The Week in Breach News: 05/29/24 – 06/04/24
This week: LiveNation/TicketMaster hits a sour note with a major data breach, ransomware at a metal producer rocks the global supply chain, alleviating stress on IT teams and the top findings from our Mid-Year Cyber Risk Report 2024.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Everbridge
Exploit: Accidental Insider (Phishing)
Everbridge: Communications Firm
Risk to Business: 1.401 = Severe
Everbridge, a crisis management software company, informed customers of a recent breach where attackers accessed files containing business and user data. Detected on Tuesday, May 21, the attackers used information from a prior phishing attack on employees to breach the system. Compromised files included admin and user contact information, subscribed services and access methods. Everbridge is collaborating with incident response experts from Mandiant and Stroz Friedberg to evaluate the breach’s severity and impact.
How It Could Affect Your Customers’ Business: An employee falling for a phishing attack is a fast path to disaster, but training can mitigate the risk.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Seattle Public Library
https://statescoop.com/ransomware-seattle-public-library/
Exploit: Hacking
Seattle Public Library: Library System
Risk to Business: 1.8606 = Severe
The Seattle Public Library suffered a ransomware attack over Memorial Day weekend, forcing all 27 locations to take their systems offline. While preparing for scheduled server maintenance, the library’s systems were attacked. The website and some digital services were restored overnight, but many services, including e-book access, computers, Wi-Fi, and printing, remain affected. The library is posting updates on its blog and cannot confirm if data was compromised or when full functionality will be restored.
How It Could Affect Your Customers’ Business: Every organization is at risk of a cyberattack that can disrupt its functions and services, even if it doesn’t handle much money or sensitive data.
Kaseya to the Rescue: Learn how to protect organizations from dark web danger and mitigate risk with the insights we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
LiveNation/Ticketmaster
https://abcnews.go.com/US/ticketmaster-hit-cyber-attack-compromised-user-data/story?id=110737962
Exploit: Third-Party Data Breach
LiveNation/Ticketmaster: Ticket Seller
Risk to Business: 1.227 = Extreme
Live Nation, the parent company of Ticketmaster, revealed Friday evening that it was the victim of a cyber attack that compromised user data. The company said in a filing with the U.S. Securities and Exchange Commission that it discovered an “unauthorized activity within a third-party cloud database,” on May 20 and promptly launched an investigation. ShinyHunters claimed responsibility for the breach in an online forum and was seeking $500,000 for the data, which reportedly includes names, addresses, phone numbers and some credit card details of millions of Ticketmaster customers.
How It Could Affect Your Customers’ Business: Companies like this hold a treasure trove of profitable data that cybercriminals are always itching to get their hands on.
Kaseya to the Rescue: The Mid-Year Cyber Risk Report 2024 takes you on a deep dive into the trends that are shaping cybersecurity in 2024 and predictions for what might be next. GET REPORT>>
Canada – First Nations Health Authority
https://globalnews.ca/news/10518052/first-nations-health-authority-cyber-attack/
Exploit: Hacking
First Nations Health Authority: Government Agency
Risk to Business: 1.803 = Severe
The First Nations Health Authority in British Columbia confirmed a cyberattack on its corporate network detected on May 13. They deployed countermeasures to prevent network encryption but believe some employee and limited personal information was impacted. The health authority did not specify the type of data affected but stated no clinical information systems were impacted. They have engaged external cybersecurity experts and notified law enforcement and the Office of the Information and Privacy Commissioner.
How It Could Affect Your Customers’ Business: government agencies off all types at every level have been prime targets for bad actors, a trend that looks set to continue.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of cyberattacks fast. This checklist helps you find the right one. DOWNLOAD IT>>
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
UK – BBC
Exploit: Hacking
BBC: Television Network
Risk to Business: 2.712 = Severe
The BBC is investigating a data breach that exposed details of over 25,000 current and former employees. The corporation’s pension scheme notified members that their information had been stolen in a data security incident, affecting about 25,290 people. The breach involved data copied from an online storage service, including names, dates of birth, sex, home addresses, national insurance numbers and pension scheme membership status. No bank details, financial information, contact details, usernames, password or health information were compromised. The BBC confirmed there is no evidence of a ransomware attack.
How it Could Affect Your Customers’ Business: While not a serious breach, a data security incident like this will still rack up major costs for a company.
