The Week in Breach News: 04/03/24 – 04/09/24
This week: A huge data breach at the U.S. Environmental Protection Agency (EPA), Panera Bread gets burned by a major systems outage, bad actors are unwelcome guests at Omni Hotels, explore the new Microsoft 365 monitoring system in RocketCyber and four tools and technologies to help IT professionals mitigate email-based cyberattack risks.
Learn about the challenges that MSPs face in 2024 in Datto’s State of the MSP 2024 Report. GET YOUR COPY>>
U.S. Environmental Protection Agency (EPA)
https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/
Exploit: Hacking
U.S. Environmental Protection Agency (EPA): Federal Agency
Risk to Business: 1.741 = Extreme
The U.S. Environmental Protection Agency (EPA) has experienced a serious data breach that has exposed multiple types of sensitive data. A hacker group calling itself USDoD told Hackread that it stole personal information from about 8.5 million customers, contacts and contractors, including names, surnames, email addresses, phone numbers, job titles and company names.
How It Could Affect Your Customers’ Business: This massive data leak will impact people and companies for years to come as cybercriminals capitalize on the stolen data.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Panera Bread
Exploit: Ransomware
Panera Bread: Restaurant Chain
Risk to Business: 1.856 = Extreme
A week-long IT outage at quick service cafe chain Panera Bread has been confirmed as a ransomware attack. The incident began on March 22, 2024, impacting its internal IT systems, phones, point of sales (POS) system, website and mobile app. Stores were left unable to process electronic payments and reward programs were inaccessible. The trouble wasn’t resolved until March 26. The company has not released information about a ransom demand or if any data was stolen, saying the incident is still under investigation.
How It Could Affect Your Customers’ Business: Losing its POS system is a massive disaster for any retailer or restaurant, leading to lost revenue and driving customers elsewhere.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Omni Hotels & Resorts
Exploit: Ransomware
Omni Hotels & Resorts: Hospitality
Risk to Business: 1.721 = Severe
Major hotel chain Omni Hotels & Resorts has disclosed that it has experienced a ransomware attack that took down many of the company’s IT systems. The attack rendered reservation, hotel room door lock, and point-of-sale (POS) systems inoperable. All of Omni’s remained open and accepting new guests during the outage, but front desk employees experienced difficulties with new reservations, credit card payments and modifying already-made reservations. Omni said that it is still investigating and remediating the problem.
How It Could Affect Your Customers’ Business: It has been a rough few years for the hospitality industry with a spate of disruptive attacks on major hotel, resort and casino chains.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Prudential Insurance
https://therecord.media/prudential-discloses-new-information-from-february-incident
Exploit: Hacking
Prudential Insurance: Insurer
Risk to Business: 1.803 = Severe
Prudential Insurance has disclosed in a filing with Maine officials that it experienced a data breach in February 2024. The company said it detected unauthorized access on February 5. In its subsequent investigation, Prudential discovered that an unauthorized party had gained access to its network on February 4, 2024, and stolen data. The insurer said that 36,545 people had some of their personal data stolen including their names, addresses and driver’s license or ID card numbers. Prudential has brought in a third-party expert to investigate and is working with law enforcement.
How It Could Affect Your Customers’ Business: A data breach that exposes customers’ personal data can lead to a serious loss of reputation that is hard to repair.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Jackson County, Missouri
Exploit: Ransomware
Jackson County, Missouri: Regional Government
Risk to Business: 1.712 = Severe
Jackson County, MI has declared a state of emergency in response to a cyberattack. As a result of the attack, the county’s Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice. County systems that are down include tax and online property payments, issuance of marriage licenses and inmate searches. Jackson County Executive Frank White Jr. issued an executive order declaring a state of emergency late last week. The county is working with law enforcement to investigate the attack.
How it Could Affect Your Customers’ Business: Local governments can be paralyzed by a cyberattack, creating major problems for residents and businesses.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Chile – IxMetro Powerhost
Exploit: Ransomware
IxMetro Powerhost: Data Center and Hosting Provider
Risk to Business: 2.376 = Severe
IxMetro Powerhost, a Chilean company that provides hosting and a data center for companies around the world, has fallen victim to a ransomware attack. The attack was purportedly conducted by the relatively unknown SEXi ransomware group. The cybercriminals said that they encrypted the company’s VMware ESXi servers and backups. The websites or services that IxMetro Powerhost takes care of for its customers were knocked out. IxMetro Powerhost warned customers that it may be unable to restore those functions as its backup servers have also been encrypted.
