The Week in Breach News: 04/17/24 – 04/23/24
This week: A data breach rocks a troubled Australian music festival, nation-state hackers hit security experts The MITRE Corporation, details about the exciting new Datto EDR Automated Threat Response feature and three unexpected cyberattacks employees face every day.
Frontier Communications
https://www.pcmag.com/news/cyberattack-at-frontier-communications-causes-service-disruptions
Exploit: Hacking
Frontier Communications: Telecom
Risk to Business: 1.741 = Extreme
Frontier Communications has told the U.S. Securities and Exchange Commission that it experienced a cyberattack on April 14, 2024. The telecom giant said that it discovered an intrusion on that date and took measures to contain it including shutting down some systems. The shutdown led to a service interruption for some customers. Frontier also said that some customers’ information was snatched by the attackers but has not yet offered specifics. The company said that it was restoring systems as quickly as possible, and the incident is under investigation.
How It Could Affect Your Customers’ Business: A cyberattack that causes a service outage like customers losing access to the internet could push customers to another provider.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
The MITRE Corporation
Exploit: Zero Day (Nation-State)
The MITRE Corporation: Non-Profit
Risk to Business: 1.856 = Extreme
The MITRE Corporation said that suspicious activity was detected on one of its networks, causing it to shut down its Networked Experimentation, Research and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. The organization stated that a threat actor exploited two Ivanti Connect Secure zero-day vulnerabilities to target Mitre’s Virtual Private Networks, then slipped into the organization’s VMware infrastructure using a compromised administrator account. MITRE points to unnamed nation-state threat actors as the culprit.
How It Could Affect Your Customers’ Business: As business cybersecurity tightens, Cybercriminals are making the most of zero day vulnerabilities
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Solano County Library Services (California)
Exploit: Ransomware
Solano County Library Services: Public Library System
Risk to Business: 1.721 = Severe
Solano County, California’s Library Services system has been hit with a ransomware attack. The cyberattack occurred April 5, 2024, and affected facilities in the Solano Partner Libraries and St. Helena network, or SPLASH. The unnamed threat actors purportedly demanded $100,000 or they would release data stolen in the attack. Officials did not offer a timeline for restoration of networks or services. The incident remains under investigation.
How It Could Affect Your Customers’ Business: People rely on libraries for a variety of important life functions like applying for jobs or government assistance.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Home Depot
Exploit: Supply Chain Data Breach
Home Depot: Home Improvement Retailer
Risk to Business: 1.803 = Severe
Notorious threat actor IntelBroker claims that it stole data belonging to 10,000 Home Depot employees. Home Depot confirmed the data breach, pointing the finger at an unnamed third-party Software-as-a-Service (SaaS) vendor. Home Depot said the vendor inadvertently made some Home Depot associates’ names, work email addresses and User IDs public during the testing of their systems. Home Depot is still investigating the incident.
How It Could Affect Your Customers’ Business: Businesses should discuss their service providers’ cybersecurity plans to protect their data when making a deal.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Denmark – The United Nations Development Programme (UNDP)
https://www.cyberdaily.au/security/10456-un-agency-ransomware-attack-claimed-by-8base
Exploit: Ransomware
The United Nations Development Programme (UNDP): International Development Agency
Risk to Business: 1.712 = Severe
The United Nations Development Programme (UNDP) has disclosed that it has become the victim of a ransomware attack. The 8Base ransomware group has claimed responsibility. UNDP said that the attack took out the network in its Copenhagen offices. The agency believes that the attackers stole an assortment of data including human resources and procurement information. On its dark website, 8Base claims to have obtained accounting documents, personal data, employment contracts, confidentiality agreements, personal files, certificates, invoices, receipts, a “huge amount of confidential information” and more.
How it Could Affect Your Customers’ Business: Politically prominent organizations are prime targets for both general hackers and nation-state cybercriminals.
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
Switzerland – Octapharma Plasma
https://www.hipaajournal.com/octapharma-ransomware-attack/
Exploit: Ransomware
Octapharma Plasma: Plasma Bank
Risk to Business: 2.376 = Severe
Swiss pharmaceutical company Octoplasma pharma has experienced a cyberattack that impacted technology systems, leading to the temporary closure of 190 plasma donation centers in 35 U.S. states. The company said that it first identified suspicious activity in its network on April 17, 2024. Experts suspect that the fledgling ransomware gang BlackSuit is responsible for the attack. No information was offered about stolen data or a ransom demand.
