Please fill in the form below to subscribe to our blog

The Week in Breach News: 06/16/21 – 06/22/21

June 23, 2021

Misconfiguration is the name of the game this week, as errors abound Carnival leaked data again (and Wegman’s joined them), nation-state cybercrime hits South Korea and insights into leading MSPs from the MSP Benchmark Report.


ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>



Cognyte

https://beta.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-online

Exploit: Unsecured Database

Cognyte: Data Analytics Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Proprietary like this is catnip for hackers. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.

ID Agent to the Rescue: Are you ready for the next risk? Find useful data to inform security decisions including our predictions for the biggest risks of 2021 in The Global Year in Breach 2021. READ IT NOW>>


Invenergy LLC

https://www.infosecurity-magazine.com/news/revil-claims-responsibility-for/

Exploit: Ransomware

Invenergy LLC: Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.916 = Severe

REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware attacks against strategic targets are hot right now as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.

ID Agent to the Rescue:  NEW! Go behind the scenes of ransomware to see who gets attacked, who gets paid and what’s next on the hit list in Ransomware Exposed! DOWNLOAD NOW>>


CVS

https://www.zdnet.com/article/billions-of-records-belonging-to-cvs-health-exposed-online/#ftag=RSSbaffb68

Exploit: Thitd-Party Threat (Misconfiguration)

CVS: Drug Store Chain

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.416= Extreme

CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured databasewas extimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Every company needs to make it a priority to be certain that their contractors and partners are handling and storing sensitive data correctly. Poor cyber hygiene at a service provider can become an expensive disaster fast.

ID Agent to the Rescue:  Third-party and supply chain risk growing exponentially. Learn strategies to fight back in our eBook Breaking Up with Third-Party and Supply Chain Risk! DOWNLOAD IT>>


Wegman’s

https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/

Exploit: Third-Party Threat (Misconfiguration)

Wegman’s: Grocery Store Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227= Severe

East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Clients expect a high level of information security from companies that they trust with their personal information and excuses about errors by contractors aren’t going to get businesses off the hook if there’s trouble.

ID Agent to the Rescue:  Make sure you’re protecting the access points to your clients’ assets with strong security, including strong passwords with our Build Better Passwords eBook. GET IT>>


Carnival Cruise Line

https://www.scmagazine.com/home/email-security/carnival-discloses-new-data-breach-on-email-accounts/

Exploit: Hacking

Carnival Cruise Lines: Cruise Ship Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.651= Severe

Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

The poassenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business This is the third major cybersecurity blunder for Carnival in just one year, and that is likely to create a great deal of mistrust with consumers just as the travel industry is getting back on it’s feet.

ID Agent to the Rescue: Building a strong security culture is vital to maintaining a high level of security. The Security Awareness Champion’s Guide shows you how to make good security choices and avoid trouble. GET IT>>


Don’t let cybercriminals steal your profits! Learn to spot and stop ransomware fast in Ransomware 101. GET IT>>



United Kingdom – Cake Box

https://www.bleepingcomputer.com/news/security/eggfree-cake-box-suffer-data-breach-exposing-credit-card-numbers/

Exploit: Hacking

Cake Box: Bakery Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

UK celebration cake chain Cake Box isn’t celebrating this week. The company has disclosed a data breach after threat actors hacked their website and obtained credit card numbers. According to the release, the breach occurred way back in April 2020 and they’re just informing consumers. Payment skimming malware is to blame. Experts suspect that this breach is the result of a Magecart attack.

cybersecurity news represented by agauge showing severe risk

Individual Risk 2.802 = Severe

When customers made purchases on the site while it was infected malicious scripts sent the first name and surname, email address, postal address, and payment card information including the three-digit CVV code to a remote server controlled by the attackers. This is an ancient breach in terms of the time it took for consumers to be informed, and the damage has definitely already been done.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: There is no excuse for waiting more than a year to inform customers that their data has been stolen, especially financial data like credit card numbers. This incident will shake consumer confidence in the brand.

