The Week in Breach News: 06/12/24 – 06/18/24
This week: A hack at a pathology lab causes a massive snarl for the UK’s National Health Service, the Snowflake cloud data platform saga continues, eight new phishing simulations just dropped in BullPhish ID and the 2 biggest root causes of problems discovered in penetration tests.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Keytronic
Exploit: Ransomware
Keytronic: Technology Manufacturer
Risk to Business: 2.201 = Severe
PCBA manufacturing giant Keytronic reported a data breach by the Black Basta ransomware gang, which leaked 530GB of stolen data. Initially an OEM for keyboards and mice, Keytronic disclosed in SEC filings that a May 6 cyberattack disrupted operations, causing a two-week shutdown in the U.S. and Mexico. The attack also compromised unspecified personal information. Keytronic confirmed the incident will significantly impact its financial performance in the fourth quarter ending June 29, 2024, though normal operations have now resumed.
How It Could Affect Your Customers’ Business: Bad actors have been increasing the pressure on businesses by hitting key points in the supply chain to create urgency that brings payment.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Truist
Exploit: Hacking
Truist: Bank
Risk to Business: 1.856 = Severe
Truist Bank, a major U.S. commercial bank, has confirmed a data breach resulting from an October 2023 cyberattack. A threat actor known as Sp1d3r is selling stolen data allegedly containing information of 65,000 employees, bank transactions, client details like names and account numbers, as well as source code for Truist’s automated phone system, for $1 million on a hacking forum. Truist’s investigation revealed that an unauthorized party accessed a small number of employee accounts on October 27, 2023, enabling them to access client information. The bank did not provide further details on the extent of the breach.
How It Could Affect Your Customers’ Business: The banking and financial services sector is one of the top three sectors for hackers to attack.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Tile
Exploit: ransomware
Tile: Technology Company
Risk to Business: 1.721 = Moderate
Tile, the Bluetooth tracking device company owned by Life360, has suffered a major data breach in which hackers stole sensitive customer data like names, physical and email addresses and phone numbers. The hackers also accessed law enforcement tools used for location requests, suggesting potential hacktivism motives. They have demanded a ransom for the safe return of the data through an email to Life360. However, Tile has reassured customers that financial information and individual device locations were not compromised in the hack.
How It Could Affect Your Customers’ Business: It’s critical that every organization conduct regular phishing simulations to mitigate its risk of trouble from threats like ransomware.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
The City of Cleveland, Ohio
Exploit: Ransomware
The City of Cleveland, Ohio: Municipal Government
Risk to Business: 1.803 = Severe
Cleveland city officials have confirmed that the city’s government systems were hit by a ransomware attack, leading to the closure of City Hall for most of the week. The attack, discovered on Sunday, has disrupted various services, including the processing of building permits and vital records. While employees have returned to work, City Hall will remain closed to the public on Monday as efforts continue to restore and recover the computer systems. The duration of the closure is currently unknown as officials work to resolve the issues caused by the ransomware attack.
How It Could Affect Your Customers’ Business: Local and municipal governments are prime targets for cyberattacks that can bring big bills in their wake.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of cyberattacks fast. This checklist helps you find the right one. DOWNLOAD IT>>
Snowflake
https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html
Exploit: Credential Compromise
Snowflake: Cloud Data Platform
Risk to Business: 1.312 = Extreme
Snowflake, a cloud data platform, has finally acknowledged that up to 165 of its customers may have had their information potentially exposed as part of a data theft and extortion campaign. Initially, the embattled company claimed only a limited number of customers were impacted, and an executive even claimed that those customers’ own weak security practices were to blame. However, Snowflake has since partnered with Mandiant to investigate the incident. Mandiant is tracking the problem as UNC5537, calling the perpetrator a financially motivated threat actor. The situation remains evolving, with the company reassessing the scope of the breach as the investigation progresses.
How it Could Affect Your Customers’ Business: It’s better for companies to own up to a cybersecurity problem than to try to play the blame game.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
UK- Synnovis
https://www.digitalhealth.net/2024/06/synnovis-ceo-confirms-ransomware-attack-at-london-hospitals/
Exploit: Ransomware
Synnovis: Pathology Services
Risk to Business: 1.376 = Extreme
A cyberattack on Synnovis, a pathology services provider for the UK’s NHS, disrupted over 800 surgeries and 700 outpatient appointments. Synnovis, a partnership between Guy’s and St Thomas’ NHS FT, King’s College Hospitals NHS FT and SYNLAB, confirmed the attack on June 3, 2024. The incident mainly affected patients at Guy’s, St Thomas’, King’s College Hospitals, and GP services in Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth. NHS officials assured that emergency care remains available and advised patients to attend appointments unless informed otherwise, warning that recovery may take several weeks.
