The Week in Breach News: 05/03/23 – 05/09/23
This week: It’s an all ransomware edition featuring an attack that snarled operations for the city of Dallas, Texas, two big hits by ALPHV/BlackCat and an attack that shut down a medical center for two weeks plus a look at why EDR plus Managed SOC is a security game changer.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Murfreesboro Medical Clinic & SurgiCenter (MMC)
https://www.hipaajournal.com/ransomware-attack-results-shutdown-operations-tn-medical-clinic/
Exploit: Ransomware
Murfreesboro Medical Clinic & SurgiCenter (MMC): Healthcare Provider
Risk to Business: 1.622 = Extreme
The Murfreesboro Medical Clinic & SurgiCenter (MMC)in Tennessee has been forced to shut down operations for two weeks as the result of a devastating ransomware attack. The incident began on April 22, resulting in a complete shutdown of the facility’s systems to limit the spread of the attack. Some individual offices within the system have reopened, but many major functions including a surgical center remain closed. MMC officials said that they have been working with cybersecurity experts and law enforcement to investigate the incident and determine the extent of the attack and restore full operations.
How It Could Affect Your Customers’ Business: a virtually complete closure for two weeks is a disaster for this medical group and the community it serves.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
AvidXchange
https://techcrunch.com/2023/05/03/avidxchange-second-ransomware-attack-2023/
Exploit: Ransomware
AvidXchange: Payment Processor
Risk to Business: 1.762 = Severe
North Carolina-based payments company AvidXchange has disclosed that it is suffering its second ransomware incident of 2023. The RansomHouse ransomware gang has claimed responsibility for the attack and released the stolen data on its leak site. That data includes non-disclosure agreements, employee payroll information and corporate bank account numbers. The data that was published by RansomHouse also includes many user accounts’ login details, including usernames, passwords and, in some cases, answers to security questions for a variety of the company’s systems, including cloud accounts and security software, through to smart door locks and surveillance cameras. The company said that it detected the intrusion in early April.
How It Could Affect Your Customers’ Business: This type of financial data is extremely desirable on the dark web and valuable to bad actors, so it needs strong protection.
Kaseya to the Rescue: Data like this is a commodity on the dark web. learn more about the dark web risks that businesses face in The IT Professional’s Guide to the Dark Web. DOWNLOAD IT>>
The City of Dallas, TX
https://www.securityweek.com/ransomware-attack-affects-dallas-police-court-websites/
Exploit: Ransomware
The City of Dallas, TX: Municipal Government
Risk to Business: 1.681 = Severe
A ransomware attack on the systems of the city government of Dallas, Texas impacted some systems last week. The attack shut down the Police Department and City Hall websites as well causing jury trials to be postponed in the Municipal Court. The computer-assisted dispatch system that is used to help firefighters respond to emergency calls was also knocked out, forcing first responders that utilize those systems to handle dispatch manually. The city said that the attack’s impact was limited and it’s working to restore affected systems. No word of any ransom demand and no one has claimed responsibility.
How It Could Affect Your Customers’ Business: Governments and government agencies of every size have been prime targets for ransomware attacks in the past few years.
Kaseya to the Rescue: Learn more about defending against often email-based cyberattacks like ransomware in our eBook A Comprehensive Guide to Email-Based Cyberattacks GET EBOOK>>
Edison Learning
https://thejournal.com/articles/2023/05/01/ransomware-gang-claims-edison-learning-data-theft.aspx
Exploit: Ransomware
Edison Learning: Education Management Organization
Risk to Business: 2.719 = Moderate
The Royal ransomware gang says that it is responsible for a ransomware attack on public school and distance learning management company Edison Learning. The group added Edison Learning to its dark web data leak site on April 26. It claims to have stolen 20GB of the company’s data including personal information of employees and students. Edison Learning has confirmed the incident but refused to provide further details, saying that an investigation is ongoing.
