The Week in Breach News: 04/12/23 – 04/18/23
This week: BlackCat hits NCR, over one million bank customers have data exposed in a fintech blunder, two new BullPhish ID features and learn about defending against email-based cyberattacks in our new eBook.
NCR Corporation
https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html
Exploit: Ransomware
NCR: Retail Technology Company
Risk to Business: 1.873 = Severe
Point-of-Sale (PoS) technology giant NCR, formerly known as National Cash Register, has announced that it was the victim of a ransomware attack by the notorious Black Cat/AlphV ransomware group. The attack caused an outage on the company’s Aloha PoS platform, a technology widely used by bars and restaurants. The outage began on April 13. In its statement, NCR downplayed the incident saying that the problem was the result of a single data center outage impacting a limited number of ancillary Aloha applications for a subset of their hospitality customers. The company carefully pointed out that restaurants impacted are still able to serve their customers. The incident is under investigation by law enforcement.
How It Could Affect Your Customers’ Business: One cyberattack can impact many businesses and supply chain risk is growing every day.
Kaseya to the Rescue: Learn more about defending against attacks like ransomware often is in our eBook A Comprehensive Guide to Email-Based Cyberattacks GET EBOOK>>
NorthOne Bank
https://www.websiteplanet.com/news/northone-leak-report/
Exploit: Misconfiguration
NorthOne Bank: FinTech Company
Risk to Business: 1.203 = Extreme
Internet researchers have uncovered a non-password-protected database belonging to NorthOne Bank that has exposed sensitive personal and financial data for more than one million customers. The trove of documents was mainly composed of PDFs of invoices from both individuals and businesses who used an app to pay for products and services. The invoices contained names, email addresses and physical addresses, phone numbers, notes about what the payment was for, the total amount and the due date. Some tax ID numbers were also included from business transactions. The discovery happened in January, and NorthOne Bank said that it has since secured the database.
How It Could Affect Your Customers’ Business: Companies that hold valuable information like financial data by way of invoices are juicy targets for cybercriminals looking for a quick score.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Kodi
Exploit: Credential Compromise
Kodi: Media App Developer
Risk to Business: 1.672 = Severe
Kodi, an open-source media app, announced last week that they’d experienced a breach in their user forums leading to the exposure of hundreds of thousands of posts and private messages from their MyBB user forum. The breach came to light after hackers offered records for an estimated 400,000 users in a cybercrime forum. Kodi said that the attackers compromised the account of an inactive administrator and accessed the MyBB admin console on February 16 and 21, 2023. The bad actors then created database backups and downloaded existing nightly full backups. The company is redeploying its user forums after hardening.
How It Could Affect Your Customers’ Business: One compromised credential can lead to a world of hurt, even if the person whose credentials are compromised doesn’t work there anymore.
Kaseya to the Rescue: Dark web data like compromised credentials is a danger to businesses. Learn more about dark web threats in our infographic 5 Ways the Dark Web Can Harm Businesses. GET IT>>
Brazil – Dimas Volvo
https://securityaffairs.com/144816/breaking-news/volvo-retailer-data-leak.html
Exploit: Misconfiguration
Dimas Volvo: Car Retailer
Risk to Business: 2.819 = Moderate
Brazil’s Volvo dealer Dimas Volvo is in hot water after internet researchers discovered an unsecured database belonging to the company. The problem was discovered on February 17, 2023, after researchers discovered that the retailer had accidentally exposed its database’s authentication information, including MySQL and Redis database hosts, open ports and credentials that could be used to access the contents of the databases. The website’s Laravel application key and a .DS_Store file that held metadata from the developer’s computer were also exposed, revealing the file and folder names in the directory where the website’s project files were stored. A Git code repository was also attached.
How It Could Affect Your Customers’ Business: All data needs to be protected because proprietary data like metadata and code is just as useful to the bad guys as other types of information.
Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Northern Ireland – Evide
https://www.bbc.com/news/uk-northern-ireland-65297324
Exploit: Ransomware
Evide: IT Management Company
Risk to Business: 1.663 = Severe
Evide, a Derry-based IT services company that services more than 140 charities, has fallen victim to a ransomware attack that may have led to the exposure of sensitive data for thousands of vulnerable people in Ireland and the UK. The incident was reported to law enforcement on March 30, 2023. Evide handles data for organizations that serve rape victims, battered women, abused children and other vulnerable populations. Specifics on exactly what data was stolen or any ransom demand were not available at press time. Specialist cybercrime officers from the Police Service of Northern Ireland (PSNI) are investigating.
How it Could Affect Your Customers’ Business: The extremely sensitive data that agencies like this hold is very valuable on the dark web.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
Germany – Lürssen
https://www.infosecurity-magazine.com/news/superyachtmaker-easter-ransomware/
Exploit: Ransomware
Lürssen: Yacht Builder
Risk to Business: 2.836 = Moderate
Luxury superyacht builder Lürssen has disclosed that it was hit by a ransomware attack over the Easter holiday weekend. Reports say that the German shipbuilder has experienced some operational challenges since the attack. Only its Lürssen-Kröger shipyard in Schleswig-Holstein appeared to have escaped unscathed. The company has built many of the world’s largest superyachts. It also produces some vessels for the German navy. No word on what data was stolen or any ransom demand was available at press time.
How it Could Affect Your Customers’ Business: Holiday weekends are prime times for cyberattacks with especially high ransomware risk.
Kaseya to the Rescue: Email is the most likely way for employees to encounter cyberattacks like ransomware. This checklist helps companies strengthen their email security. GET CHECKLIST>>
Germany – Rheinmetall
Exploit: Human Error
Rheinmetall: Industrial Manufacturing
Risk to Business: 1.902 = Severe
German auto and arms manufacturer Rhinemetall has been the victim of a cyberattack that has impacted the company’s operations. The attack appears to be contained to systems within its automotive division. However, Rhinemetall also handles some arms production for the German military and also holds contracts to produce armaments including tanks for the Ukranian military. The company said that it is investigating the extent of the damage. It is unclear if this attack is related to a DDos attack last month spearheaded by the Russian hacktivist group Killnet.
How it Could Affect Your Customers’ Business: Companies that produce military supplies are highly vulnerable to attack by both regular and nation-state cybercrime groups.
Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with your antivirus and Datto EDR combined in this information sheet. DOWNLOAD IT>>
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
Australia – Coles
Exploit: Supply Chain Cyberattack
Coles: Supermarket Chain
Risk to Business: 1.786 = Severe
Major Australian grocery chain Coles has announced that customers with Coles credit cards may have had sensitive data exposed in the recent Latitude Financial data breach. Coles has used Latitude Financial as a service provider for its store credit cards until 2018. Coles has not been specific about how many customers may be affected or what data is exposed, but it would be from accounts opened prior to 2018.
How it Could Affect Your Customers’ Business: One supply chain cyberattack can be a headache for both a business and its customers.
Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
2 New BullPhish ID Features
Two new features in BullPhish ID add new functionality and even more value!
Individual User Reports
Customers can now generate individual user reports that provide the phishing and training campaign status for every end user they manage. The reports contain the following information:
- Names and email addresses of users that have received a campaign within the selected date range
- The training course/phishing kit name, campaign name, the status of each user/what action they’ve taken and the progress they’ve made with the course/kit
- For step-by-step instructions on how to create individual user reports, check out the BullPhish ID release notes.
Training Videos with Foreign Language Voiceovers
We have released 6 new training videos in each of the following language voiceovers (in addition to English):
- Latin American Spanish
- Canadian French
- Brazilian Portuguese
Going forward, all training videos we create will also be offered with voiceovers in these languages.
