The Week in Breach News: 04/26/23 – 05/01/23
This week: ransomware freezes Americold, details about the highly sensitive data stolen in a ransomware attack on Minneapolis Public Schools, new training videos and phishing kits were just added to BullPhish ID plus how EDR helps fulfill insurance requirements.
See the exciting announcements from Kaseya Connect about IT Complete 2.0 and Kaseya’s two new acquisitions. LEARN MORE>>
Americold
Exploit: Ransomware
Americold: Cold Storage Company
Risk to Business: 1.422 = Extreme
Americold, a leading cold storage logistics company, announced that it has experienced a network outage as the result of a cyberattack. The incident began last Tuesday night and has persisted, leaving employees and customers scrambling. The company has asked customers to cancel inbound deliveries and to reschedule all but the most critical outbound deliveries. Americold expects to have systems restored late this week. Americold said that it is focused on rebuilding affected systems, leading to speculation that this is a ransomware incident. They expect to restore most services this week.
How It Could Affect Your Customers’ Business: Logistics companies are a key element in the supply chain, making them highly attractive targets for bad actors.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
United HealthCare
Exploit: Hacking
United HealthCare: Insurer
Risk to Business: 1.762 = Severe
Health insurance giant United HealthCare has informed members that it has experienced a data breach. The problem was uncovered on February 22, 2023, when United identified suspicious activity on its local app that may have led to the disclosure of members’ personal information. The company estimates that the breach happened between February 19 and February 25, 2023. Members may have had personal information exposed in the breach including first and last names, health insurance member ID numbers, dates of birth, addresses, dates of service, provider names, claim information and group names and numbers. UnitedHealthcare said that Social Security and driver’s license numbers were not exposed. Affected members have been informed via letter.
How It Could Affect Your Customers’ Business: This kind of incident will end up costing United HealthCare a fortune after regulators in multiple states and at the federal level get through with them.
Kaseya to the Rescue: Data like this is a commodity on the dark web. learn more about the dark web risks that businesses face in The IT Professional’s Guide to the Dark Web. DOWNLOAD IT>>
Fincantieri Marine Group (FMG)
https://www.infosecurity-magazine.com/news/us-navy-contractor-cyberattack/
Exploit: Ransomware
Fincantieri Marine Group (FMG): Shipbuilder
Risk to Business: 1.681 = Severe
U.S. Navy contractor Fincantieri Marine Group (FMG) experienced a ransomware attack last week that is causing a temporary disruption to certain computer systems on its network. A company spokesperson said that the ransomware attack on the Fincantieri Marinette Marine shipyard disrupted operations across the shipyard by rendering data on network servers unusable as well as impacting critical CNC (Computer Numerical Control) manufacturing machines. The company said that it doesn’t have any indication that employee data was compromised. The incident is under investigation.
How It Could Affect Your Customers’ Business: Strategic attacks that impair defense manufacturing are a dangerous modern hazard that companies must be ready for.
Kaseya to the Rescue: Learn more about defending against often email-based cyberattacks like ransomware in our eBook A Comprehensive Guide to Email-Based Cyberattacks GET EBOOK>>
The Diocese of Las Vegas
Exploit: Hacking
The Diocese of Las Vegas: Religious Organization
Risk to Business: 1.919 = Severe
Late last week The Diocese of Las Vegas admitted that it had experienced a data breach that may have exposed sensitive data. The breach was discovered on March 12, 2023, and concerned data held by the Diocese about its volunteers, parishioners, donors and others. The Diocese did not specify exactly what types of information were stolen, but it was quick to reassure the public that employee payroll and benefits information and Catholic Stewardship Appeal information were not impacted. The incident has been reported to the relevant authorities.
How It Could Affect Your Customers’ Business: Churches and non-profits must be just as vigilant against cyberattacks as businesses because they’re just as much in the line of fire.
Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
CIC Group, Inc.
https://thecyberwire.com/newsletters/privacy-briefing/5/80
Exploit: Hacking
CIC Group, Inc.: Engineering and Construction Manufacturing
Risk to Business: 1.781 = Severe
CIC Group, Inc. a commercial and industrial business holding company based in St. Louis, Missouri, has disclosed that it was recently the victim of a cyberattack. In a filing with the Texas Attorney General’s Office, CIC Group said that an unauthorized party had gained access to confidential customer information that the company was holding including consumers’ names, addresses and Social Security numbers. The company has begun sending out data breach notification letters to everyone who was impacted by the incident.
How it Could Affect Your Customers’ Business: Supply chain and industrial attacks have been escalating, bringing fresh danger to businesses in every sector.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
The Minneapolis Public Schools
https://gizmodo.com/ransomware-gang-medusa-data-breach-minneapolis-school-a-1850380421
Exploit: Ransomware
The Minneapolis Public Schools: Education Authority
Risk to Business: 1.336 = Extreme
A mid-March ransomware attack has resulted in highly sensitive data about and belonging to thousands of public school students in Minneapolis being exposed on the dark web. The ransomware group Medusa claimed responsibility for the attack and began releasing information on its dark web leak site last week. Many students’ identifying data including birthdays and Social Security numbers was exposed, but that’s not the most sensitive data by far. The torrent of an estimated 200,000 files stolen from includes data about incidents of students exhibiting behavioral issues, documentation of problems at home like divorcing or incarcerated parents, data about conditions like Attention Deficit Disorder, documented indications of injuries, results of intelligence tests and what medications they take. Documents detailing allegations of abuse by district staff are also in this tranche, including the accusing student’s name, date of birth and address.
How it Could Affect Your Customers’ Business: This is a horrible story that illustrates the human cost and cruelty of many cyberattacks.
Kaseya to the Rescue: Email is the most likely way for employees to encounter cyberattacks like ransomware. This checklist helps companies strengthen their email security. GET CHECKLIST>>
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
UK – Hardenhuish School
https://www.bbc.com/news/uk-england-wiltshire-65411450
Exploit: Ransomware
Hardenhuish School: Secondary School
Risk to Business: 2.772 = Moderate
Hardenhuish School in Chippenham, Wiltshire, has been hit by a ransomware attack that has disrupted its systems. The school confirmed that the incident was a ransomware attack but did not specify a ransom demand. Hardenhuish School said that its IT staff are working to restore full functionality, but in the meantime, they’ve resorted to low-tech solutions like old-fashioned paper registers. The school is working with authorities to investigate the incident.
How it Could Affect Your Customers’ Business: Unfortunately, schools remain a popular target for cybercriminals thanks to their reputation for shoddy security.
Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with your antivirus and Datto EDR combined in this information sheet. DOWNLOAD IT>>
Germany – Bitmarck
https://therecord.media/bitmarck-cyberattack-germany-healthcare-insurance
Exploit: Hacking
Bitmarck: Healthcare IT Provider
Risk to Business: 1.786 = Severe
Bitmarck, the largest IT provider serving Germany’s health system, announced that it had experienced a cyberattack last Sunday. The attack caused Bitmarck to take both its customer-facing and internal networks offline. The company said that it does not believe that any data was stolen, although it cautioned that an investigation by external experts was ongoing. The systems outage may have a widespread effect in Germany, as electronic certificates are used to obtain sick leave. Pharmacies may also be impacted.
How it Could Affect Your Customers’ Business: A cyberattack on a service provider can impact many other businesses by causing expensive delays.
Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Australia – Amnesty International Australia
Exploit: Hacking
Amnesty International Australia: Non-Profit Group
Risk to Business: 2.873 = Moderate
Questions are flying as Amnesty International Australia has just disclosed a data breach that occurred in December 2022. Amnesty International Australia sent an email to supporters informing them their data may be at risk late last week as well as posting a statement on its website after numerous media inquiries. A spokesperson said that “some low-risk information relating to individuals who made donations in 2019 was accessed.”, asserting that the stolen data did not meet Australia’s reporting threshold. Reports identify the likely stolen data as a donor’s name, email address and phone number.
How it Could Affect Your Customers’ Business: Failing to inform the public and its donors that the organization had experienced a cyberattack isn’t a good look.
