The Week in Breach News: 06/08/22 – 06/14/22
More trouble for two of 2021’s most ransomware-prone sectors, a detailed map of exactly how ransomware hit a Japanese hospital and a look at the 6 major influences responsible for today’s threat landscape and the threats of tomorrow.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Tenafly Public Schools
https://www.govtech.com/education/k-12/new-jersey-district-cancels-finals-after-ransomware-attack
Exploit: Ransomware
Tenafly Public Schools: Local Government Entity
Risk to Business: 2.827 = Moderate
Tenafly Public Schools was forced to cancel student final exams and resort to low-tech teaching methods to finish out the school year after ransomware had encrypted data on some computers in the district’s network. A Tenafly Public School District spokesperson said that administrators first identified the security incident Thursday and discovered that it involved the encryption of data by ransomware on some computers in the district’s network. The spokesperson went on to explain that the district’s technology department responded by isolating devices, shutting down the districtwide computer system, launching an investigation and hiring outside cybersecurity experts. No word on whether or not a ransom was or will be paid.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Schools and education sector organizations at every level have been prime targets for cybercrime in the last few years.
ID Agent to the Rescue: Learn to mitigate your clients’ ransomware risk and protect them from trouble with the resources in our Deep Dive Into Ransomware bundle! GET BUNDLE>>
Private Client Services, LLC.
https://www.jdsupra.com/legalnews/compromised-email-account-leads-to-data-9566510/
Exploit: Hacking
Private Client Services LLC. : Financial Services
Risk to Business: 1.801 = Severe
Private Client Services, LLC (“PCS”) has disclosed a data breach that the company is blaming on an unauthorized party gaining access to sensitive consumer information through a compromised employee email account. The company sent data breach letters to 22,554 impacted people on May 27, 2022.
Risk to Business: 1.822 = Severe
According to PCS, the breach resulted in the names, Social Security numbers, driver’s license numbers and state identification numbers being compromised.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business Financial Services & Banking was the sector that experience the most ransomware attacks in 2021 and that pace isn’t slowing down.
ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Aesto Health
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Exploit: Hacking
Aesto Health: Medical Information Services Provider
Risk to Business: 1.976 = Severe
Aesto Health has announced it recently experienced a cyberattack that caused disruption to certain internal IT systems. The Alabama-based company disclosed that it had experienced a security breach that was detected on March 8, 2022. Aesto Health has brought in a third-party computer forensics company to assist with the investigation. They’ve also determined that an unauthorized individual had access to the affected systems from December 25, 2021, to March 8, 2022.
Risk to Business: 1.915 = Severe
A review of the affected files confirmed they contained patients’ protected health information, including names, dates of birth, physician names, and report findings related to radiology imaging at Osceola Medical Center (OMC) in Wisconsin. No Social Security numbers or financial information were viewed or stolen, and OMC systems and electronic medical records were unaffected.
How It Could Affect Your Customers’ Business: Healthcare providers in the US don’t just have to worry about the standard expenses of a data breach, they face big regulatory penalties too.
ID Agent to the Rescue: Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with The Cybersecurity Monster Hunter’s Checklist! GET IT>>
OnDeck Capital
https://www.jdsupra.com/legalnews/ondeck-announces-data-breach-impacting-8105356/
Exploit: Hacking
OnDeck Capital: Financial Services
Risk to Business: 1.872 = Severe
OnDeck has disclosed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and transferred sensitive data to a private cloud storage account. OnDeck says that it first detected suspicious activity on March 10 and immediately shut down access to all affected devices. But three days later, OnDeck determined that the attackers had copied sensitive data to a private cloud storage account. On March 17, OnDeck’s team of investigators gained control over the cloud storage account, recovered the data, and shut down access, but there’s no word on what the threat actor might have done with the data.
Risk to Business: 1.721 = Severe
The customer data that was compromised may include names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information.
How it Could Affect Your Customers’ Business: Entities in the financial services sector need to take extra precautions against trouble because it was 2021’s hardest hit sector for ransomware attacks.
