550 gigabytes of confidential data including files related to commercial and personnel operations. The publisher said that it has engaged an external IT expert as well as working with the National Cyber Security Centre and the Metropolitan Police, to investigate the attack.
How it Could Affect Your Customers’ Business: It’s unfortunate when cybercriminals hit non-profits and service organizations, but they’re just as at-risk for cyber trouble as businesses
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Datto AV is built to fight next-gen cyber threats
Viruses were one of the top five cybersecurity issues that businesses faced last year. To fight back, every organization needs Datto AV is the ideal antivirus solution for every business. Learn how Datto AV makes the most of AI, machine learning and the latest in threat intelligence to proactively identify and block zero-day and polymorphic threats. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Achieve complete endpoint security with AV and EDR
Ready to achieve complete endpoint security? The combination of next-gen antivirus (AV)and endpoint detection and response (EDR) is the perfect recipe for solid endpoint security that’s capable of handling today’s threats and whatever comes next. Learn about the differences between the two technologies and why AV and EDR are the perfect combination in our infographic. GET THE INFOGRAPHIC>>
Did you miss… our infographic The 5-Minute Guide to Phishing Attacks and Prevention? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Can You Spot (and Stop) a Non-Malicious Insider Risk?
In the intricate web of modern business operations, unintentional or accidental insider risks represent a nuanced challenge, often overlooked amidst more conspicuous cybersecurity threats. These risks stem from well-meaning employees who, through oversight or lack of awareness, become unwitting conduits for security breaches, data leaks or compliance violations. As organizations navigate the digital transformation, the proliferation of remote work, cloud services and complex IT environments has exponentially increased the avenues through which such accidental exposures can occur, increasing accidental insider risk for businesses.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Non-malicious employee behaviors that spell trouble
The following employee behaviors are most likely to increase an organization’s accidental insider risk factor, which could inevitably lead to a devastating cybersecurity incident. 2 out of 3 insider threat incidents are caused by negligence.
- Sharing passwords, especially privileged passwords.
- Reusing, recycling or never changing passwords.
- Writing passwords down (either electronically or on paper).
- Careless data handling, like sending sensitive data to the wrong recipient.
- Fear of asking for help or clarification regarding possible threats like phishing.
- Not adhering to security protocols properly.
- Ignorance of common threats due to lack of security awareness.
- Time pressures that increase the chance for a mistake.
- Using external storage devices without following the company’s security policies.
- Employees unintentionally misconfiguring security settings on their corporate devices.
- Using personal devices for work-related tasks.
- Syncing personal accounts to office computers.
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Four red flags that indicate insider threats
The four employee behaviors that drive non-malicious insider risk aren’t hard to spot but they can be difficult and expensive to overcome unless a company is making all the necessary security moves.
1. Carelessness about phishing
Clicking on a phishing email is the most likely way an employee will cause a security breach. According to IT Governance UK:
- In 2023, 36% of all data breaches involved phishing.
- About 90% of all ransomware attacks begin with an employee interacting with a phishing email.
- Millennials and Gen Z employees are more likely to fall for a phishing email.
2. Problematic password behavior
Passwords are one of the most difficult assets for a business to keep secure unless proper precautions are taken. Employee password attitudes and behaviors are a portal to insider risk.
- By the end of 2022, credential theft had cost companies over $4.6 million dollars.
- More than 60% of employees reuse the same password for their corporate and personal accounts.
- Over 59% of American employees use a person’s or a relative’s name or birthday as their password.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
3. Fear and ignorance around cybersecurity
No company benefits when employees are afraid of the consequences of reporting a blunder or don’t have the security expertise to know they’ve made one. This is a result of poor security awareness training. An estimated 45% of respondents in a HIPAA Journal survey said that they don’t need to worry about cybersecurity safeguards because they don’t work in the IT department.
- Employees report about 2% of all known attacks to their security team.
- Employees assume that a peer may have reported suspicious emails as phishing instead of doing their part to minimize risk.
- Employees don’t realize they might be the only target of an attack and leave it to someone else to raise an alarm.
4. Employee propensity for errors
The primary cause of all cybersecurity incidents isn’t malicious actions by employees or hacking. It’s employee error. According to Verizon’s 2023 Data Breach Investigations Report, human error is responsible for an estimated 74% of all breaches. Here’s a list of some of the most common blunders that employees make.
- Entering credentials on a phishing site
- Downloading a dodgy attachment
- Sending someone the wrong file
- Sharing login credentials with another employee
- Writing down a password
- Falling for a social engineering scam
- Clicking on a malicious link
- Visiting a dangerous website
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Factors that increase ( and decrease) employee error probability
There’s always a chance an employee will make an error like mishandling data. An organization should expect this and prepare for it. Regardless, however, certain circumstances within a business lead to the increased likelihood of employees making an error. Employees are more likely to make an error if:
- They don’t know what a threat looks like.
- They’re experiencing undue stress, distraction or time constraints.
- They don’t feel confident in judging a threat.
- They’re afraid of technology.
- They don’t know who to ask for help.
- They fear losing their job or getting demoted.
- They don’t know how to report a problem.
- They have little to no security awareness training.
- They don’t have the right tools to stop an incident.
- They take IT security a little too lightly.
Every organization has access to the top tool for preventing this kind of cybersecurity trouble: Security awareness training that includes phishing simulation. Companies that engage in regular security awareness training have 70% fewer security incidents. When employees are informed about safe data handling and proper cybersecurity procedures, they develop the confidence that transforms them from security risks into security assets, helping companies boost their cyber resilience by fostering a strong security culture.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Kaseya’s Security Suite helps IT pros mitigate all types of risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Security Suite Q2 Product Update Webinar
April 9 | 10 AM ET | 7 AM PT | 2 PM GMT
Join us to find out about the latest advancements in our suite of cybersecurity solutions. Learn about innovations and integrations in Datto EDR, RocketCyber Managed SOC, Graphus, BullPhish ID, and Dark Web ID. Plus, discover the benefits of our new next-generation antivirus Datto AV. REGISTER NOW>>
April 9: Kaseya Security Suite Q2 Product Innovation Update Webinar REGISTER NOW>>
April 11: Kaseya+Datto Connect Local Vancouver REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!