Kaseya to the Rescue: Personal data is a treasure trove for bad actors to sell on the dark web. See more ways beyond data theft that the dark web endangers businesses in an infographic. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
2 Fresh Training Courses & 3 New Phishing Kits Added to BullPhish ID
Two fresh training courses have been added to BullPhish ID, offering important lessons about today’s biggest cyber threats.
- Introduction to Password Security: Learn why password security is more important than you think with a real-life example of the damage that cybercriminals can do with one stolen password.
- Ransomware Basics: Learn the basics of ransomware including how it works and the damage it can do to your company.
Each course is available in English plus Latin American Spanish, Canadian French, and Brazilian Portuguese.
Three new phishing kits are available now to help keep employees alert to risk from common vectors.
- DropBox – Suspicious Login v2
- Microsoft Account Suspended v2
- Microsoft Quarantined Email v2
Learn more about the new courses and kits in the BullPhish ID Release Notes
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
New eBook: How Datto EDR Satisfies Cyber Insurance Requirements for Endpoint Protection & EDR
In this eBook, you’ll learn exactly how Datto EDR helps businesses and Managed Service Providers (MSPs) comply with cyber insurance requirements for endpoint protection, monitoring and incident response.
- Explore cyber insurance industry practices
- Get definitions of essential terminology
- Take a deep dive into EDR’s relationship with cyber insurance
EDR is an Essential for Cyber Insurance Requirements
Cyber insurance is a must-have in today’s turbulent cybersecurity world. A company applying for a cyber insurance policy must demonstrate that it has effective cybersecurity policies and countermeasures in place. Many carriers require the applicant to prove that it is using an Endpoint Detection and Response (EDR) solution before they will issue a policy. This eBook details cyber insurance industry practices, defines essential terminology and explains how the Datto EDR solution helps businesses and managed service providers (MSPs) comply with cyber insurance requirements for endpoint protection, monitoring and incident response.
Excerpted in part from How Datto EDR Satisfies Cyber Insurance Requirements for Endpoint Protection & EDR. DOWNLOAD IT>>
Why do cyber insurance underwriters require EDR?
With the increased frequency and cost of cyberattacks, underwriters require proof that companies have a robust defense in place. Endpoints are a key entry point for cybercriminals into a company’s network, making protecting them a top cybersecurity priority. Today’s sophisticated cyberattacks call for sophisticated countermeasures. That is a major reason why many insurers mandate the use of EDR. Cyberattacks are ever-evolving, and legacy signature-based antivirus (AV) technologies can’t keep up. Older solutions often miss zero-day threats or threats that lack a known signature.
However, EDR solutions are behavior-based, enabling them to keep up with the evolution of cyberattacks easily. Unlike old-fashioned legacy AV technology, EDR does not rely solely on an often out-of-date database of identified viruses to spot trouble. By focusing on the presence of malicious behavior, EDR helps information technology (IT) personnel quickly and easily identify a problem by recognizing unusual behavior and learning the effects, giving companies an edge in containing the activity and remediating the issue fast. When preventative controls fail to stop an attacker from getting into the network, the visibility and response capabilities provided by EDR can help companies scope and contain an attack in progress. This reduces an incident’s overall impact and cost and provides valuable information for remediating the vulnerabilities that caused it.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
What features do insurers require from an EDR solution?
Most cyber insurance policies require covered entities to have security safeguards in place that prevent, detect, contain and correct problems, including security violations, suspected or known security incidents, malicious software and misuse of privileged accounts. EPP solutions that include EDR technology specifically have been identified by insurance underwriters as an effective means to do this.
EDR enables organizations to mitigate the harmful effects of cyberattacks and security incidents smoothly as well as aiding in documenting security incidents and their outcomes for reporting and root cause analysis. However, many EPP and EDR solutions vary in their capabilities and features, so insurance carriers will often recommend specific industry leaders as recommended solutions.
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Desirable solutions for insurance carriers often fall within certain parameters. Insurers tend to prefer solutions that utilize modern machine learning classifications on top of traditional virus definitions, perform behavioral analysis and utilize top-tier threat intelligence. These are primarily cloud-managed, allowing for the continuous monitoring and collection of activity data.
