The Week in Breach News: 04/19/23 – 04/25/23
This week: Big breaches at ABA and CFPB, ransomware busts a Canadian casino operator, a supply chain attack causes problems for Webster Bank, three essential EDR resources and a look at the major rise in cybercrime damages.
BREAKING NEWS! See the exciting announcements from Kaseya Connect about IT Complete 2.0 and Kaseya’s two new acquisitions. LEARN MORE>>
American Bar Association
Exploit: Hacking
American Bar Association: Professional Group
Risk to Business: 1.673 = Severe
The American Bar Association (ABA) has experienced a data breach that has exposed information pertaining to 1,466,000 members. The ABA disclosed that a hacker was detected on its network on March 17th, 2023. An ABA statement noted that “An unauthorized third party acquired usernames and hashed and salted passwords that you may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018.”
How It Could Affect Your Customers’ Business: Big batches of credentials like this are gold for cybercriminals and can be used to facilitate other cyberattacks.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Consumer Financial Protection Bureau (CFPB)
https://edition.cnn.com/2023/04/20/business/cfpb-confidential-data/index.html
Exploit: Malicious Insider
Consumer Financial Protection Bureau (CFPB): Federal Agency
Risk to Business: 1.213 = Extreme
The U.S. Consumer Financial Protection Bureau (CFPB) says that they’ve experienced a data breach caused by the actions of a potentially malicious employee. In the incident, a now former employee sent a total of 14 emails that included consumer personally identifiable information to their private email address. Along with that data, the employee sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at an unnamed institution. The CFPB also said that they identified data from another institution that included approximately 140 loan numbers, of which roughly 100 also included de-identified information related to the loan or borrower, such as income, credit score and demographic information. The CFPB said that The Office of Inspector General and Federal lawmakers and government agencies have been notified, including the Department of Homeland Security.
How It Could Affect Your Customers’ Business: Malicious insiders can do a lot of damage quickly through actions like stealing sensitive data and selling it.
Kaseya to the Rescue: Learn how to spot a potential malicious insider before they strike with our infographic 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
CommScope
Exploit: Ransomware
CommScope: Infrastructure Provider
Risk to Business: 1.681 = Severe
The Vice Society ransomware gang has added CommScope to their dark web leak site. The data published included a variety of information including internal documents, invoices and technical drawings. The personal data of thousands of CommScope employees was also exposed, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, bank account information, scans of employee passports and visa documentation. The company has disclosed that the attack happened on March 23.
How It Could Affect Your Customers’ Business: Internal data including contracts and technical data is very valuable and profitable for bad actors.
Kaseya to the Rescue: Learn more about defending against often email-based cyberattacks like ransomware in our eBook A Comprehensive Guide to Email-Based Cyberattacks GET EBOOK>>
Point32 Health
https://www.hipaajournal.com/major-massachusetts-health-insurer-suffers-ransomware-attack/
Exploit: Ransomware
Point32 Health: Health Insurer
Risk to Business: 2.119 = Severe
Massachusetts-based health insurer Point32 Health has fallen victim to a ransomware attack. The company is experiencing system outages, including systems that are used to service its members, accounts, brokers, and providers. Some customers reported experiencing problems getting prior authorizations for medical procedures Harvard Pilgrim Health Care customers are primarily affected. The incident occurred on April 17. No ransomware group has claimed responsibility
How It Could Affect Your Customers’ Business: This will be an expensive disaster for this company that could also damage its reputation.
Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
Webster Bank
https://www.ctinsider.com/news/article/webster-bank-data-breach-ct-customers-17906370.php
Exploit: Supply Chain Attack
Webster Bank: Bank
Risk to Business: 1.663 = Severe
Hundreds of thousands of customers of Webster Bank have had their data exposed after a data breach at one of the bank’s service providers. The bank notified regulators and customers after being informed of an intrusion between Nov. 27, 2022, and Jan. 22, 2023, at fraud detection services provider Guardian Analytics. In a filing with the Connecticut Attorney General’s Office, Webster Bank disclosed that 153,754 Connecticut customers were affected — 117,278 of whom had their name and account number exposed, while 36,476 had their name, account number and Social Security numbers exposed.
How it Could Affect Your Customers’ Business: Supply chain attacks have been escalating, bringing fresh danger to businesses in every sector.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
Canada- Gateway Casinos & Entertainment Ltd.
https://www.casino.org/news/gateway-casinos-confirms-cyberattack-on-ontario-it-infrastructure/
Exploit: Ransomware
Gateway Casinos & Entertainment Ltd.: Casino Operator
Risk to Business: 1.336 = Extreme
Gateway Casinos has confirmed that it has fallen victim to a ransomware attack that caused the company to shut down its 14 properties in Ontario nearly a week ago. The company closed its Ontario casinos, including Casino Rama Resort on April 16. In a statement, Gateway Casinos said that it is working to restore systems and reopen the casinos as soon as possible. The incident is under investigation.
How it Could Affect Your Customers’ Business: This crippling disaster will cost this company a fortune and could impact its reputation with customers for a long time.