ID Agent to the Rescue: Increase the chance of speeding past pitfalls to victory when you boost cyber resilience for every customer using the tips in our eBook The Road to Cyber Resilience. DOWNLOAD IT NOW>


Third party and supply chain risk are a menace to every business. Learn how to detect and mitigate it fast. GET THIS BOOK >>



South Korea – Korea Atomic Energy Research Institute (KAERI) 

https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/

Exploit: Nation-State Cybercrime

 Korea Atomic Energy Research Institute (KAERI): Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.633 = Severe

South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked by nation-state threat actors in May 2021 after the incident was brought to light by reporters. The Korean media is accusing the agency of perpetrating a cover-up. According to experts, the North Korean Kimusky cybercrime gang is to blame. This group often uses phishing to mimic websites like Gmail, Outlook, Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information and frequently makes use of ransomware. The extent of the data theft is unknown.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nation-state threat actors frequently use phishing and ransomware to get the job done, and no matter how big or small, no organization is safe.

ID Agent to the Rescue: Are all of your clients doing everything that they can to avoid risk? Use our Cybersecurity Risk Protection Checklist to make sure you’ve dotted the “I”s and crossed the “T”s. DOWNLOAD IT>>


get cyber resilient to avoid healthcare ransomware attacks

Don’t let cyberattacks put the brakes on your business. Start your journey on The Road to Cyber Resilience now! DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>



NEW INFOGRAPHIC

5 Thorny Remote & Hybrid Security Problems Solved

Remote and hybrid security brings special challenges. Our new infographic features five sticky cybersecurity problems that your clients might face when considering how to secure their mobile workforce and five practical solutions that put them on the smooth path to success. 

DOWNLOAD IT NOW>>


NEW WEBINAR

Deploy Your Secret Weapon to Beat Cybercrime

Are your clients making use of every weapon in their arsenal to fight cybercrime? Are you? In this webinar, cybersecurity and social engineering expert Lisa Forte and ID Agent experts show you how to use all of your resources effectively to build a strong security culture. You’ll learn:

  • Why security awareness training beats social engineering
  • How to get everyone on the security team for success
  • What you can do to show the value of security awareness training

WATCH IT NOW>>

NEW MUST-READ EBOOK

Ransomware Exposed Takes You Behind the Scenes To See What Ransomware is Really About

Today’s cybercriminals are ready to steal data, shut down production lines, halt infrastructure and more using a devastating, versatile weapon: ransomware. In our new eBook Ransomware Exposed!, we’ll take you inside the ransomware landscape to show you exactly why it’s every bad actor’s favorite play.You’ll learn:

  • Who gets paid in a ransomware operation (and how much)
  • New, hot threat varieties that are coming soon to an inbox near you
  • How to secure systems and data for less

See the latest statistics on ransomware attacks and find out what’s next in ransomware risk. 

DOWNLOAD RANSOMWARE EXPOSED! NOW>>


Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>



What Are Top MSPs Doing to Thrive in Today’s Complex Business World? Here Are 3 Essential Markers for Success


Changes in technology and cybercrime have combined with changes to the way everyone does business to open new horizons for MSPs. How can you best position your business to take advantage of these new chances to prosper? Start by taking a look at what the leading MSPs are up to in the IT Glue 2021 Global MSP Benchmark report. We’ve pulled the highlights from that report that show you what highly successful MSPs are offering, how they’re handling challenges and what tools they’re using to provide strong security with a great customer experience. You’ll also get a glimpse at what top MSPs are doing to make sure they’re ready to maximize new opportunities to build a strong foundation for future success.

What is a Top Performing MSP?

This annual study features data collected from a wide swathe of participants. This year’s crop totaled 1,334 MSPs and MSSPs from 38 countries, spanning five continents across the globe. Of the participants, 87% identified themselves as MSPs while 10% were internal IT teams. The remaining 2% identified themselves as MSSPs. About 60% of the survey participants were from the United States while Canada (9%), the United Kingdom (7%) and Australia (7%) took the next three spots. For the purposes of this survey, a top-performing MSP was defined as one that had revenue growth and margins over 20%, and almost 30% of the MSPs surveyed by these researchers in 2021 made that cut. More than 50% of top performers had revenue between $1 and 5 million.