How it Could Affect Your Customers’ Business: Cyberattacks on business service providers can open the organizations they serve up to data security and cybersecurity trouble.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
UK – CVS Group
Exploit: Hacking
CVS Group: Veterinary Services Provider
Risk to Business: 1.866 = Moderate
CVS Group, one of the United Kingdom (UK)’s largest providers of veterinary services, has informed regulators that it has experienced a data breach. CVS Group did not specify if the stolen data included employee or customer information, or a mix of both. Veterinary hospitals in the group experienced ongoing technology problems last week. CVS Group is comprised of 500 veterinary hospitals, primarily located in the UK.
How it Could Affect Your Customers’ Business: A data breach is an expensive proposition for any business from the first stage of the investigation to the final stage of remediation.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
UK – Leicester City Council
https://therecord.media/leicester-city-council-ransomware-data-breach
Exploit: Ransomware
Leicester City Council: Local Government
Risk to Business: 2.602 = Moderate
The INC ransomware group has claimed responsibility for an attack on the Leicester City Council. Officials confirmed that a cyber incident was identified on March 7. The group claims to have stolen 3 TB of data. City officials said that in the incident, the cybercriminals snatched 25 highly confidential documents including rent statements, applications to purchase council housing and personal identification documents such as passport information. City officials also said that there may have been additional data stolen. The Leicester City Council is working with Leicestershire Police and the National Cyber Security Centre (NCSC) and has notified the Information Commissioner’s Office of the breach.
How it Could Affect Your Customers’ Business: Even just a handful of stolen documents can be enough to cause a major problem, especially when they contain sensitive data.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Check out the redesigned Microsoft 365 monitoring system in RocketCyber Managed SOC
To continuously provide you with the best possible managed detection and response platform, we’ve redesigned our Microsoft 365 monitoring system in RocketCyber Managed SOC. The new system has been designed from the ground up to handle real-time event processing more efficiently, offering enhanced scalability and laying the groundwork for future innovations. Key benefits include:
- Real-time monitoring: Receive notifications and alerts in real-time, ensuring there are no delays in ingesting information across the Microsoft 365 Login Analyzer, Risk Detection and Log Monitor apps.
- Future-ready: This new system is an investment in our Microsoft 365 monitoring capabilities, it lays the groundwork for future innovations such as our M365 Remediation Actions coming in Q2.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Have you read A Comprehensive Guide to Email-based Cyberattacks?
Email is the most dangerous threat vector that businesses face. In A Comprehensive Guide to Email-based Cyberattacks, we go through everything you need to know about email-based cyberattacks including:
- Red flags to watch for
- Detailed walk-throughs of the most common types of email-based cyberattacks
- Tips to help IT professionals protect businesses from trouble
Did you miss...The Network Penetration Testing Buyer’s Guide? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
4 Tools & Technologies to Help IT Professionals Mitigate Email-based Cyberattack Risk
Email is a crucial communication tool in today’s digital world. A single organization sends and receives thousands of emails daily, making the email environment a massive vulnerability for enterprises and opening the door for cyberattacks. According to a Deloitte report, 91% of cybercrimes begin with a phishing email. Once a company suffers a phishing attack, recovering from the sudden jolt is often challenging since it adversely impacts its finances and reputation. That’s why businesses should carefully consider their email security strategy and utilize the latest tools and technologies to prevent damage from email-based cyberattacks.
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
4 Security tools & technologies that can help keep email-based attacks at bay
Bad actors are quickly evolving their phishing messages and attacks to take advantage of the latest advances in technology, like generative artificial intelligence (AI), to make their attacks harder to detect. That means that businesses must also evolve their phishing defenses to the next level by making the most of today’s best cybersecurity tools and technologies.
1. Artificial intelligence (AI)
AI is a game-changer for cybersecurity. An AI-enhanced email solution can analyze emails in real-time and look for anomalies and warning signs throughout the email, from the metadata to the message content. Using machine learning algorithms, AI-based systems recognize communication patterns and flag any unusual behavior.
Why? While employees may fall for social engineering traps, these lures are highly ineffective against AI-based systems.