Learn more in this What’s New article
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
A Comprehensive Guide to Email-based Cyberattacks
Did you know that 9 in 10 cyberattacks start with an email? Strong email security is one of the most important defensive tools a company has. In our new eBook, we break down today’s most potentially devastating email-based cyberattacks so that you can learn:
- The anatomy of prominent attack types
- Common signs of a suspicious message
- Solutions that can help defend against the onslaught
Download your copy of A Comprehensive Guide to Email-based Cyberattacks now. DOWNLOAD IT>>
Did you miss The Characteristics of a Successful Email Security Solution? DOWNLOAD IT>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Email Security is Critical for Protection from Sophisticated Ransomware & BEC Attacks
Email is a crucial communication tool in today’s digital world. A single organization sends and receives thousands of emails daily, making the email environment a massive vulnerability for enterprises and opening the door for cyberattacks. That also makes email the most like vector for a cyberattack as well as the one that employees come into contact with the most frequently. Learning more about today’s biggest email-based cyberattacks and how they’ve evolved can help IT professionals develop and implement a successful defensive strategy.
Excerpted in part from our eBook A Comprehensive Guide to Email-based Cyberattacks GET IT>>
There’s more to email security than meets the eye
Cyber attacks have been growing increasingly more complex and harder to detect as cybercriminals look for new ways to get around their victims’ security. Scammers leverage modern tools that easily bypass traditional email security solutions and use advanced social engineering techniques that lure an organization’s employees into taking the attacker’s desired action. These days, many cybercriminals who specialize in email-based cyberattacks are looking to kick off two of the most common and dangerous operations: ransomware/malware and business email compromise.
Recently, email-based cyberattacks have skyrocketed, with more and more businesses falling prey to hackers’ evasive techniques. According to a Deloitte report, 91% of cybercrimes begin with a phishing email. Once a company suffers a phishing attack, recovering from the sudden jolt is often challenging since it adversely impacts its finances and reputation. That’s why businesses should carefully consider their email security strategy and implement robust security measures for their email environment.
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Ransomware and other malware can quickly devastate businesses
Malware attacks, especially ransomware attacks, are potentially devastating for any business. By 2031, a ransomware attack will strike a business every two seconds with an estimated annual cost of $265 billion in damage. Bad actors use ransomware to hold companies hostage by encrypting systems and data to shut them down or threatening to harm the company by publicizing or selling stolen data. Phishing emails are the most common threat vector for ransomware. The average cost of a ransomware-related data breach stands at $4.54 million.
Cybercriminals may spread ransomware through email by:
- Gaining access to a company’s environment by stealing an employee’s credentials
- Tricking an employee into downloading a malware-laden attachment
- Persuading an employee to click on a malicious link
- Getting an employee to enable a macro that triggers a malware download
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
Ransomware is a contributor to 2 big risks right now
Nation-state actors also use ransomware to devastating effect, and no business is safe from their activities. In fact, an estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure sectors, including SMBs. Sometimes, these threat actors don’t use ransomware, instead infecting systems with devastating wiper malware. Wiper malware doesn’t encrypt systems, it destroys their Master Boot Record (MBR) and Master File Table (MFT), making it almost impossible for organizations to recover their data.
Ransomware is also a factor in increased supply chain risk. Over half (52%) of global organizations know a partner that has been affected by ransomware. However, this hasn’t necessarily translated into action. Many businesses aren’t doing anything to improve the security of their supply chain or mitigate the ransomware risk heading their way from suppliers and service providers, even though business leaders are often aware of the problem – 90% of global IT leaders believe their partners and customers are making their own organization a more attractive target for cyberattacks like ransomware.
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Business email compromise is the biggest villain
Although ransomware attacks are widely regarded as the worst attacks, Business email compromise (BEC) attacks are causing maximum damage to organizations across sectors. These attacks have proliferated significantly in recent times, resulting in severe financial and reputational damages. The biggest reason for the proliferation of these attacks is that BEC attacks require less effort and are largely automated, with a lower risk of getting caught and a much higher chance of payouts. The U.S. Federal Bureau of Investigation (FBI) says that BEC is 64X worse than ransomware for businesses.