These 4 Markers Make Top MSPs Stand Out From the Pack


Marker 1: Adapting Quickly to Change and Anticipating Client Needs

In the 2020 version of this report, the top third of MSPs were also defined as having revenue growth and margins over 20%. MSPs with stable revenues and 15% net margin landed in the bottom quintile. However, those numbers were compiled and reported pre-pandemic. That shockwave led the researchers at IT Glue to want another look at the data for 2020 with a follow-up survey after the sea change of the pandemic took hold. Major issues like a huge increase in cybercrime, especially ransomware, added new complexity to securing business while economic volatility made clients cautious about spending money. In the follow-up survey, researchers noted that about half of the respondents in the initial 2020 survey had experienced a revenue decline, especially those who served hospitality and travel clients. But the other half didn’t. So what did they do differently?

Successful MSPs had one prominent thing in common: they quickly adapted to the landscape. By recognizing the opportunities created by sudden changes in the way that their customers worked, savvy MSPs made all the right moves and pivoted rapidly to stay afloat. At the top of the list of adaptions was embracing new technology. Researchers noted that through the addition of simple automations like automated password resetting and other remote management tools to their offerings, MSPs were able to leverage a need for more autonomy and remote management for their customers into a profit center by encouraging the adoption of cutting-edge technologies like AI, automation and cloud computing. In second place, adding cybersecurity tools that clients desperately needed like security awareness training was a smart choice. By addressing their clients’ pressing needs for strong security in a time of record increases in cybercrime across the board, leading MSPs were able to demonstrate to their customers that they were committed to taking care of their client’s needs and providing a great customer experience no matter what.

Marker 2: Identifying and Overcoming Their Challenges

MSPs had to navigate some tough waters in 2021, from an explosion of phishing to the sudden transition into remote management. But no matter how conditions changed, one eternal challenge for MSPs remained at the top of the chart: finding and hiring the right people to do the job. Almost 50% of the survey respondents cited difficulties in hiring good talent as a huge challenge and a major roadblock to success. Security automation is a powerful tool for creating a more efficient helpdesk, reducing trouble tickets by 80% and increasing caseload capacity by 300%.

Other key challenges reported this year were lack of time to do research or plan business improvements (46%), handling constantly shifting cybersecurity threats (35%) and pricing their offerings to profit in the face of economic pressure (26%). When looking at the total picture, it’s easy to see that the stresses of a year of volatility left MSPs around the world battered but still afloat. However, it’s also easy to see that successful MSPs were able to quickly make the necessary adjustments that allowed them utilize new tools like automation in order to cover their gaps quickly.

Marker 3: Investing in New Technology to Meet New Opportunities

Successful MSPs also didn’t sit on their resources and wait for the storm to pass. Instead, they invested in new technology that helped them take advantage of the unique circumstances of the pandemic, and they reaped the benefits. Making smart moves that enabled them to meet their customers’ changing needs, especially around remote workforce security. By adding new offerings including secure identity and access management solutions, cloud services, remote monitoring and management, and improved service desk experiences, the MSPs that chose to upgrade their businesses thrived. The researchers also looked at what top MSPs considered promising areas for future growth, and cybersecurity led the pack.

Almost 50% of the MSPs that made new investments chose to focus on cybersecurity. With clients facing new challenges like securing a remote workforce, adding security offerings is a smart move for MSPs that want to be in a strong position for continued growth. Epic increases in cybercrime rates all but guarantee that cybersecurity solutions will continue to be popular. In 2020, cybercrime increased by an estimated 80% across the board, and that’s not slowing down in 2021. Damaging cyberattacks like ransomware are already up by more than 40% in 2021.

