The Week in Breach News: 04/05/23 – 04/11/23
This week: Two big breaches at tech companies, the UK ACRO data breach, three checklists to help improve your email security, all the details about the new BullPhish ID + IT Glue integration and a deep dive into why EDR is the perfect investment to make right now.
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
Proskauer Rose
Exploit: Human Error
Proskauer Rose: Law Firm
Risk to Business: 1.211 = Extreme
New York-based law firm Proskauer Rose has experienced a data breach that resulted in the exposure of sensitive client data. The firm said that the incident was the result of a misconfiguration after it hired an outside company to configure a cloud database. Unfortunately, that was done incorrectly and data from Proskauer’s merger and acquisitions business was left on an unsecured Microsoft Azure cloud server for an estimated six months. The 184,000 exposed files include financial and legal documents, contracts, non-disclosure agreements and financial deals.
How It Could Affect Your Customers’ Business: Any service provider or supplier can be the reason for a company’s cybersecurity trouble.
Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Camden County Police Department
Exploit: Ransomware
Camden County Police Department: Law Enforcement Agency
Risk to Business: 1.873 = Severe
The Camden County, New Jersey Police Department (CCPD) disclosed that it has experienced a ransomware attack that has left it without access to some systems and data. CCPD said that access to criminal investigative files and day-to-day internal administration abilities have been impacted. A department spokesperson said that the incident began about three weeks ago. The hackers have made an unspecified ransom demand. The FBI, NJ State Homeland Security’s office and the New Jersey attorney general’s office were all notified of the incident and are assisting in the investigation.
How It Could Affect Your Customers’ Business: Agencies that hold sensitive data are juicy targets for cybercriminals looking for a quick score.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Nordik Spa
https://toronto.citynews.ca/2023/04/08/groupe-nordik-spa-data-breach/
Exploit: Hacking
Nordik Spa: Spa Chain
Risk to Business: 1.718 = Severe
Quebec-based luxury spa chain Nordik Spa has disclosed that it had experienced a data security incident that may have impacted customers who had purchased gift certificates on its website. The company said that customers who completed those transactions between November 4, 2022, and February 27, 2023, may have had their credit card data and personal information compromised. Exposed data may include customer’s personal data including full names, street addresses and credit card details. The incident is under investigation.
How It Could Affect Your Customers’ Business: Any business engaging in online commerce needs to take extra precautions against credit card data theft.
Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
Holland – Royal Dutch Football Association
https://therecord.media/netherlands-dutch-football-association-cyberattack-soccer
Exploit: Hacking
Royal Dutch Football Association: Sports League
Risk to Business: 2.819 = Moderate
The Royal Dutch Football Association has announced that hackers were able to steal the personal information of its employees during a cyberattack. Last Tuesday, a spokesperson from the league said that bad actors had penetrated the company’s network. The network was not taken down, but attackers were able to snatch employee data. Officials say that the incident has been reported to the Dutch Data Protection Authority.
How It Could Affect Your Customers’ Business: Employee data is a good score for cybercriminals and it needs to be protected just as strongly as customer data
Kaseya to the Rescue: Dark web data and other dark web-related risks are big threats to businesses. Learn more about them in our infographic 5 Ways the Dark Web Can Harm Businesses. GET IT>>
Belgium – The City of Herselt
https://cyberwarzone.com/herselt-municipality-hit-by-cyberattack/
Exploit: Hacking
City of Herselt: Municipal Government
Risk to Business: 1.423 = Severe
The municipality Herselt in Belgium has fallen victim to a cyberattack that has caused a disruption in city services. The attack left several municipal facilities closed including the Mixx Leisure Center, the town hall, the library and the Public Center for Social Welfare. City employees have been dealing with technology outages that have left them unable to send or receive emails and taken away access to services such as document requests, submissions, and the leisure center’s reservation system. Officials say that they are working to resolve the incident as quickly as possible.
How it Could Affect Your Customers’ Business: Governments and government agencies have been favored targets of bad actors for ransomware and data theft in the past two years.