2. Automation
Automation systems are a critical asset for cybersecurity teams. These solutions help reduce the response time to seconds, compared to hours or days with traditional security solutions. Automated features in technologies like endpoint detection and response (EDR) make security solutions faster and smarter to detect threats at lightning speed.
Why? A fully automated threat detection and response solution empowers cybersecurity teams to quickly compile a list of alerts and streamline threat mitigation efforts into a repeatable workflow.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
3. Security awareness training
No matter how secure an organization’s IT platform is, it is only as secure as its user base. In a survey, 45% of employees admitted to opening emails they considered to be suspicious, making them the biggest security liability to their organization. Teaching employees to interact with email safely is a major risk mitigation tool.
Why? With security awareness training, employees can learn to effectively detect and report phishing emails, transforming them into cybersecurity assets for the company. Companies that engage in regular security awareness training have 70% fewer security incidents.
4. A Security Operations Center (SOC)
With the increased sophistication and frequency of phishing attacks, organizations need 24/7/365 monitoring of their critical attack vectors. The cybersecurity talent shortage also leaves most companies in need of cybersecurity expertise. A managed security operations center (SOC) provides companies with both of those essentials affordably.
Why? SOCs employ a team of experts who continually monitor an organization’s systems and networks using innovative tools to detect and eliminate an attack before it can harm the organization.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Preventive Measures to Stop Email-based Cyberattacks
Every business is inundated with email-based threats daily. Dangerous ransomware threats often arrive via email, and the pace of those attacks is increasing. 1048 ransomware attacks were recorded in Q1 2024, up 73% over the same period in 2023.
In our Kaseya Security Survey 2023, over 40% of the IT professionals we surveyed said that phishing is their number one security woe. These safety tips to help prevent cybersecurity incidents caused by malicious emails.
Avoid clicking on untrustworthy links
Never click on unexpected or unusual links in an email message no matter who the sender is. Instead, hover over the link to see the underlying URL of the link to help you determine its legitimacy. Clicking on a malicious link often takes the victim to a malicious login page that bad actors use to steal the victim’s credentials. Sometimes, malicious links can also lead to malware downloads and other bad outcomes.
Never disclose sensitive information without verifying the request’s legitimacy
Do not reply to an email from an untrusted source requesting personal information, sensitive company data or money without verifying its validity, no matter how little information the sender asks for. A simple misjudgment could be enough to jeopardize the organization’s defenses. 1 in 8 employees are likely to share information requested in a phishing email.
Don’t open suspicious email attachments
Always ensure that an email is trustworthy and check for red flags before opening an attachment. Opening an infected attachment can cause a cascade of bad effects like deploying ransomware. Avoid opening unexpected attachments that prompt the recipient to run macros to view them. Enabling a malicious macro can give bad actors control of that computer.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Maintain a regular security awareness training program
Anyone in the company could be targeted in a phishing scam. To ensure that everyone is on their toes, conduct regular security awareness training for everyone from interns to the CEO. Include quizzes in the training so that you can easily determine who needs more help and may be a security risk.
Keep all systems up to date
An unpatched software program or operating system is most vulnerable to a cyberattack. Regularly update all programs and operating systems to benefit from the latest security patches. Unpatched systems and software set businesses up to fall victim to zero-day attacks.
Conduct phishing simulations
Train employees to spot and avoid phishing hazards with regular phishing simulations. Even better, customize the content of these simulations to reflect the unique threats that employees face daily. Companies that engage in regular security awareness training have 70% fewer security incidents.
Every organization needs to take email security seriously and take every precaution to prevent email-based cyberattacks from landing. By utilizing next-gen security tools and technologies, businesses can be ready for today’s email-based cyber threats and be ready for what’s next.
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
Kaseya’s Security Suite helps IT pros mitigate email risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate all types of cyber risk including email-based threats effectively and affordably without breaking a sweat.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Security Suite Q2 Product Update Webinar
April 9 | 10 AM ET | 7 AM PT | 2 PM GMT
Join us to find out about the latest advancements in our suite of cybersecurity solutions. Learn about innovations and integrations in Datto EDR, RocketCyber Managed SOC, Graphus, BullPhish ID, and Dark Web ID. Plus, discover the benefits of our new next-generation antivirus Datto AV. REGISTER NOW>>
April 9: Kaseya Security Suite Q2 Product Innovation Update Webinar REGISTER NOW>>
April 11: Kaseya+Datto Connect Local Vancouver REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!