How it Could Affect Your Customers’ Business: This is a chilling example of how a cyberattack at a key point in the supply chain can cripple a sector fast.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>
Russia – Verny
https://therecord.media/cyberattack-disrupts-supermarket-operations-russia
Exploit: Hacking
Verny: Retail Chain
Risk to Business: 1.866 = Severe
Major Russian discount retail chain Verny, with over 1,000 stores across the country, suffered a disruptive cyberattack over the weekend. The attack crippled the company’s operations for several days, forcing its stores to accept only cash payments, as indicated by printed signs on their doors. The company’s general director suspects the attack was an extortion attempt, although no specific ransom demand was mentioned. The unknown attackers disabled Verny’s website and mobile app, preventing the supermarkets from processing bank card payments or handling online orders and deliveries.
How it Could Affect Your Customers’ Business: Cybercriminals know that attacks on retailers can be very profitable because they need to reopen fast to keep customers happy.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Australia – Victoria Racing Club
Exploit: Ransomware
Victoria Racing Club: Thoroughbred Racing Club
Risk to Business: 2.602 = Moderate
The Victorian Racing Club (VRC) has confirmed being the victim of a cyberattack by the Medusa ransomware operation, which claims to have obtained over 100 gigabytes of the club’s data. The Medusa gang is demanding a ransom of $700,000 to delete the data. The leaked data includes information related to gaming machines, financial details, customer invoices, marketing details, personal information of VRC members such as names, email addresses, and mobile phone numbers. The VRC has informed the Australian Cyber Security Centre about the attack and stated that operations will continue as normal.
How it Could Affect Your Customers’ Business: No organization is too small to be a target of cybercrime, especially ransomware, in today’s volatile threat landscape.
Kaseya to the Rescue: Should you rely on a Managed SOC for MDR or build your own SOC? This whitepaper helps clarify the dollars and cents costs of both options. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
8 new phishing simulation kits are here
Eight new phishing simulation kits, including six focused on Canada-related phishing and two new kits in Portuguese, are now available in the BullPhish ID training portal.
- Banco do Brasil – Atualização de Seus Dados (Portuguese)
- Toronto-Dominion Bank – Account Closure Notice (Canada)
- Digital Itaú – Atualização de Seus Dados (Portuguese)
- Toronto-Dominion Bank – Update Your Account Information (Canada)
- Toronto-Dominion Bank – New Security Measures (Canada)
- Scotiabank Canada – Account Closure Notice (Canada)
- Scotiabank Canada – Update Your Account Information (Canada)
- Scotiabank Canada – No Device Registered (Canada)
Learn more in BullPhish ID’s Release Notes. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Download the 10 Tips for Successful Employee Security Awareness Training infographic
Are you truly getting the most out of your investment in BullPhish ID? Our comprehensive security awareness training and phishing simulation solution offers an array of innovative features that make the setup, automation and administration of memorable security and compliance training sessions and effective phishing simulations a breeze. These 10 tips will help you make the most out of every component of BullPhish ID. DOWNLOAD THE CHECKLIST>>
Did you miss… our 7 Reasons Why Partners Rely on Datto EDR infographic? DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
The 2 biggest root causes of problems discovered in pentests
In today’s interconnected digital landscape, technological advancements come with significant cybersecurity risks. CISOs and IT departments are tasked with safeguarding their networks against a growing variety of cyber threats. Defenders must identify the precise methods attackers might use to infiltrate and exploit a network to keep it secure – and there are two major root causes of problems that Vonahi testers have discovered in more than 10,000 tests.
Excerpted in part from Vonahi Security’s Top 10 Critical Pentest Findings
Why engage in cybersecurity penetration testing?
Engaging in cybersecurity penetration testing offers numerous benefits for companies. Here are some compelling reasons:
- Identify Vulnerabilities: Penetration testing helps uncover security weaknesses in systems, networks, and applications before malicious hackers can exploit them.
- Prevent Data Breaches: By identifying and addressing vulnerabilities, companies can significantly reduce the risk of data breaches, protecting sensitive information and maintaining customer trust.
- Compliance Requirements: Many industries have regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) that mandate regular security assessments. Penetration testing helps ensure compliance with these standards.
- Risk Management: Understanding potential security threats allows companies to prioritize and allocate resources effectively to mitigate risks.
- Improve Security Posture: Regular penetration testing keeps the security team informed about the latest threats and attack vectors, leading to continuous improvement of security measures.
- Protect Reputation: A data breach or cyberattack can damage a company’s reputation and erode customer confidence. Proactive security measures help safeguard a company’s image.
- Financial Savings: The cost of a penetration test is often significantly lower than the potential financial losses from a data breach, including fines, legal fees, and remediation costs.
- Educate and Train Staff: Penetration tests can highlight areas where employee awareness and training are lacking, leading to targeted educational initiatives to bolster security practices.
- Test Incident Response Plans: Penetration tests can simulate real-world attacks, allowing companies to evaluate and improve their incident response and recovery plans.
- Secure New Technologies: As companies adopt new technologies (e.g., cloud services, IoT), penetration testing ensures these additions do not introduce new vulnerabilities.
- Gain Competitive Advantage: Demonstrating a strong commitment to cybersecurity can differentiate a company from competitors, potentially attracting more customers and business partners.