Kaseya to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
UK – UK Criminal Records Office
https://www.theregister.com/2023/04/06/acro_security_incident/
Exploit: Hacking
UK Criminal Records Office (ACRO): Government Agency
Risk to Business: 1.709 = Severe
The UK Criminal Records Office (ACRO) has disclosed that it has experienced a cybersecurity incident that has resulted in the agency taking its customer portal offline. The government agency manages criminal record information which is shared with employers, officials and other government agencies worldwide. The incident occurred between January and March 2023. In a caution letter to users of the service the agency said that identification information and criminal conviction data many have been exposed. The letter also noted that a nominated endorser’s name, relationship to the applicant, occupation, phone numbers, email address and case reference number could have been affected. The ICO and NCSC have been informed.
How it Could Affect Your Customers’ Business: The extremely sensitive data that agencies like this hold is very valuable on the dark web.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
Taiwan – Micro-Star International
Exploit: Ransomware
Micro-Star International: Computer Hardware Manufacturer
Risk to Business: 2.836 = Moderate
The Money Message ransomware group has added Micro-Star International, a maker of motherboards, graphics cards and other computer components, to its dark web leak site. The group said that they snatched a variety of proprietary data including the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys and BIOS firmware. All told the threat actors claimed to have stolen 1.5TB of data from MSI’s systems and they’re demanding a ransom payment of $4 million.
How it Could Affect Your Customers’ Business: Information about operational technology (OT) is high on cybercriminal shopping lists.
Kaseya to the Rescue: Email is the most likely way for employees to encounter cyberattacks like ransomware. This checklist helps companies strengthen their email security. GET CHECKLIST>>
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Australia – OCR Labs
https://securityaffairs.com/144514/data-breach/ocr-labs-data-leak.html
Exploit: Human Error
OCR Labs: Technology Company
Risk to Business: 2.733 = Extreme
OCR Labs, a maker of digital identity technology, has experienced a data breach that has exposed sensitive network data belonging to several major clients. The incident was caused by a misconfiguration of the company’s system that left the data available on the internet to anyone. The data leak affected a range of clients including a variety of financial institutions in the UK and Australia. QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money and Reed are among the institutions affected. The company said that it has taken steps to address the problem.
How it Could Affect Your Customers’ Business: This is a major disaster for the reputation of a company with a stable full of big clients and it could damage its future prospects.
Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with your antivirus and Datto EDR combined in this information sheet. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
NEW INTEGRATION! BullPhish ID User Sync with IT Glue
The BullPhish ID and IT Glue teams are excited to announce an even deeper integration between their products. This integration adds the ability to sync contacts from IT Glue into BullPhish ID on top of the existing SMB org sync capability released last year making customer onboarding and campaign management in BullPhish ID even easier.
What it is:
Leveraging the IT Glue API, the integration expedites customer onboarding onto BullPhish ID by importing contacts (aka targets) from IT Glue to BullPhish ID, eliminating the need for manual data entry by customers. The BullPhish ID and IT Glue accounts remain linked, so any time a customer makes changes to organizations or contacts on the IT Glue side, the changes will automatically sync to BullPhish ID.
Why it matters:
This deeper integration greatly streamlines the new customer setup and ongoing campaign management within BullPhish ID, making it a great time saver for our customers. It also advances the Kaseya IT Complete vision by making our product modules work together to simplify the lives of our customers.
Setting up each module and keeping customer and end user contact data up to date means our customers must constantly update their client or employee data in every module they own, spending a lot of time on redundant tasks. IT Glue will serve as a “source of truth” for BullPhish ID and any org and contact changes made in IT Glue will automatically be reflected on the BullPhish ID side.
How it works:
Note: customers must have subscriptions to both IT Glue and BullPhish ID to enable the integration.
- First, a customer logs in to their IT Glue account generates an API key for BPID and copies it.
- Next, they log in to their BPID account, navigate to the Integrations section of the platform, paste the IT Glue API key and click Connect.
- To enable the integration, a customer will need to select which organizations and contacts they want to import from IT Glue in the “IT Glue Sync Settings” window in BPID.
- Next, they should go to the Contacts tab on the Integrations page to enable contact sync.
- After the changes are saved, the sync will take place immediately, plus the data will sync automatically whenever changes are made in IT Glue.
For details on enabling the BullPhish ID-IT Glue user sync, refer to this KB article.