Cloud-based EDR solutions also allow IT personnel to take remote remediation actions regardless of whether the problem endpoint is on the corporate network or outside of the office. In addition, the endpoint agent does not have to maintain a local database of all known indicators but can check a cloud resource to find the latest verdicts on objects that it is unable to classify.
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
Kaseya’s Cyber Insurance Fast Track Program is a Game Changer
At Kaseya Connect Global last week, Kaseya announced that it is expanding its Business Services Suite with the addition of the Kaseya Cyber Insurance Fast Track Program. Through the Kaseya Cyber Insurance Fast Track Program, Kaseya partners, customers and end users leveraging its security suite – RocketCyber, Datto EDR, Graphus, BullPhish ID, and Dark Web ID – are immediately eligible for cyber coverage at discounted rates from an insurer (Kaseya is not an insurer). This is a huge win for MSPs and their customers. In today’s volatile cyber landscape, every business needs cyber insurance. But a shifting sea of requirements and compliance hoops that businesses face makes that very challenging. The Kaseya Cyber Insurance Fast Track Program cuts through all of that red tape, making cyber insurance an achievable goal for any business.
LEARN MORE ABOUT OUR ANNOUNCEMENTS AT CONNECT GLOBAL >>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Datto EDR satisfies most insurers requirements
Datto EDR, when combined with an antivirus solution like Microsoft Defender or an equivalent third-party solution, provides organizations with a full cloud-based EPP solution with robust threat prevention, detection and reporting capabilities, isolating impacted machines or accounts to prevent further damage.
- It enables IT staffers to prevent, detect, contain, analyze, remediate and roll back security violations associated with known and unknown malware. Malware like ransomware is automatically quarantined or removed once detected.
- It serves the same functions for non-malware-related attacks, like misuse of user or administrative privileges — a circumstance often associated with external hackers or malicious insider threats.
Datto EDR can also be used to generate a report summarizing detected threats and the response actions taken. The forensic capabilities of Datto EDR, including historical lookback and evidence collection, simplify the process of investigating security incidents.
Designed around the framework of the gold standard CSC and NIST risk analysis methodologies, Datto EDR has been assessed and maintains official compliance certifications, such as SOC2 Compliance, which meets or exceeds cyber insurance requirements for a secure cloud-based EDR solution
Datto EDR can also be used to generate a report summarizing detected threats and the response actions taken. The forensic capabilities of Datto EDR, including historical lookback and evidence collection, simplify the process of investigating security incidents. Designed around the framework of the gold standard CSC and NIST risk analysis methodologies, Datto EDR has been assessed and maintains official compliance certifications, such as SOC2 Compliance, which meets or exceeds cyber insurance requirements for a secure cloud-based EDR solution.
Schedule a demo of Datto EDR >>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
May 11: Anatomy of an Attack: How Managed SOC Breaks the Kill Chain
Don’t miss this chance to hear from experts as they discuss how managed SOC breaks the kill chain, catches attacks that sneak past traditional defenses and keeps businesses safer affordably!
May 9 – 10: Kaseya + Datto Connect Local Hartford + Next Generation MSP Tour REGISTER NOW>>
May 11: Kaseya + Datto Connect Local Perth REGISTER NOW>>
May 16: Kaseya + Datto Connect Local El Segundo Security & Compliance Track REGISTER NOW>>
May 17: Kaseya + Datto Connect Local LA IT Professionals Series MME Track REGISTER NOW>>
May 18: Kaseya + Datto Connect Local Brisbane REGISTER NOW>>
May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>
May 25: Kaseya + Datto Connect Local Austin REGISTER NOW>>
May 30: Kaseya + Datto Connect Local Washington DC REGISTER NOW>>
June 8: Kaseya + Datto Connect Local Belgium REGISTER NOW>>
June 13: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
June 15: Kaseya + Datto Connect Local Chicago Security & Compliance Track REGISTER NOW>>
June 20: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!