Kaseya to the Rescue: This infographic compares and contrasts the value of partnering with a managed SOC versus building your own SOC. DOWNLOAD IT>>
UK – King’s College Hospital
https://www.bbc.com/news/articles/c288n8rkpvno
Exploit: Supply Chain Risk
King’s College Hospital: Medical Center
Risk to Business: 1.376 = Extreme
Major London hospitals have declared a critical incident after a cyber-attack disrupted operations and emergency services, affecting those partnered with Synnovis, a pathology services provider. This includes King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and Evelina London Children’s Hospital), and primary care services. The attack has severely impacted services, particularly blood transfusions and test results, leading to some procedures being canceled or redirected to other National Health Service (NHS) providers. GP services in Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth are also affected. Despite this, emergency care remains available, and patients should attend appointments unless advised otherwise by the NHS.
How it Could Affect Your Customers’ Business: Bad actors will seek out any opening to exploit, making penetration testing a must-have to close gaps.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>
Norway – Norsk Hydro ASA
Exploit: Ransomware
Norsk Hydro ASA: Aluminum Manufacturer
Risk to Business: 1.366 = Extreme
A ransomware attack has severely impacted Norsk Hydro ASA, a leading aluminum maker, forcing the shutdown of several automated production lines in the U.S. and Europe. The company is maintaining operations using manual processes. The aluminum industry, with few producers of technical products, is feeling the threat of supply disruption that could have a major ripple effect. It is too early to determine the exact operational and financial impact.
How it Could Affect Your Customers’ Business: This is a good illustration of how the compromise of one point in the global supply chain can have far-reaching effects.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Australia – Guardian Childcare
Exploit: Hacking
Guardian Childcare: Daycare Center Operator
Risk to Business: 2.602 = Moderate
Guardian Childcare, a major provider in Victoria, suffered a cyberattack potentially affecting thousands of families. The breach led to the theft of scanned identification documents. Guardian advised affected families to contact the issuing authority for replacements and stay alert for potential scams.
How it Could Affect Your Customers’ Business: Organizations that hold any data about children, especially sensitive medical or behavioral data, must take extra care to protect it.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
4 new training courses in BullPhish ID
Cybercriminals never stop innovating, which is why it is essential to have access to high-quality training modules that teach users about the latest threats. Four new training courses are now available in the BullPhish ID Training Portal:
- Baiting: Get up to speed on the social engineering attack known as baiting.
- Smishing and vishing: Learn about social engineering attacks through voice and text message phishing, known as vishing and smishing respectively.
- Tailgating and piggybacking: An introduction to tailgating and piggybacking, two physical cyberthreats
- Benefits of multifactor authentication: Learn about the benefits of multifactor authentication.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
TNew infographic: Reduce your IT team’s stress with 24/7/365 threat coverage from Datto EDR, Managed SOC & Datto AV
In our Mid-Year Cyber Risk Report, we lay out the biggest cyber threats on the block in 2024 while offering insights into the challenges that IT professionals may grapple with in the second half of this year.
- Explore AI-enabled cybercrime, supply chain risk and zero-day exploits.
- Look at 2024’s trends through the lens of seven impactful cyberattacks.
- Gain insight into the threats we expect to see in the second half of the year.
- Get tips to mitigate these dangerous threats.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Top Findings from the Mid-year Cyber Risk Report 2024
The cybersecurity world never slows down, constantly evolving to serve up new risks and novel cyberattacks every day. Keeping track of all of these developments can be a challenge, which is why we’re here to help. Welcome to the Mid-Year Cyber Risk Report 2024, your essential guide to understanding this year’s pivotal cyber-risk trends. In this edition, we delve into the most notable risks that information technology professionals must grapple with to secure business systems and data. We’ll explore the ways that artificial intelligence (AI) has revolutionized cybercrime, examine the ongoing evolution of the cyber-risk landscape, look at the risks that IT professionals should be concerned about and scrutinize the escalating threats to global supply chains. This intelligence can help IT professionals navigate the cyber challenges shaping 2024.
Excerpted in part from our new Mid-Year Cyber Risk Report 2024 DOWNLOAD YOUR REPORT>>
IT Professionals face a stormy sea of evolving security challenges
To gain a clear picture of the issues IT professionals face in 2024, it’s important to understand where we started at the turn of the year. We asked IT professionals about their cybersecurity experiences and challenges in the Kaseya Security Survey Report 2023 and here’s what they had to say.