How It Could Affect Your Customers’ Business: Because of the time-sensitive nature of their operations, schools are prime targets for ransomware attacks.
Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Constellation Software
Exploit: Ransomware
Constellation Software: Business Software Company
Risk to Business: 2.781 = Moderate
The ALPHV/BlackCat ransomware group successfully hit Ontario-based business software firm Constellation Software last week. The company has confirmed that some of its systems were breached by threat actors who also stole personal information and business data from a small number of systems related to internal financial reporting and related data storage. All systems have been restored. BlackCat listed Constellation on its leak site claiming to have nabbed 1 TB of data.
How it Could Affect Your Customers’ Business: Supply chain attacks like strikes on business service and technology providers have been escalating, elevating supply chain risk for businesses.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
UK – The National Smallbore Rifle Association (NSRA)
https://www.infosecurity-magazine.com/news/gun-owners-targeted-rifle/
Exploit: Ransomware
The National Smallbore Rifle Association (NSRA): Sports Governing Body
Risk to Business: 2.866 = Moderate
The UK The National Smallbore Rifle Association (NSRA) is warning members that it experienced a hacking incident last week that may have exposed member data. In a statement, the association assured members that the attack hit legacy servers that contain working documents and its membership portal remains secure. However, the group said it cannot be sure who was impacted because it doesn’t have access to the breached servers, leading to reports concluding that this was a ransomware incident. NSRA said that it is working with the UK’s South East Regional Organised Cybercrime Unit (SEROCU) in the investigation.
How it Could Affect Your Customers’ Business: Information like this can be used by bad actors to mount spear phishing campaigns.
Kaseya to the Rescue: Email is the most likely way for employees to encounter cyberattacks like ransomware. This checklist helps companies strengthen their email security. GET CHECKLIST>>
Kaseya’s Security Suite makes keeping businesses out of cybersecurity trouble easy & affordable. SEE HOW>>
Australia – HWL Ebsworth
Exploit: Ransomware
HWL Ebsworth: Law Firm
Risk to Business: 1.883 = Severe
Australian commercial law firm HWL Ebsworth fell victim to a ransomware attack by the ALPHV/BlackCat ransomware group late last week. The bad actors claim to have snatched 4 TB of confidential company data. The group posted an assortment of data to their dark web leak site including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map.
How it Could Affect Your Customers’ Business: Law firms can hold some very valuable and sensitive data making them very attractive targets for bad actors.
Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with your antivirus and Datto EDR combined in this information sheet. DOWNLOAD IT>>
Australia – Crown Princess Mary Cancer Centre
Exploit: Ransomware
Crown Princess Mary Cancer Centre: Specialty Medical Clinic
Risk to Business: 2.786 = Moderate
Crown Princess Mary Cancer Centre in Westmead Hospital has disclosed that it has been the victim of a ransomware attack by the cybercrime group Medusa that has led to data exposure for patients. The group claims to have grabbed thousands of files, some containing sensitive patient data, and is threatening to expose them if not paid $100,000. The clinic has not confirmed what amount or types of data were stolen. NSW Health is investigating the incident in concert with authorities.
How it Could Affect Your Customers’ Business: Bad actors love to hit medical offices of all sizes hoping for a fast payment and lots of valuable data.
Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
2 New Campaigns from Powered Services Pro
Two new campaigns from Powered Services Pro help MSPs jump into a profitable new sales season.
Trust Issues: The Zero-Trust Security Model Pro Campaign
MSP Value Proposition:
As the zero-trust cybersecurity model continues to take hold among organizations, many don’t know where they are in the process and what they need to do to achieve a full zero-trust security posture. Show businesses how placing their trust in you can help get them there.
End Buyer Value Proposition:
When it comes to cybersecurity, don’t be too trusting. Moving toward a zero-trust cybersecurity model—which is grounded in the idea that no device or user should automatically be trusted—can help address the cyberthreats and security challenges facing today’s businesses.