How it starts
These attacks begin with cybercriminals hacking or spoofing email accounts from a trusted business to fraudulently acquire money, gift cards or sensitive data and financial details. There are many variations on this scam, but these are the most common:
- Cybercriminals attempt to impersonate an executive or another trusted figure within the intended victim’s organization, preying on employees’ desire to please the boss to coerce them into complying with the request.
- Bad actors claim to be a supplier or service provider for the target business and claim that they are owed payment for an outstanding invoice.
- Cybercriminals present themselves as someone from within the victim organization, like an employee at another branch of the company, and request money or payment of a fake bill.
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Every organization is in danger of BEC
If a business suffers a BEC attack, its impact can be devastating to its present and future revenue while also damaging its brand and business relationships. Organizations of every size including government agencies and major corporations like Google, Facebook and Toyota have experienced BEC attacks, resulting in millions of dollars in losses. For example, we recently reported on an expensive incident at the Port of Seattle. Cybercriminals using BEC techniques successfully attacked the Port twice in one year. In these attacks, bad actors posed ad contractors owed money by the Port’s Diversity, Equity & Inclusion department. In the first incident, bad actors made off with $184,676, and in the second just a few months later, they walked away with an even bigger score of $388,007.
BEC attacks rely mainly on social engineering techniques, so antivirus, spam filters and email blacklisting are ineffective against it. However, AI can be a benefit in sniffing out these threats as it considers the content of a message to determine if that message is a threat. A high level of awareness bolstered by employee education and robust internal prevention techniques, especially for privileged staff, can help businesses put a lid on this threat.
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
BullPhish ID+Graphus takes your email defense to the next level
BullPhish ID is a comprehensive and affordable security awareness solution that automates training delivery, testing and reporting, making it the ideal training solution for companies of every size.
It’s simple to conduct phishing simulations with pre-loaded phishing kits or customize the content to reflect the unique phishing threats your users face daily and reduce the chance they’ll fall for a phishing-based cyberattack.
Video lessons about dangers like ransomware, credential compromise and phishing give every employee a solid grounding in cybersecurity best practices with quizzes to determine who needs more help.
Through a personalized employee portal, you can track every user’s assigned courses and training progress and ensure seamless training delivery.
Graphus AI-driven, automated email security can help you stay miles ahead of cybercriminals at half the cost of the competition.
Deployable via API with just three clicks, Graphus instantly starts monitoring communication patterns between people, devices and networks to reveal untrustworthy emails, making it a simple, powerful and cost-effective phishing defense solution for companies of all sizes.
Puts three layers of defense between a phishing email and your organization and automatically prevents 99% of sophisticated phishing messages from reaching an employee’s inbox, protecting your organization from advanced social engineering and zero-day attacks.
BullPhish ID and Graphus work together with a key workflow integration
The Drop-a-Phish integration between BullPhish ID and Graphus can help you quickly deploy phishing simulation exercises and security awareness training campaigns by eliminating the need for domain whitelisting. The Graphus API allows BullPhish ID to drop phishing and training emails directly into end-user inboxes, saving hours of whitelisting time and ensuring 100% deliverability of training exercises.
Learn more about the amazing benefits you get from combining Graphus and BullPhish ID here.
April 24 – 27: Kaseya Connect Global in Las Vegas REGISTER NOW>>
May 9 – 10: Kaseya + Datto Connect Local Hartford + Next Generation MSP Tour REGISTER NOW>>
May 11: Kaseya + Datto Connect Local Perth REGISTER NOW>>
May 18: Kaseya + Datto Connect Local Brisbane REGISTER NOW>>
May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>
May 25: Kaseya + Datto Connect Local Austin REGISTER NOW>>
May 30:Kaseya + Datto Connect Local Washington DC REGISTER NOW>>
June 13: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
June 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
June 20: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!