The Week in Breach News: 06/14/23 – 06/20/23
This week: MOVEit exploit attacks snowball, snagging Shell as well as U.S. federal and state government agencies, a malicious insider is suspected of facilitating a ransomware attack against the Chilean army and a new edition of Ransomware 101 is out now plus three fresh campaigns from Powered Services Pro.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
U.S. Department of Agriculture (USDA)
https://edition.cnn.com/2023/06/17/us/department-of-agriculture-possible-data-breach/index.html
Exploit: Ransomware
U.S. Department of Agriculture (USDA): Federal Government Agency
Risk to Business: 1.886 = Severe
The U.S. Department of Agriculture has been added to the growing list of victims of cyberattacks by the Cl0p ransomware group that are fueled by the MOVEit exploit. USDA has confirmed that it is investigating a data breach after one of its vendors fell victim to Cl0p. The agency says that a small amount of personal data about USDA employees may have been exposed in the incident. Other federal government agencies including The US Office of Personnel Management (OPM) and arms of The Department of Energy (DoE), Oak Ridge Associated Universities research center and its Waste Isolation Pilot Plant in New Mexico have also been identified as federal agency or agency adjoined victims.
How It Could Affect Your Customers’ Business: This exploit continues to snag organizations with Cl0P claiming to have hit hundreds of entities.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Onix Group
https://www.bankinfosecurity.com/real-estate-firm-hack-affects-319500-patients-employees-a-22306
Exploit: Ransomware
Onix Group: Real Estate Company
Risk to Business: 1.876 = Severe
Onix Group, a Pennsylvania-based real estate firm that also operates a chain of substance misuse treatment centers, has reported a data breach to the Department of Health and Human Services (HHS). The company said that a ransomware attack discovered on March 27 had corrupted some systems and resulted in data exfiltration. Onix’s investigation ultimately determined that an unauthorized actor had accessed Onix’s network between March 20 and March 27. The stolen files contained employee information including names, Social Security numbers, direct deposit information and health plan enrollment information.
How It Could Affect Your Customers’ Business A data breach that involves employee information can be just as costly as a data breach that exposes consumer information.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
Louisiana Office of Motor Vehicles (OMV)
Exploit: Ransomware
Louisiana Office of Motor Vehicles (OMV): Regional Government Agency
Risk to Business: 1.369 = Extreme
The Louisiana Office of Motor Vehicles has disclosed that it too has fallen victim to Cl0p and the MOVEit exploit. The agency said that it expects that every Louisianan with a state-issued driver’s license, ID, or car registration likely had their data exposed to the threat actors. The OMV says that those impacted likely had personal data exposed including their name, address, social security number, birth date, height, eye color, driver’s license number, vehicle registration information and handicap placard information. Many other U.S. federal, state and local agencies have also been swept up in the MOVEit breach. The Oregon Department of Motor Vehicles released a similar statement noting that 3,500,000 Oregonians with an ID or driver’s license had similar data exposed too.
How It Could Affect Your Customers’ Business: Many exploits can be avoided by regularly patching and updating software and systems.
Kaseya to the Rescue: See how Kaseya’s Security Suite protects businesses and benefits MSPs in this webinar that shows you how to become a client’s trusted security expert. WATCH NOW>>
Intellihartx
https://www.securityweek.com/intellihartx-informs-490k-patients-of-goanywhere-related-data-breach/
Exploit: Ransomware
Intellihartx: Debt Collector
Risk to Business: 2.149 = Severe
Intellihartx, a provider of patient balance resolution services to hospitals, is informing roughly 490,000 individuals that their personal information was compromised after the company discovered that it had become caught up in the GoAnywhere zero-day exploit flood that occurred earlier this year. Exposed data includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates and Social Security numbers of patients carrying medical debt. Cl0p has already made the stolen data available on its leak site
How It Could Affect Your Customers’ Business: an exploit doesn’t have to be a zero-day anymore to still be problematic for businesses.
Kaseya to the Rescue: Learn all about ransomware including the ransomware life cycle and the types of ransomware that are happening right now in the new edition of Ransomware 101. DOWNLOAD IT>>
Zacks Investment Research
Exploit: Hacking
Zacks Investment Research: Data and Analysis Firm
Risk to Business: 2.737 = Moderate
Internet researchers at Have I Been PWNED announced that they’ve discovered that Zacks Investment Research (Zacks) has allegedly experienced a previously undisclosed data breach that impacts 8.8 million of its customers. The researchers said that a database of Zacks customers’ information was dumped on the dark web last week. The database contained clients’ email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, first and last names and other data. Zacks had previously disclosed another data breach in January 2023.