Q3 Bonus Holiday Campaign
Bonus Pro Campaign: Q3 Bonus Holiday Campaign
Leverage our celebratory bonus ads to start a conversation about security with your clients!
- National Canada Day (7/1)
- I Forget Day (7/2)
- 4th of July (7/4)
- National Workaholics Day (7/5)
- Shark Week (July 10 – 16)
- Digital Nomad Day (8/8)
- Labor Day ( 9/4)
- National Day of Civic Hacking (9/18)
- National IT Professionals Day (9/19)
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
EDR + Managed SOC is a Game-Changer
EDR and Managed SOC are powerhouse technologies on their own, but when you combine them, you gain an unbeatable advantage against cyberattacks. In this explainer, we walk you through exactly why EDR + Managed SOC is a winning combination.
Did you miss…A Comprehensive Guide to Email-based Cyberattacks? DOWNLOAD IT>>
5 Reasons Why EDR + Managed SOC is a Security Win
In today’s complex and volatile security landscape, MSPs and businesses need all the help they can get to stay one step ahead of the bad guys. Kaseya’s Security Suite is made up of powerful solutions that work seamlessly together to mitigate cyber risk and provide strong protection against cyberattacks. Two of those security technologies, Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR), also known as Managed SOC (security operations center), are powerhouse security technologies that put amazing tools and data at security teams’ fingertips individually. But the real magic lies in using them in concert to gain a big security advantage. It’s a game-changer that gives companies an array of benefits including 360 visibility into their threat picture, valuable threat intelligence and critical tools to speed incident response. Here’s why adding both to your security build-out to work together is a power move.
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
Aren’t EDR and MDR the same thing?
EDR and MDR may have similar abbreviations, but they’re not the same technology. Instead, each provides IT teams with part of a company’s threat picture.
EDR focuses on detecting and responding to threats at the endpoint level, such as laptops, servers, and other computing devices. It uses advanced techniques such as behavioral analysis, machine learning, and threat intelligence to detect and respond to threats that traditional antivirus solutions may miss.
Managed SOC or MDR is a comprehensive security solution that involves a combination of people, processes, and technology to detect, investigate, and respond to security incidents across the entire organization. Managed SOC services are typically provided by a third-party vendor who monitors their customer’s network and endpoints for suspicious activity.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
5 Reasons Why EDR and Managed SOC are Better Together
The combination of EDR and Managed SOC together offers an array of unbeatable benefits including these five standouts:
1. Gain comprehensive threat detection: By combining EDR and Managed SOC, an organization can achieve comprehensive threat detection capabilities. EDR can detect threats at the endpoint level, while Managed SOC can detect threats across an entire organization’s IT infrastructure, including cloud, networks, and various endpoints, including servers, as well as other devices. This gives IT teams a huge advantage because they can easily monitor two fronts, making it more likely that they’ll spot anomalies that could actually be dangerous cyberattacks quickly.
2. Enable faster incident response: EDR can quickly detect and respond to threats at the endpoint level, but adding Managed SOC can provide even faster incident response by quickly correlating threat data from multiple sources and providing a holistic view of the incident. This allows organizations to respond to threats more quickly and effectively. Time is of the essence in the event of an intrusion, because cybercriminals have been getting faster. The time that it takes the bad guys to carry out ransomware attacks once they penetrate a company’s defenses has dropped by 94% over the last few years, according to the IBM Threat Intelligence Index (TII) 2023 report.
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
3. Get improved threat intelligence: EDR can provide valuable threat intelligence to Managed SOC services, which can help them improve their detection capabilities. For example, if EDR detects a new type of malware, it can immediately send that information to Managed SOC analysts, allowing them to update their detection capabilities. IT teams with a clear, complete picture of what is going on inside and around a network are better able to defend against today’s sophisticated and hard-to-spot cyberattacks.