Kaseya to the Rescue: Email is the most likely way for employees to encounter cyberattacks like ransomware. This checklist helps companies strengthen their email security. GET CHECKLIST>>
Canada – Yellow Pages Group
Exploit: Ransomware
Yellow Pages Group: Directory Service
Risk to Business: 2.772 = Moderate
Canada’s Yellow Pages has disclosed that it has fallen victim to a ransomware attack by the Black Basta ransomware group. The attack occurred around March 23. Black Basta published a sample of the stolen documents that included employee, ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address, tax documents, Social Insurance Number (SIN), sales and purchase agreements, budget and debt documents and other sensitive data. The incident has been reported to regulators.
How it Could Affect Your Customers’ Business: Identity documents are a valuable commodity that bad actors can sell quickly on the dark web.
Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with your antivirus and Datto EDR combined in this information sheet. DOWNLOAD IT>>
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
Belgium – SD Worx
Exploit: Hacking
SD Worx: Human Resources and Payroll Management Company
Risk to Business: 1.786 = Severe
Belgium’s SD Worx has shut down all IT systems for its UK and Ireland services after a cyberattack. Customers outside of that region did not lose access to their portals. The company said that it detected malicious activity around April 9, and shut down systems as part of an effort to limit the spread of the attack. The incident is under investigation, and no specifics were offered on the types of data stolen.
How it Could Affect Your Customers’ Business: A cyberattack on a service provider can impact many other businesses by causing expensive delays.
Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
A New Powered Services Pro Bonus Campaign
Grab this new bonus campaign to help you celebrate World Password Day on May 4, 2023!
Password Do’s & Don’ts Bonus Campaign
Use this new bonus campaign to celebrate World Password Day on May 4, 2023!
MSP Value Proposition:
When it comes to creating passwords, most users revert to what’s easiest rather than what’s the most secure. Help your target audience understand the potential consequences of poor password hygiene and reinforce best practices that will boost password security.
End User Value Proposition:
How do your passwords stack up? Risky password behaviors put you in danger of identity theft, account takeovers, data breaches, and other threats. Protect your data, devices, and accounts by creating safer, more secure passwords.
Learn more and get the campaign from Powered Services Pro now!
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
3 Essential EDR Resources
Endpoint detection and response (EDR) is a must-have for businesses and a great growth opportunity for MSPs. These three resources can help you learn more about the advantages of EDR.
The Evolution of Endpoint Detection and Response (EDR): Datto EDR Buyers Guide – Learn why EDR is a must-have for MSPs and their clients. DOWNLOAD IT>>
Achieve Complete Endpoint Security with AV and EDR – See how EDR and antivirus solutions work together to protect businesses. DOWNLOAD IT>>
Datto EDR: Advanced Endpoint Threat Detection and Response for MSPs – Read our datasheet on why Datto EDR is the ideal EDR solution. DOWNLOAD IT>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Cyber Fraud Damages Are Up by Almost 50%
Cybercrime and its associated losses continue to reach new heights, especially around cyber fraud. The U.S. Federal Bureau of Investigation Internet Complaint Center (FBI IC3) Internet Crime Report 2022 showed that cyber fraud reported to that agency hit a new record level in 2022. Cyber-enabled fraud losses increased to $10.3 billion for the year, up a whopping 48% compared to 2021. That’s a tremendous blow to businesses and individuals that no one can afford. Every business needs to take precautions to put the strongest possible cyber defenses in place to prevent companies from falling victim to expensive and devastating cyberattacks, and email security is a major factor in staying out of trouble.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Cyber Fraud Costs Are Skyrocketing
Individual instances of cybercrime reported to IC3 have dropped slightly. In 2022, the IC3 received 800,944 complaints, a 5% decrease from 2021. However, the financial impact of cybercrime has skyrocketed, growing from $6.9 billion in 2021 to more than $10.2 billion in 2022. In terms of specific cyber threats that snagged the most victims, phishing is still the king even though it caught slightly fewer victims in 2022. The most expensive digital scams IC3 saw were investment scams. That type of fraud cost victims $3.3 billion last year, more than doubling (127%) over 2021. The average loss per victim ballooned too, increasing by 53% over 2021.
IC3’s 3 Top Digital Scams
| Victims 2022 | Victims 2021 | Change | Losses 2022 | Losses 2021 | Change | |
| Phishing | 300,947 | 323,972 | -31% | $52,089,159 | $44,213,707 | + 18% |
| Investment Scams | 30,529 | 20,561 | + 48% | $3,311,742,206 | $1,455,942,193 | +127% |
| Spoofing | 20,649 | 18,522 | +11% | $107,926,252 | $82,169,806 | +31% |
Source: FBI IC3
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
5 Email-Based Cyberattacks & Scams to Worry About
When discussion of email-based cyberattacks comes up, ransomware and business email compromise (BEC) are always at the top of the list. And for good reason; they’re punishing nightmares for businesses and IT professionals alike. But those aren’t the only email-based threats dropping into employee inboxes every day. It’s also important to make sure that everyone is on the lookout for these 5 horrible email-based cyberattacks too.