How it Could Affect Your Customers’ Business: A second big breach of customer data in just six months may damage Zacks’ reputation and turn potential customers off.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Chile – Chilean Army
Exploit: Ransomware (Malicious Insider)
Chilean Army: Military
Risk to Business: 1.126 = Extreme
A newer ransomware group named Rhysida has leaked a trove of documents that they claim to have stolen from the network of the Chilean Army (Ejército de Chile). The Chilean Army did confirm on May 29 that its systems were impacted in a security incident detected over the weekend on May 27 and data was likely stole. Interestingly, in the days following the announcement of the hack, an Army corporal was arrested and charged for his involvement in the incident, suggesting that the ransomware was deployed by a malicious insider. Rhysida ransomware has since published around 360,000 Chilean Army documents on its dark web leak site and claimed that they comprise about 30% of the data that was stolen. The incident is under investigation by Chile’s Computer Security Incident Response Team (CSIRT) of the Joint Chiefs of Staff and the Ministry of National Defense.
How it Could Affect Your Customers’ Business: Every organization is susceptible to malicious insider threats no matter how loyal its employees seem to be.
Kaseya to the Rescue: Security awareness training reduces the risk of a malicious insider causing trouble without being noticed and stopped. GET TRAINING TIPS>>
UK – Shell
https://therecord.media/shell-impacted-in-clop-ransomware-attack
Exploit: Ransomware
Shell: Fuel Company
Risk to Business: 1.607 = Severe
Oil and gas behemoth Shell has announced that it too is a victim of Cl0p’s cybercrime spree using the MOVEit exploit. The company says that there was no damage to its internal systems but that a small amount of employee data was stolen. Shell is among the hundreds of companies that have been added to Cl0p’s dark web leak site. Those companies have been given a deadline of June 21 to pay a ransom or have their data exposed. However, Cl0p posted that Shell was refusing to negotiate on its site last Friday.
How it Could Affect Your Customers’ Business:
Kaseya to the Rescue: BullPhish ID + Graphus together give companies powerful protection against phishing and email-based cybercrime including ransomware attacks. LEARN MORE>>
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
South Africa – Development Bank of Southern Africa (DBSA)
https://therecord.media/development-bank-of-southern-africa-akira-ransomware-attack
Exploit: Ransomware
Development Bank of Southern Africa (DBSA): State-Owned Bank
Risk to Business: 1.783 = Severe
The state-owned Development Bank of Southern Africa has disclosed that it was hit with a ransomware attack by the Akira group last month. The bank says that the attack occurred around May 21. In the incident servers, logfiles and documents were encrypted. DBSA says that sensitive information about its clients including business names, the names of directors and shareholders, addresses, identification documents and contact information like phone numbers and email addresses was stolen in the incident. Many of the documents purportedly also included details of commercial or employment relationships with DBSA and financial information of stakeholders. The attack is under investigation by South African law enforcement agencies and regulators as well as third-party forensic investigators.
How it Could Affect Your Customers’ Business: Banks and other financial institutions have been at the top of cybercriminal hit lists for the past few years.
Kaseya to the Rescue: Learn more about defending against often email-based cyberattacks like ransomware in our eBook A Comprehensive Guide to Email-Based Cyberattacks. GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
3 Fresh Campaigns from Powered Services Pro
Heat up your sales with these three new and refreshed campaigns from Powered Services Pro.
CMMC 2.0 – Developed by the U.S. Department of Defense (DoD), the Cybersecurity Maturity Model Certification (CMMC) 2.0 aims to protect sensitive information from cyberthreats by ensuring that government contractors meet certain cybersecurity standards. Help your clients ensure that their organization is ready for CMMC 2.0 and doing everything needed to maintain current DoD contracts and bid on new ones. GO TO CAMPAIGN>>
Standards & Best Practices – As a Technology Success provider, it’s understandable that technology is becoming increasingly complex, and businesses today are subject to more requirements than ever before. With more legal and compliance obligations, there are greater opportunities for exposure and risk which makes it critical to have clients aligned with your company’s technology standards and best practices. GO TO CAMPAIGN>>
Outsourced IT: Unlock Business Potential with an IT Service Provider – As new technologies continue to emerge and business needs evolve, organizations must adapt and transform to stay secure, compliant, and competitive. Promote the value of outsourcing technology needs to an IT Service Provider who will make sure businesses have the right tools, support, and guidance to boost success and growth. GO TO CAMPAIGN>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Ransomware 101
Our most popular eBook Ransomware 101 has received a makeover! In addition to a new look and feel, the new edition of Ransomware 101 also contains:
- Data that shows the dangerous increase in ransomware attacks
- Simple explanations of today’s ransomware attack types
- An updated walkthrough of the ransomware attack lifecycle
- And so much more!