ID Agent to the Rescue: Make sure you’re offering your clients the right protection against dark web risks with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
Canada – CMC Electronics
Exploit: Ransomware
CMC Electronics: Aerospace & Defense Engineering
Risk to Business: 2.317 = Severe
The Canadian Department of National Defense (DND) confirmed earlier this week that a defense contractor, CMC Electronics, has alerted the government that it had experienced a cyberattack, suspected to be ransomware, in May. The company says that there is no indication to date that those responsible for the cyberattack have stolen any sensitive military information. The attack was allegedly carried out by the BlackCat ransomware group.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cybercriminals aren’t just hunting for PII, they’re also in the market for proprietary data, formulas, research and information about operational technology.
ID Agent to the Rescue A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Italy – City of Palermo
Exploit: Ransomware
City of Palermo: Municipal Government
Risk to Business: 2.033= Severe
The cybercrime group Vice Society ransomware group has claimed responsibility for the recent ransomware attack on the city of Palermo in Italy last Friday. The incident has caused a large-scale outage for city services that impacts 1.3 million people. Most internet-reliant services remain unavailable and are expected to be down for days. Vice Society claimed they were behind the attack on Palermo in a post on their dark web data leak site, threatening to publish all stolen documents if not paid. No word on the ransom amount or if the city plans to pay.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Governments and government agencies have been high on the cybercriminal’s shopping list partly due to the high possibility of getting paid.
ID Agent to the Rescue Help your clients be ready for cybercrime trouble and keep their data safe with The Computer Security To-Do List. DOWNLOAD IT>>
Learn to unleash the power of checklists and other downloads in your marketing efforts! WATCH WEBINAR>>
Japan – Handa Hospital
https://www.asahi.com/ajw/articles/14640348
Exploit: Ransomware
Handa Hospital: Medical Center
Risk to Business: 1.780 = Severe
Handa Hospital in Tsurugi, Tokushima Prefecture, Japan has announced that it has been the victim of a ransomware attack. Investigators say that the October 2021 cyberattack occurred after a company that was involved in providing an electronic medical record system for the hospital had disabled anti-virus software on the hospital’s computers. Investigators laid out the chain of events and it is a lesson in security woes. Before the cyberattack occurred, the service provider configured the Windows settings of about 200 computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates because they made the electronic medical record system unstable. Investigators also determined that other circumstances contributed to the problem. Windows was never updated on the computers at the hospital and the hospitals’ VPN had never been updated. The investigation ultimately determined that the cybercriminals exploited defects in the hospital’s VPN device and made an unauthorized intrusion to have the ransomware infect the hospital’s system.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business This is a great illustration of the unfortunate sequence of events that can lead to disaster.
ID Agent to the Rescue See the story of phishing, dark web credential compromise and cyberattack risk today and how it impacts your tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
See why security awareness training is a security and revenue superstar that you & your clients need to invest in now. GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- What Phishing Tricks Do Employees Fall for?
- Business Email Compromise is the Threat You Should Be Worrying About
- Do You Really Need Dark Web Monitoring?
- Here’s What the Path to a Ransomware Attack Might Look Like & the Consequences
- The Week in Breach News: 06/01/22 – 06/07/22
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
Fresh Resources
Build Your Business with These Webinars
Prospecting with Dark Web ID – Get tips for wowing your prospects and sealing the deal fast in your next demo. WATCH NOW>>
Top 5 Ingredients in the MSP Recipe for Success – Cook up a successful summer with more revenue using this secret recipe. WATCH NOW>>
3 Ways to Present Your Cybersecurity Services – Learn 3 winning techniques to overcome objections and sell more security to your clients. WATCH NOW>>
Did you miss… Our signature annual report The Global Year in Breach 2022 is available now! READ IT>>
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
How Did We Get Here?
The 5 Big Influences That Created Today’s Cybercrime Landscape & Shape Tomorrow’s
The best term that can be applied to the state of the cybersecurity landscape that businesses and IT professionals are in today is complicated. Threats are accumulating and growing faster than ever, while most businesses are trying to recover from the trials of the pandemic while contending with financial challenges. For example, phishing hit an all-time high in Q1 2022, with more than one million attacks in a quarter recorded for the first time. Many varied influences went into the making of today’s security conditions. These five influences shaped the risk landscape, making it what it is today, and we anticipate they will continue to exert a strong influence on the trends that we’ll see in 2022.
Excerpted in part from The Global Year in Breach 2022 available now! GET IT>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
5 Big Influences on Risk
Explore 5 major influences shaped the cybercrime landscape in 2021 and look set to continue driving risk in 2022.