4. Reduce false positives: EDR can help reduce the number of false positives generated by Managed SOC services by providing more context around alerts. That’s good news for everyone. For example, if EDR detects a suspicious file on an endpoint, it can provide additional information about that file to the Managed SOC analysts, allowing them to better determine whether it’s a true threat or a false positive. Investigating false positives wastes the valuable (and expensive) time of security personnel. The typical organization wastes an estimated 300 costly tech hours per week on dealing with false positives.
5. Reduce tool and vendor fatigue: By leveraging a joint EDR and Managed SOC solution, IT professionals simplify their cybersecurity tool stack, speed up response times and reduce the number of disparate security vendors that they must use in order to stay secure. Not only does this save time and money but makes the day-to-day workload more efficient for the IT professional. It’s annoying and time-consuming for IT personnel to constantly switch back and forth and it creates compatibility problems because of a lack of effective integration.
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
EDR and Managed SOC: The Perfect Match
EDR and Managed SOC are powerhouse technologies that complement each other perfectly. This winning combination can affordably provide organizations with a better defense-in-depth posture. By combining the two, MSPs can achieve faster incident response, improved threat intelligence and reduce false positives while minimizing tool and vendor fatigue, giving you and your clients the security edge you need in today’s dangerous world.
Datto EDR – Endpoint Detection Made Easy
Datto EDR empowers IT teams to detect and respond to advanced threats quickly and efficiently. An easy-to-use cloud-based EDR solution that’s purpose-built for Managed Service Providers (MSPs), Datto EDR defends all endpoints: desktops, notebooks and servers, across Windows, MacOS and Linux operating systems and integrates seamlessly with Managed SOC and Datto RMM.
- Patented deep memory analysis ensures that you’re informed of even the most elusive threat actors.
- Take action against advanced threats right from your alert dashboard to isolate hosts, terminate processes, delete files and more without wasting precious seconds.
- Alerts are mapped to the MITRE ATT&CK framework to provide context and helpful clarity to your team.
Managed SOC powered by RocketCyber – Big Security Expertise with a Small Price Tag
Managed SOC is a white-labeled managed service that leverages our Threat Monitoring Platform to detect malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud. Our elite team of security veterans hunt, triage and work with your team when actionable threats are discovered including:
- Continuous Monitoring – Around-the-clock protection with real-time threat detection.
- World Class Security Stack – 100% purpose-built platform backed by over 50 years of security experience.
- Breach Detection – The most advanced detection with to catch attacks that evade traditional defenses.
- Threat Hunting – Elite security team proactively hunt for malicious activity.
- No Hardware Required – Patent pending cloud-based technology eliminates the need for on-prem hardware.
Schedule a demo of Datto EDR, Managed SOC or any of our security solutions today. BOOK A DEMO>>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
May 11: Anatomy of an Attack: How Managed SOC Breaks the Kill Chain
Don’t miss this chance to hear from experts as they discuss how managed SOC breaks the kill chain, catches attacks that sneak past traditional defenses and keeps businesses safer affordably!
May 10: Kaseya + Datto Connect Local Hartford + Next Generation MSP Tour REGISTER NOW>>
May 11: Kaseya + Datto Connect Local Perth REGISTER NOW>>
May 16: Kaseya + Datto Connect Local El Segundo Security & Compliance Track REGISTER NOW>>
May 17: Kaseya + Datto Connect Local LA IT Professionals Series MME Track REGISTER NOW>>
May 18: Kaseya + Datto Connect Local Brisbane REGISTER NOW>>
May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>
May 25: Kaseya + Datto Connect Local Austin REGISTER NOW>>
May 30: Kaseya + Datto Connect Local Washington DC REGISTER NOW>>
June 8: Kaseya + Datto Connect Local Belgium REGISTER NOW>>
June 13: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
June 15: Kaseya + Datto Connect Local Chicago Security & Compliance Track REGISTER NOW>>
June 20: Kaseya + Datto Connect Local Tampa REGISTER NOW>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!