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
Is Your Email Security Solution up to the Test?
9 out of 10 cyberattacks start with a phishing email. That makes email security one of the top security concerns for every business. These resources can help you determine whether the email security solution you rely on is really getting the job done or not.
5 Nastiest Email-Based Scams – Look at this infographic to learn about five of the most damaging email-based attacks. DOWNLOAD IT>>
Preventing Email-Based Cyberattacks – Check out some of the technologies that protect businesses from email-borne cyberattacks. DOWNLOAD IT>>
The Characteristics of a Successful Security Solution – Is your email security solution giving you the right protection? This checklist tells you. DOWNLOAD IT>>
Did you miss…The 10 Tips for Successful Security Awareness Training checklist? DOWNLOAD IT>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Why Should You Invest in EDR?
Cybersecurity moves fast. Bad actors are constantly working to evolve their techniques to mount sophisticated attacks against businesses, requiring IT professionals to evolve their company’s defenses to keep up. Innovations in cybersecurity technology have emerged to help get the job done. One of those technologies is endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR). This advanced cybersecurity technology continually monitors a company’s endpoints to watch for unusual behaviors and possible intrusions to give businesses and MSPs the edge they need to stay ahead of cyberattacks.
Excerpted in part from the eBook The Evolution of Endpoint Detection and Response (EDR): Datto EDR Buyers Guide DOWNLOAD YOUR COPY>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
What is Endpoint Detection and Response (EDR) Software?
EDR is a layered, integrated endpoint security solution that monitors end-user devices continuously in addition to collecting endpoint data with a rule-based automated response. EDR platforms record and remotely store system-level behaviors of endpoints, analyze these behaviors to detect suspicious activity and provide various response and remediation options. EDR agents collect and analyze data from endpoints and respond to threats that have appeared to bypass existing antivirus protections and continue to analyze, detect, investigate, report and alert your security team of any potential threats.
Endpoints create gateways into business networks. As threats continue to evolve and more cybercriminals leverage vulnerabilities in endpoints, it is essential to find the right solutions to combat these potential attacks. This is where endpoint detection and response solutions come into play. For example, fileless attacks can be particularly difficult to detect and mitigate. But with a good EDR solution on the job, IT teams can feel confident in their detection strength with the solution’s behavioral analytics engine, especially when the solution maps to the MITRE ATT&CK framework to provide the team context.
How does EDR mesh with the NIST cybersecurity framework
The NIST framework consists of five areas representing the cybersecurity risk lifecycle. Each area is divided into categories and subcategories. They help identify the outcomes you want in creating or improving your cybersecurity program.
Identify – Detect fileless attacks with behavioral analysis using deep memory analysis to ensure you’re informed of even the most elusive threat actors.
Protect – EDR blocks access to files that it detects as malicious, defending all endpoints: desktops, notebooks and servers, across Windows, MacOS and Linux operating systems.
Detect – EDR detects threats that evade other defenses so that you can respond quickly, before significant damage is done. It alerts administrators about these threats as soon as they are detected
Respond – EDR enables the quickest response in case of a cyber incident. Its click-to-respond feature allows you to take action right from your alert dashboard supporting your team in taking immediate action against cyberattacks to reduce potential damage. With a quality EDR solution, you can isolate hosts, terminate processes, delete files and more without wasting precious seconds.
Recover – Seasoned SOC analysts have distilled their experience into a world-class EDR’s automated mitigation recommendations for the most common threats, to help your team through the remediation process.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Downsides to most EDR tools
Traditional EDR is complex. Nearly all EDR products are designed and built for big enterprises. This makes them costly for SMBs and MSPs. It can also make traditional EDR solutions cumbersome to deploy and manage. They can also be highly complex, requiring a team of dedicated SOC analysts to effectively utilize, which most SMBs cannot afford or retain on staff. Without having trained staff, SMBs are left in the dark when it comes to quick remediation.
When an SMB or MSP does have the requisite security expertise on hand, traditional EDR solutions still have downsides. Alert fatigue is real. An estimated 70% of cybersecurity professionals feel moderately to extremely stressed by security warnings, especially when they have to contend with them outside of business hours. To demonstrate their efficacy, most EDR products generate numerous alerts for SOC analysts to triage. This works fine for large SOC environments, but for most who have limited staff and/or training, spending time on numerous alerts is inefficient, often resulting in missed indicators of compromise.