Download the new edition of Ransomware 101 now! GET EBOOK>>
Did you miss…the Datto EDR HIPAA Compliance data sheet? DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Ransomware Refresher
If you ask most IT professionals to name the threat that keeps them up at night, the majority will quickly say “ransomware.” From business disruption to the recovery process, ransomware is a nightmare. An equal opportunity threat, ransomware attacks are a threat to businesses of every size in every sector. No organization is safe from this constantly growing menace. To figure out the best way to protect your systems and data from bad actors using ransomware, it’s important to understand how ransomware works and the damage that it can do to a business.
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
What is ransomware?
Ransomware can be used in many ways to harm businesses, damage infrastructure, steal data and sow chaos while earning cybercriminals a tidy profit or accomplishing a strategic goal for nation-state-aligned perpetrators. Ransomware is a type of malware (malicious software) that can have a variety of negative effects on an organization. By 2031, a ransomware attack will strike a business every two seconds with an estimated annual cost of $265 billion in damage, and that figure is expected to keep climbing every year as cybercriminals continue to flood businesses with ransomware threats.
Most commonly, ransomware encrypts or locks a victim’s data or device and the bad actors responsible threaten to keep it locked unless the victim pays a ransom to the attacker. Attackers may also offer a deadline for payment after which they will publish the victim’s data publicly, threaten to embarrass the victim company or disrupt the operations of critical infrastructure. Ransomware can also be utilized in warfare in many dangerous ways. It can be deployed against an adversary quickly to snarl critical operations at defense contractors and take out infrastructure targets like dams or hospitals.
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
What are the most common varieties of ransomware?
There are many strains of ransomware in use by cybercriminals and ransomware groups are constantly innovating to make their malware more dangerous. An estimated 300,000 new pieces of malware, including ransomware, are created daily. However, all ransomware attacks are not created equal. There are several styles of attack that bad actors may choose to employ.
At its core, ransomware attack is a type of extortion. For example, in a classic ransomware attack scenario, cybercriminals encrypt a company’s systems and demand payment in exchange for the decryption key. But there are a few variations on the theme that you may see.
- In a double extortion ransomware attack, cybercriminals are looking for a payment to undo damage or and a payment to not take certain actions against the victimized company. They may encrypt a company’s systems or steal data as well as threaten to take a second action to damage the victim company, like publishing the stolen data on the dark web or selling it to the highest bidder if the ransom is unpaid by a deadline.
- In a triple extortion ransomware attack, the attackers not only demand a payment from the victim for a decryption key and another not to sell their stolen data, but they’ll also demand payment to prevent a third negative consequence. That third problem may include leaking sensitive data to the media, blackmailing executives, damaging the company’s reputation or launching a barrage of demonstrated denial of service attacks to further disrupt the business of the victim company.
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
What are the possible results of a ransomware attack for a business?
A successful ransomware attack on an organization can have many unpleasant consequences for that company, including putting it out of business. Just like any other cyberattack, a company will incur an expensive incident response and recovery operation. Here are some of the other consequences a company might face after falling victim to a ransomware attack:
- Theft of data like customer and employee records containing personally identifiable information (PII), intellectual property or proprietary data
- Cybercriminals stealing information about operational technology (OT)
- Loss of access to critical systems, including industrial control systems (ICS) or OT
- Extended network downtime
- Loss of access to company data
- An adversary taking control of OT or ICS
- Bad actors learning company or personal secrets
- The release of company data or damaging information about a company on the dark web
- Lost productivity and increased payroll expenses
- Reputation damage that impacts future deals or consumer sentiment
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
How can ransomware contaminate my systems?
There are a few basic ways that ransomware can enter an organization’s environment. These are two of the most common.
A phishing email — The most likely way for ransomware to infiltrate a business is through a malicious email. These messages are often sophisticated, making it difficult for employees to quickly judge their validity. The phishing message will then direct the employee to take an action like clicking on a malicious link or downloading a poisonous attachment that is laden with ransomware, kicking off the attack.
Direct deployment — This is a trickier way for bad actors to inject ransomware into a company’s environment directly. To pull this attack off bad actors have to gain access to a company’s environment directly. This is typically done through hacking, capitalizing on an exploit or using stolen credentials. Sometimes a malicious employee will infect their company’s environment with ransomware.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
The Kaseya Security Suite helps businesses mitigate cybercrime risk.
The solutions in Kaseya’s Security Suite help businesses reduce their risk of a cyberattack like ransomware and maintain strong defenses against sophisticated cyberthreats.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
June 22: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
June 26-28: Kaseya DattoCon Europe in Dublin REGISTER NOW>>
July 11: Kaseya + Datto Connect Local Anaheim REGISTER NOW>>
July 18: Kaseya + Datto Connect Local Boston REGISTER NOW>>
July 20: Kaseya + Datto Connect Local Baltimore REGISTER NOW>>
July 21: Kaseya + Datto Connect Local Baltimore IT Professionals Series REGISTER NOW>>
August 3: Kaseya + Datto Connect Local Doral Miami REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!