Source: Kaseya Security Survey Report 2023
Data compromises are at an all-time high
We’ve seen a concerning rise in the number of publicly reported data breaches. The U.S. hit a record high of 3,205 data breaches in 2023 — a 78% increase from the previous year. And it doesn’t seem to be slowing down. In the first quarter of 2024 alone, there were 841 reported breaches, up 90% from the same period in 2023. These figures highlight the critical importance for businesses to keep their cybersecurity strong to protect against data theft. The pace of data compromises is not slowing down, with what looks to be another banner year ahead. In the first three months of 2024, ITRC recorded 841 publicly reported data compromises – up 90% over Q1 2023.
Source: ITRC 2023 Data Breach Report
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Most IT pros expect their organization to be hit by ransomware in 2024
Ransomware remains a significant and ongoing danger to businesses everywhere. Every day, cybercriminals find new ways to use cutting-edge technology, including generative AI, to create new and more sophisticated ransomware and malware. Alarmingly, 64% of the people we surveyed anticipate their organization will face a ransomware attack this year. They’re probably not wrong – 1048 ransomware attacks were recorded in Q1 2024, up 73% over the same period in 2023.
Source: Kaseya Security Survey Report 2023
Zero-day exploits soar
A zero-day attack, which is a cyberattack that exploits previously undiscovered vulnerabilities, is a term that we’re hearing more frequently. In 2023, Google observed 97 zero-day vulnerabilities exploited in the wild. That’s over 50% more than in 2022, when 60 were reported. This also speaks to the growing trend toward vulnerability exploitation and a major vector of attack that we’ve been seeing.
The Verizon Data Breach Investigations Report (DBIR) 2024 reveals a 180% rise in attacks that exploit vulnerabilities, nearly tripling over the previous year. These are primarily driven by zero-day vulnerabilities used in ransomware attacks, with the MOVEit software breach cited as a notable example.
Several factors have contributed to the surge, including:
- An increasingly interconnected business world as traffic increases between organizations and specialized service providers.
- Cybercriminals search for new avenues of attack as businesses harden their security.
- Slipshod maintenance and patching by overworked IT teams.
- Modern software development practices tend to result in common vulnerabilities.
- Patch development focused on temporary mitigations rather than underlying causes
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Supply chain danger is growing
Supply chain cyberattacks hit the headlines in 2023. In the U.S., these attacks affected 2,769 entities — the highest number since 2017. Sadly, 61% of the people we surveyed shared that their organization faced a cyberattack via their supply chain or a third-party service provider last year. This trend is on the rise, emphasizing the need for businesses to beef up their defenses in 2024.
Source: Kaseya Security Survey Report 2023
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
AI has transformed cybersecurity
The artificial intelligence (AI) revolution has made it easier for IT professionals to mount a strong defense with tools like AI-enhanced email security, antivirus and automated penetration testing. However, AI has also made it easier for bad actors to do their dirty work. Microsoft warned that over the last year, the speed, scale and sophistication of attacks has increased alongside the rapid development and adoption of AI as cybercriminals leverage the technology for their nefarious purposes. One such emerging threat is AI phishing scams, where cybercriminals leverage artificial intelligence (AI) technology to orchestrate sophisticated and convincing phishing attacks. Kiplinger named AI-enhanced scams one of the top five frauds for 2024.
Source: Kaseya Security Survey Report 2023
Kaseya’s Security Suite helps businesses mitigate all types of cyber risk affordably
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate all types of cyber risk including email-based threats effectively and affordably without breaking a sweat.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Datto AV – Safeguard businesses effortlessly against sophisticated cyber threats including Zero Days and ransomware with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See how our Security Suite can be put to work for you with a personalized demo.
- Book a demo of BullPhish ID, Dark Web ID, RocketCyber Managed SOC andGraphus. BOOK IT>>
- Book a demo of vPenTest BOOK IT>>
- Book a demo pf Datto AV and Datto EDR BOOK IT>>
Balancing Cybersecurity: Building Your Own SOC vs Partnering With a Managed SOC
June 5, 2024 I 1 PM ET / 10 AM PT
Choosing between establishing an in-house security operations center (SOC) or opting for a .anaged SOC is an important step when building your cybersecurity strategy. The insight you gain in this webinar can help you successfully navigate that complex decision-making process. You’ll learn about:
- The investment and resources needed for both options.
- The benefits and challenges of each option.
- The experiences of other IT professionals in real-world case studies.
June 11 – 13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 19: The Top Cyberattack Trends of 2024 REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!