How it Could Affect Your Customers’ Business: Cyberattacks on healthcare sector targets aren’t just limited to hospitals, service providers and medical suppliers are also at risk.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
France – Hospital Simone Veil in Cannes (CHC-SV)
https://securityaffairs.com/162057/hacking/french-hospital-cyber-attack.html
Exploit: Hacking
Hospital Simone Veil in Cannes (CHC-SV): Medical Center
Risk to Business: 1.866 = Moderate
French medical center Hospital Simone Veil in Cannes (CHC-SV) was hit by a cyberattack last week that impacted medical procedures. The system outages forced personnel to return to pen and paper. The hospital’s website directs patients to reschedule non-urgent consultations. The hospital’s phone systems were unaffected. The incident is under investigation by ANSSI, Cert Santé, Orange CyberDéfense and GHT06.
How it Could Affect Your Customers’ Business: A cyberattack that shuts down or limits operations at a medical center is a danger to the public.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Australia – Pandemonium Rocks
Exploit: Misconfiguration
Pandemonium Rocks: Music Festival
Risk to Business: 2.602 = Moderate
The troubled Pandemonium Rocks music festival has taken another massive blow after a major data breach. First, seven of the 10 acts scheduled to perform canceled their appearances. That led to a rush for refunds from angry ticketholders. Organizers said that a clerical error in the refund forms it used left the Administrator tab open. That gave bad actors a window on April 14, 2024, between 5.47 pm and 7.20 pm, to steal ticketholders’ personal data including bank details, email addresses and phone numbers.
How it Could Affect Your Customers’ Business: Customers are likely to be very upset about having their personal information exposed when trying to get their money refunded.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Introducing Datto EDR: Automated Threat Response
Datto EDR has added an exciting new feature: Automated Threat Response. Datto EDR puts the power of automation to work by applying custom recommendations from our seasoned security engineers with no fuss. This feature is easily enabled with the creation of a new policy. The feature ensures that each response is not only automatic but also intelligent.
- Every response is tailored to disrupt the attack chain by isolating the affected host, killing a process or quarantining a file at the most critical points based on observed abnormal behaviors.
- Effortlessly apply custom recommendations from our security engineers by simply creating a new policy.
- Easily combine recommended responses with your own custom responses, offering a tailored defense mechanism
LEARN MORE IN THE RELEASE NOTES>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Download The Network Penetration Testing Buyer’s Guide
Network penetration testing is the ultimate tool for evaluating security risks, helping you close security gaps before the bad guys exploit them. In today’s ever-evolving threat landscape, finding the right solution or provider can significantly improve your security posture. This guide provides a comprehensive understanding of what pen testing is and what to look for in a solution to help you become an informed buyer.
Did you miss… The Guide to Reducing Insider Risk? DOWNLOAD IT>>
Strong Email Security Helps Conquer These Two Dangerous Cyberattacks
Today’s savvy cybercriminals are not just exploiting technical vulnerabilities. They are using every tool at their disposal to enhance their cybercrime efforts from advanced social engineering tactics to artificial intelligence (AI). As AI improves, employees are facing more hard-to-detect cyberattacks than in the past. But common cyber threats like phishing, ransomware and business email compromise (BEC) aren’t the only email-based cyber threats that employees will encounter. Threat actors also use other methods to do their dirty work, like these three less common but still potentially devastating email-based cyber threats that have become more dangerous in the era of AI.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Brand impersonation and spoofing
In brand impersonation cyberattacks, cybercriminals imitate a trusted brand to trick victims into disclosing sensitive information or providing their credentials. Hackers typically use domain-spoofing techniques or lookalike domains in phishing emails to trick their targets in these attacks. Cybercriminals can leverage advanced tools and techniques to design highly convincing email templates that resemble emails from trusted brands. An estimated 25% of all branded emails companies receive are spoofing or brand impersonation attempts. Spoofed emails from trusted brands allow adversaries to make a compelling case through social engineering by preying on employees’ likelihood to trust familiar things.
The most spoofed brands in Q1 2024
- Microsoft
- Apple
- DHL
Source: Infosecurity Magazine
How AI is making it worse: Cybercriminals leverage AI for brand impersonation phishing by using sophisticated algorithms to create and disseminate highly convincing fake communications that mimic the style, branding, and tone of legitimate companies. AI-driven tools can automate the generation of phishing emails, social media posts, or text messages that closely resemble those from trusted entities, tricking individuals into believing they are interacting with real brands. This involves analyzing vast amounts of data from legitimate sources to replicate logos, language patterns, and design elements accurately. The deceptive level of personalization and relevance achieved through AI can significantly increase the likelihood of recipients falling for scams, such as divulging sensitive information or clicking on malicious links, under the illusion of genuine correspondence.