Account takeover
In an account takeover attack, cybercriminals steal a user’s account credentials to facilitate other cybercrimes. Using social engineering tricks in phishing emails, hackers compel users to provide their credentials, then take ownership of their accounts by barring the original user from accessing their account. Cybercriminals use these verified credentials to make a profit by selling these credentials on dark web forums or abusing the account for financial gains or other nefarious activities.
Typically, financial institutions and e-commerce websites experience higher incidence of account takeover fraud than other industries, but no business is immune to this danger. For instance, hackers may take over an existing e-commerce account and use it to purchase high-value goods, paying with the victim’s stored payment credentials while changing the shipping address to their own.
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Brand impersonation and spoofing
In brand impersonation cyberattacks, cybercriminals imitate a trusted brand to trick victims into disclosing sensitive information or providing their credentials. Hackers primarily use domain-spoofing techniques or lookalike domains in phishing emails to trick their targets in these attacks.
Cybercriminals can leverage advanced tools and techniques to design highly convincing email templates that resemble emails from trusted brands. An estimated 25% of all branded emails companies receive are spoofed or brand impersonation attempts. Spoofed emails from trusted brands allow adversaries to make a compelling case through social engineering by preying on employees’ likelihood to trust familiar things.
Microsoft, Apple, DHL and Google are the top brands that cybercriminals attempt to impersonate.
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Spear phishing
Spear phishing is a highly targeted, well-researched email attack that can target anyone within a company. Spear-phishing emails are a tool utilized by an estimated 65% of cybercrime groups when they carry out targeted cyberattacks. Sometimes, spear phishing attempts are made against a few specific people within a company, but a spear phishing attack can also target employees in general. Cybercriminals who use this technique put great care into ensuring that their malicious messages are detailed and highly believable.
A spear-phishing attack starts with a phishing email from a seemingly trustworthy source, but that email can lead the recipient down several dangerous roads. Bad actors may aim to persuade the recipient to do many things including:
- Hand over their credentials
- Provide access to sensitive systems or data
- Transfer money
- Share privileged information
- Click a malicious link
- Download a malware-laden document
Due to the high pay-out potential of spear phishing attacks, threat actors spend considerable time researching their target. They use clever tactics, individually designed approaches and social engineering techniques to gain victims’ attention and compel them to click on the phishing links. For example, the FBI released a warning about a spear phishing scam making the rounds in which bad actors were sending spear phishing messages designed to look like they came from the National Center for Missing and Exploited Children. The subject of the email was “Search for Missing Children,” with an attached zip file titled “resources” that actually contained three malicious files.
Whaling
Whaling is a primarily email-based cyberattack in which cybercriminals attempt to trap a “big fish,” like someone within the C-suite of a company. Almost 60% of organizations say an executive has been the target of whaling attacks and in about half of those attacks, the targeted executives fell for the bait. To pull this attack off, bad actors spend considerable time researching and profiling a high-value target for a sizeable reward potential. Recently, whaling emails have become highly sophisticated with the adoption of fluent business terminology, industry knowledge, personal references and spoofed email addresses. Even cautious eyes can fail to identify a whaling email.
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Conversation hijacking
Conversation hijacking is another targeted email-based cyberattack in which cybercriminals insert themselves into existing business conversations or initiate new conversations for financial gains. It starts with attackers gaining access to a user’s credentials in an organization. Subsequently, they monitor the compromised account to understand business operations and to learn about deals in progress, payment procedures and other sensitive details. Cybercriminals leverage that knowledge to trick victims into taking harmful actions like wiring money or providing sensitive information
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
Put 2 powerhouse solutions to work for you to combat email-based cyberattacks
The primary pillar of a strong defense against email-based cyberattacks is powerful, effective email security. Kaseya offers a pair of innovative cybersecurity solutions that help businesses mitigate their email-based cyberattack risk without breaking the bank.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
A key workflow integration makes BullPhish ID and Graphus even better together
The Drop-a-Phish integration between BullPhish ID and Graphus can help you quickly deploy phishing simulation exercises and security awareness training campaigns by eliminating the need for domain whitelisting. The Graphus API allows BullPhish ID to drop phishing and training emails directly into end-user inboxes, saving hours of whitelisting time and ensuring 100% deliverability of training exercises.
Learn more about the amazing benefits you get from combining Graphus and BullPhish ID here.
Join us for Cybersecurity Jeopardy on May 2 at 2 pm!
Our popular, fun-filled event is back, and you won’t want to miss out on the excitement. Play along with cybersecurity experts and win fabulous prizes! REGISTER NOW>>
May 9 – 10: Kaseya + Datto Connect Local Hartford + Next Generation MSP Tour REGISTER NOW>>
May 11: Kaseya + Datto Connect Local Perth REGISTER NOW>>
May 18: Kaseya + Datto Connect Local Brisbane REGISTER NOW>>
May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>
May 25: Kaseya + Datto Connect Local Austin REGISTER NOW>>
May 30:Kaseya + Datto Connect Local Washington DC REGISTER NOW>>
June 13: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
June 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
June 20: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!