- Customer Assurance: Customers are increasingly concerned about cybersecurity. Regular penetration testing can reassure them that their data is being protected with the highest security standards.
- Vendor and Partner Requirements: Some business partners and vendors may require proof of security measures, including penetration testing, before engaging in transactions or collaborations.
- Identify and Fix Misconfigurations: Penetration testing can reveal misconfigurations in security settings that might be overlooked during routine security audits.
- Support Continuous Improvement: The insights gained from penetration tests can inform the ongoing development and enhancement of a company’s cybersecurity strategy.
Over half of assessments included two findings
The top findings, identified for over half of all assessments, are easy for attackers to exploit. Even less skilled cybercriminals can use off-the-shelf tools and simple techniques to bypass an organization’s security and get the job done while remaining undetectable by most IT teams. It’s essential that It professionals keep these two possibilities in mind when considering their defensive strength.
Configuration weaknesses
Configuration weaknesses are typically due to improperly hardened services within systems deployed by administrators, and contain issues such as weak/default credentials, unnecessarily exposed services or excessive user permissions. Although some of the configuration weaknesses may be exploitable in limited circumstances, the potential impact of a successful attack will be relatively high.
Patching deficiencies
Patching deficiencies still prove to be a major issue for organizations and are typically due to reasons such as compatibility and, oftentimes, configuration issues within the patch management solution. Successful access may lead to confidential data and/or systems.
Explore the features and capabilities of vPenTest
vPenTest is the perfect comprehensive pentesting solution for MSPs and businesses, offering unmatched features and unbeatable advantages at an affordable price.
| Feature category | Description | Capabilities |
| On-demand Risk Management | vPenTest enables monthly or on-demand risk assessments, utilizing comprehensive scanning capabilities to identify a wide range of vulnerabilities. This automated feature ensures a proactive approach to cybersecurity, mimicking real-world attack patterns. | Tailored assessments are available, allowing for customized scope and schedule based on specific security and operational needs. |
| Compliance readiness | The platform offers enhanced scheduling flexibility and real-time alerts to meet compliance requirements effectively. It includes segmentation testing to confirm the isolation of sensitive networks and ensures that all security measures align with best practices. | Real-time activity tracking provides continuous oversight and updates, ensuring that all compliance-related activities are logged and accessible. |
| Always be in the know | vPenTest’s progress tracker keeps IT teams fully informed about the status of penetration tests, from start to finish, with updates on preliminary findings. This keeps teams aligned and responsive to ongoing security evaluations. | IT teams can correlate information with their SIEM and incident response processes, enhancing security monitoring capabilities. |
| Validate your security controls | The platform includes an activity log that records all actions during tests, ensuring that security controls are working as expected. This acts as a purple team assessment, providing a comprehensive review of security defenses. | Customizable testing parameters ensure that the security controls are tested against both common misconfigurations and complex vulnerabilities. |
Source: Vonahi
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
vPenTest makes testing easy and affordable
vPenTest is the premier, fully automated network penetration testing platform designed to proactively minimize security risks and breaches across your organization’s IT environment. By eliminating the need to source qualified network penetration testers, vPenTest delivers high-quality results that clearly outline identified vulnerabilities, assess their risks, and provide strategic and technical remediation guidance. Additionally, it enhances your compliance management capabilities effortlessly. The benefits of vPenTest are unbeatable
- Comprehensive assessments made easy: With vPenTest, conduct both internal and external network penetration tests seamlessly, ensuring every potential entry point in your network infrastructure is meticulously examined.
- Real-world simulation: Experience real-world cyber threat simulations with vPenTest, gaining invaluable insights into your security posture and preparedness against malicious actors.
- Timely and actionable reporting: Post-testing, vPenTest provides detailed, yet easy-to-understand reports, highlighting vulnerabilities, their potential impacts, and recommended mitigation actions, ensuring you’re always a step ahead.
- Ongoing penetration testing: Stay proactive with vPenTest’s affordable monthly testing intervals, maintaining a robust security posture that swiftly adapts to emerging threats.
- Efficient incident response: By identifying vulnerabilities proactively, vPenTest ensures you’re better prepared to respond to potential security incidents efficiently and effectively.
- Compliance alignment: vPenTest aligns seamlessly with regulatory compliance requirements such as SOC2, PCI DSS, HIPAA, ISO 27001 and cyber insurance mandates, simplifying your compliance management process.
Transform your security approach with vPenTest—your trusted partner in automated network penetration testing. Ensure comprehensive, real-time protection and compliance, all while streamlining your security operations. BOOK A DEMO NOW>>
The Top Cyberattack Trends of 2024
June 19, 2024 I 1 PM ET / 10 AM PT
In 2023, cyberattacks surged by 35%, costing businesses over $4.2 billion. As threats continue to evolve, understanding these trends is imperative. In this informative session, host Miles Walker will guide you through the top cyberthreats businesses face right now. You’ll learn:
- The most dangerous of emerging cyberthreats.
- Effective cybersecurity strategies.
- Lessons from recent high-profile attacks.
Save your spot and stay up-to-date on the top cyberattack trends! REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!