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Whaling
How AI is making it worse: Whaling is a primarily email-based cyberattack in which cybercriminals attempt to trap a “big fish,” like someone within the C-suite of a company. Almost 60% of organizations say an executive has been the target of whaling attacks and in about half of those attacks, the targeted executives fell for the bait. To pull this attack off, bad actors spend considerable time researching and profiling a high-value target for a sizeable reward potential. Recently, whaling emails have become highly sophisticated with the adoption of fluent business terminology, industry knowledge, personal references and spoofed email addresses. Even cautious eyes can fail to identify a whaling email.
How AI is making it worse: Cybercriminals employ AI for whaling—a form of phishing targeted at high-level executives—by utilizing advanced algorithms to meticulously research and identify potential high-value targets within organizations. AI aids in the collection and analysis of publicly available information or data breaches to construct detailed profiles of these executives, including their communication habits, professional connections, and personal interests. Leveraging this data, AI-generated spear phishing campaigns are then customized to mimic the tone, style, and subject matter that the targets are likely to respond to, making the fraudulent requests for sensitive information or financial transfers appear legitimate and urgent. This precision-targeted approach increases the efficacy of the attacks, as the personalized emails are more likely to bypass conventional security measures and elicit the desired response from the high-ranking officials, potentially leading to significant financial or informational losses for the organization.
Conversation hijacking
Conversation hijacking is another targeted email-based cyberattack in which cybercriminals insert themselves into existing business conversations or initiate new conversations for financial gains. It starts with attackers gaining access to a user’s credentials in an organization. Subsequently, they monitor the compromised account to understand business operations and to learn about deals in progress, payment procedures and other sensitive details. Cybercriminals leverage that knowledge to trick victims into taking harmful actions like wiring money or providing sensitive information.
How AI is making it worse: Cybercriminals leverage AI for conversation hijacking by infiltrating legitimate email conversations and then using natural language processing (NLP) and machine learning to understand the context and dynamics of the ongoing communication. Once an email thread is compromised, AI algorithms analyze the writing styles, habits, and typical requests of the participants to craft replies that seamlessly blend into the existing conversation. This enables attackers to impersonate one of the parties convincingly, often leading to requests for sensitive information, fraudulent invoices or malicious links being sent without raising suspicion. By maintaining the illusion of a legitimate interaction, cybercriminals can manipulate victims into complying with their requests, thereby compromising personal data, financial information, or network access. This sophisticated use of AI not only increases the success rate of such attacks but also makes them significantly harder to detect, as the malicious activities are deeply embedded within genuine communications.
The rise of sophisticated cyber threats such as conversation hijacking, whaling and brand impersonation signifies a pivotal shift in the cybersecurity landscape. These attacks, aimed at breaching high-value targets and exploiting trusted relationships, underscore the importance of vigilance and advanced security measures for businesses and individuals alike. As cybercriminals continue to refine their tactics, understanding and preparing for these less common but highly destructive forms of cyberattacks is not just advisable, but essential. In navigating the complexities of digital threats, the commitment to continuous education, robust security protocols, and proactive defense strategies will be key to safeguarding sensitive information and maintaining trust in an increasingly interconnected world
Kaseya’s Security Suite helps IT pros mitigate cyber risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate all types of cyber risk including email-based threats effectively and affordably without breaking a sweat.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Deciphering Cybersecurity: Clearing Up Common Misconceptions
May 7, 2024 | 1 PM ET / 10 AM PT
How well do you know your cybersecurity terminology? It’s an industry that speaks its own language, filled with acronyms. Join us for an informative webinar that demystifies the complex world of EDR, MDR, XDR, SOAR, SOC and SIEM and discover how these technologies interlock to shield your organization from today’s cyber threat. REGISTER NOW>>
It’s Time to Play Cybersecurity Jeopardy!
May 16, 2024 | 1 PM ET / 10 AM PT
Spring is in the air, and it’s time to challenge your cybersecurity knowledge in another exciting installment of Cybersecurity Jeopardy! Hosted by Miles Walker, Channel Development Manager, you’ll see top industry experts battling it out for the title of Cybersecurity Jeopardy Champion. And the excitement doesn’t stop there — you get to participate too! Test your skills by answering questions live and stand a chance to win fantastic prizes. REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
May 7 – Deciphering Cybersecurity: Clearing Up Common Misconceptions REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!