Trend: Nation-state cyberattacks escalated
Today’s nation-state threat actor isn’t just concentrating their fire on government and military targets. Instead, they’re coming for private enterprises of all sizes. An estimated 90% of nation-state cybercriminal groups regularly conduct operations against enterprises.
| Targets of nation-state cyberattacks | % of total attacks recorded |
| Enterprises | 35% |
| Cyber Defense Assets | 25% |
| Media & Communications | 14% |
| Government Bodies | 12% |
| Critical Infrastructure | 10% |
| Other | 4% |
Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit
In the 2021 Microsoft Digital Defense Report, the company shared valuable insight on the activities of nation-state cybercriminals in 2021 and how their attack patterns are evolving, offering a look at what to expect as 2022 progresses.
- The four major players that threaten businesses the most are Russia, Iran, North Korea and China.
- About 58% of all nation-state attacks in 2021 were launched by Russian nation-state actors.
- Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021.
- Over 70% of nation-state attacks these researchers observed targeted enterprises.
A recent study by Trellix and the Center for Strategic and International Studies (CSIS) revealed that nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor. The majority of IT professionals hazarding a guess as to the point of origin for those threats landed on Russia (39%) and China (35%) as the most likely perpetrators. They also see Russia and China as the most likely points of origin for nation-state attacks that threaten their organization in the next 18 months. If the pattern of nation-state attacks in 2022 follows the lines of nation-state cybercrime in 2021, that’s a pretty fair assessment.
Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>
Trend: Spoofing & brand fraud thrived
As the pandemic raged on, ever-rising volumes of email traffic due to the powerful combination of a shift to remote work and the increasing sophistication of phishing messages gave rise to brand impersonation woes. The number of domains suspected of some degree of brand impersonation rose by more than 360% since 2020. The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation, clocking in 15 times higher in 2021 than it did in 2020. Employees encounter this threat frequently – 25% of all branded emails that companies receive are spoofed or brand impersonation attempts.
10 Most Imitated Brands of 2021
- DHL 23%
- Microsoft 20%
- WhatsApp 11%
- Google 10%
- LinkedIn 8%
- Amazon 4%
- Roblox 3%
- FedEx 3%
- PayPal 2%
- Apple 2%
- Other 14%
Source: ZDNet
Microsoft dropping to second place doesn’t reduce the danger of Microsoft-branded phishing for businesses. Approximately 145 million people use Teams/Office 365 every day. That’s a big reason why Microsoft is the perennial champion of brands that are imitated for attachments. Just under 50% of malicious email attachments arrive in Microsoft Office formats. Microsoft Office formats like Word, PowerPoint and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks. The next most popular delivery method is archived files such as .zip and .jar, which account for about 37% of malicious transmissions.
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Trend: Ransomware risk is high for infrastructure and manufacturing organizations
Cybercriminals evolved their ransomware tactics, targets and technology to make 2021 a good year for them but a bad year for everyone else. Manufacturing and industry were firmly within their sights and continue to be in danger of attack. A whopping 80% of organizations in those sectors reported that they experienced a ransomware attack in 2021.
| Industry | % of Total |
| Manufacturing | 61% |
| Oil & Gas | 11% |
| Transportation | 10% |
| Utilities | 10% |
| Mining | 7% |
| Heavy & Civil Engineering | 1% |
Source: IBM X-Force Threat Intelligence Index 2021
A recent survey found that a whopping 78% of organizations experienced one or more email-based ransomware attacks in 2021. Drilling down deeper, 68% of the surveyed organizations that fell victim to ransomware revealed that they’d dealt with at least one ransomware infection that originated from a direct email payload, second-stage malware delivery or other similar cause. Infrastructure was also a prime target for cyberattacks last year that is also having major trouble this year. The U.S. Federal Bureau of Investigation Internet Crime Complaint Center reports that U.S. organizations in 14 of 16 critical infrastructure categories experienced at least one ransomware attack in 2021.