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
What to look for in an EDR solution
IT teams need to respond immediately to cyber threats when they pop up, minimizing downtime and reducing loss. The right EDR solution makes it easier to do that with advanced security dashboards offering a single pane of glass into all security alerts and device compliance issues including:
- An effective threat detection solution to provide SMBs with efficient and actionable alerts with relevant context so that an analyst can quickly interpret them and decide the appropriate next step(s)
- Easy-to-understand reporting function that demonstrates value without overcomplicating technical details.
- Easy-to-use, in-product threat response capabilities that support remote mitigation of security events
- A lightweight agent and seamless, quick deployment options that don’t interfere with day-to-day business operations
- Continuous monitoring of process, memory and behavior across all endpoints, which helps limit the time to detection
- Future-ready while offering seamless Integration with existing tools
3 questions to ask when shopping for EDR
Ultimately, when looking at EDR, there are three questions to ask of your EDR tool.
- Can your EDR detect suspicious behaviors as well as fileless malware and ransomware, automatically terminating the malicious activities and isolating infected endpoints to prevent further spread of a cyberattack?
- Is your EDR backed by a threat intelligence and analyst team that constantly investigates previously unknown and suspicious malware samples, reflecting the most up-to-date threat intel and forensics, allowing protection from the latest threats and reducing the risk of missing new or unknown threats?
- Do you have advanced security dashboards offering a single pane of glass into all security alerts and device compliance issues, enabling an immediate response to cyber threats when needed, minimizing downtime and reducing loss?
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Datto EDR – Turnkey Technology and Superior Security Expertise
Datto EDR provides effective endpoint detection and response in an affordable, easy-to-use, simple-to-manage and quick-to-deploy package.
Unlike other EDR products that are built for large-scale enterprise SOC teams, Datto EDR eliminates common EDR issues, such as high cost, management complexity and alert fatigue. Each alert comes with a quick, easy-to-execute set of response guidelines to support your team in isolating infected hosts, terminating processes and collecting additional evidence.
Datto EDR also integrates with Datto RMM for efficient endpoint management as part of the Kaseya IT Complete platform, eliminating the need to switch consoles for a seamless endpoint security experience.
Datto EDR detects threats that evade other defenses for fast response before significant damage is done with:
- Real-time endpoint security monitoring – Take action against advanced threats from the alert dashboard. Isolate hosts, terminate processes, delete files and more without wasting precious time.
- Deep memory monitoring & analysis – Datto EDR includes patented deep memory analysis to ensure the right people are informed of the most elusive threat actors.
- Advanced threat detection – Once a threat is detected, it’s essential to mitigate it quickly. Datto EDR’s click-to-respond feature supports teams in taking action against cyberattacks as quickly as possible to reduce potential damage.
- MITRE ATT&CK mapping alerts are mapped to the MITRE ATT&CK framework to provide context and helpful clarity to security teams, reducing the security expertise required to effectively respond.
- Smart recommendations – Seasoned SOC analysts have distilled their experience into automated mitigation recommendations for the most common threats. The EDR alerting engine will help teams through the remediation process.
- Deep integration – Datto EDR integrates with Datto RMM for efficient endpoint management. For SMBs using the Kaseya IT Complete platform, Datto EDR integration eliminates the need to switch consoles for a seamless endpoint security experience.
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
April 18: Kaseya + Datto Connect Local London REGISTER NOW>>
April 24 – 27: Kaseya Connect Global in Las Vegas REGISTER NOW>>
May 9 – 10: Kaseya + Datto Connect Local Hartford + Next Generation MSP Tour REGISTER NOW>>
May 11: Kaseya + Datto Connect Local Perth REGISTER NOW>>
May 18: Kaseya + Datto Connect Local Brisbane REGISTER NOW>>
May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>
May 25: Kaseya + Datto Connect Local Austin REGISTER NOW>>
May 30:Kaseya + Datto Connect Local Washington DC REGISTER NOW>>
June 13: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
June 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
June 20: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!