| Sector | Number of reported attacks |
| Healthcare and Public Health | 48 |
| Financial Services | 89 |
| Information Technology | 74 |
| Critical Manufacturing | 65 |
| Government Facilities | 60 |
| Commercial Facilities | 56 |
| Food and Agriculture | 52 |
| Transportation | 38 |
| Energy | 32 |
| Communications | 17 |
| Chemical | 12 |
| Water and Wastewater Systems | 4 |
| Emergency Services | 2 |
| Defense Industrial Base | 1 |
Source: FBI IC3
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
Trend: More ransomware attacks and higher ransoms
Ransomware has been a continued problem, and IT professionals shouldn’t expect the pressure on them because of rampaging ransomware to relent this year. In the 2021 FBI Internet Crime Complaint Center (IC3) report, FBI analysts disclosed that IC3 received more than 2,000 ransomware complaints, with more than $16 million in losses — a 20% increase in reported losses compared to the same period in 2020. Since 2020, the United States incurred a 127% increase in the number of ransomware attacks while the United Kingdom exhibited a 233% surge in ransomware infections.
| Industry | % increase in ransomware attacks |
| Government and Public Sector | 1,885% |
| Healthcare | 775% |
| Education | 152% |
| Retail | 21% |
Source: Fortune Magazine
Some industries had it a little bit harder than others. Banking and Finance got absolutely hammered in Q1 and Q2 2021, with a 1,318% increase in the number of ransomware attacks waged against that sector. Baking and Finance was the most threatened of all sectors for ransomware attacks in 2021. Ultimately, almost one-quarter of all ransomware attacks in 2021 were aimed at banking and finance targets.
| Industry | % of total recorded attacks in 2021 |
| Banking and Finance | 22% |
| Utilities | 20% |
| Retail | 16% |
| Education | 9% |
| Government | 8% |
| Industrial | 4.8% |
| Outsourcing and Hosting | 4% |
| Construction | 3.6% |
| Insurance | 3% |
| Wholesale | 1% |
| Other | 8.6% |
Source: Trellix
Everything seems to be getting more expensive, and that includes the extortion payments that the bad guys are demanding. Cybercriminals upped their prices, notching new record-high ransom demands that just keep rising. In 2021, average paid ransom amounts increased by 82% in to a new record of $570,000, compared with just $170,000 in 2020.
| Amount | % of total recorded |
| $10 – $50 million | 19% |
| $2 – $10 million | 46% |
| Less than $2 million | 35% |
Source: IBM
The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>
Trend: The cost of a data breach is the highest in nearly two decades
A data breach is more expensive than it has ever been and that cost is also continuing to escalate. In the IBM/Ponemon Cost of a Data Breach Report 2021, researchers pegged the average cost of a breach at $4.2 million per incident — 10% higher than in 2020 and the highest recorded in the 17 years of the study. If a data breach was caused by a remote worker, that cost rose by another $1.5 million.
| 2020 | 2021 | |
| Healthcare | $7.13 million | $9.23 million |
| Financial | $5.72 million | $5.85 million |
| Pharmaceuticals | $5.04 million | $5.06 million |
| Technology | $4.88 million | $5.04 million |
| Energy | $4.65 million | $6.35 million |
Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>
Be Ready for the Challenges You Face with Two Strong Defensive Solutions
Security challenges will continue based on these influences as well as new factors that will emerge in the future (see what’s next in our future threat analysis). The ID Agent digital risk protection platform helps ensure that businesses are ready to fight back against cybercrime threats to keep data and systems safe from trouble.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Join the over 4,000 MSPs who are prospering as an ID Agent Partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.
This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>
Jun 16: MSP Cybersecurity Roundtable: Improving Your Incident Response Plan REGISTER NOW>>
Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>
Jun 28: BullPhish ID: The Leader in Security Awareness Training Webinar REGISTER NOW>>
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
The Cost of a Data Breach is The Highest in Nearly Two Decades
A data breach has never been more expensive. In the IBM/Ponemon Cost of a Data Breach Report, the average cost of a breach was revealed to have grown to $4.2 million per incident — 10% higher than in 2020 and the highest recorded in the 17 years of the study. If a data breach was caused by a remote worker, that cost rose by another $1.5 million.
No business can afford that kind of trouble. It’s critical that every organization puts powerful protection in place to protect their data from cyberattacks. By taking a few practical precautions, you can reduce the risk that bad actors snatch your data.
One of the biggest data breach risks that any company faces is employee errors, especially when employees make mistakes when handling email. Security awareness training is an affordable and effective way to reduce the rate of errors that employees make and ensure that your security policies are followed. This simple tool can go a long way toward preventing a data breach as well as other security disasters like a successful ransomware attack.
It’s never too late to put the power of training to work for your organization. Get expert advice to help you get started with building a security and compliance awareness training program or enhance your existing program to improve your data security.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!