It’s also worth noting that password management continued to play a large part in the security solutions equation. An estimated 60% of respondents in a recent IT professional survey indicated their organization had experienced a password recycling/reuse/iteration-related security breach in 2020. While over 60% of MSPs had their clients set up to use a dedicated password security solution for password management, far too many had not – and that’s a cybersecurity disaster waiting to happen. An astonishing 29% of MSPs noted that their clients are using dangerous methods like Word or Excel files to store their passwords, and more than 30% didn’t know how their clients were storing passwords at all.


Get Help Setting Your MSP Up for Success


All in all, most companies will not be fully returning to the way that they did business before March 2020. Organizations don’t want to be caught napping on technology that enables them to remain operational in difficult times. They’ve seen the value in remaining agile, and they’ll continue to embrace solutions that empower their employees to work anytime, anywhere. That means that every MSP has new opportunities for success, and we’re ready to help you tailor your offering accordingly. Here’s our prescription for a winning combination of solutions that can take your MSP to the next level on your climb to success.

  • Dark Web ID – Don’t let cybercriminals sneak into your network with a compromised credential. Up to 80% of data breaches involve credential compromise. Make sure yours aren’t available with 24/7/365 human and machine-powered always-on dark wen monitoring that alerts you to trouble fast. 
  • Passly – Secure identity and access management with multifactor authentication is a must-have to take the power out of a filched password. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime. Plus, automated password resets make everyone’s life a little bit better. 
  • BullPhish ID – Protecting a business from cybercrime starts with protecting it from phishing. An estimated 65% of cybercriminals use phishing as their primary method of attack. The new BullPhish ID enables trainers to either use create their own custom content or choose a  premade phishing simulator kit in 8 languages, with new content added monthly to make sure everyone is up to speed on the latest threats. 

Are you ready to grow? Get help from experts to make sure that you’re doing everything necessary to put your MSP in the right position to thrive in 2021.  


phishing email imitating famous brands dangers represented by a cartoon hacker in a hoodie at a laptop with an eye mask on done in shades of blue, Batman style.

Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>



June 23: MSP Gym (North America Edition) REGISTER NOW>>

June 24: Phish & Chips: Demo our products and get dinner on us! REGISTER NOW >>

June 29: Hacker Hotbeds and Malicious Marketplaces REGISTER NOW>>



Now More Than Ever, Getting the Right Advice on Cybersecurity is Critical


These days, stories of devastating cyberattacks are in the news every day. From frightening attacks on infrastructure targets by nation-state threat actors to ransomware threats from small-time operators looking to make a quick buck, cybersecurity threats are around every corner for businesses in 2021. Last year, more than 80% of businesses saw an increase in cyber threats in a record-breaking year for cybercrime – and damaging attacks like ransomware are already up by more than 40% in 2021. How can your business stay safe from cyberattacks in this volatile atmosphere?

An assortment of variables can impact your company’s safety, from the industry that you’re in to the desirability of your data. Even the location of your company can play a part in your likelihood of experiencing cybercrime. Your employees’ habits and your staff makeup can also impact your security calculus in good and bad ways. Don’t forget to consider the conditions of the world economy and the dark web economy as factors. Plus, the way that technology is changing and potentially providing cybercriminals with new avenues of attack.

The size of your business won’t keep you safe from cybercrime either. Many small and medium-sized businesses (SMB) have value as strategic targets that enable cybercriminals to gain access to larger operations. Even without that aspect, SMBs aren’t a potential profit center that cybercriminals are going to overlook. Not only can they provide valuable data and other assets, but they can also be profitable sources for making a quick profit from ransoms. Two in five SMBs were the victims of a ransomware attack in 2020.

An estimated 47% of small businesses aren’t adequately prepared for a cyberattack. Are you? Make sure that you’re ready for trouble by making the right cybersecurity moves with expert guidance from a trusted partner like an MSP. to give your business an edge against cybercrime as the threat level continues to rise.



ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to pr@kaseya.com to let us know – we love to hear about how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


See our innovative, cost-effective digital risk protection solutions in action.

WATCH DEMO VIDEOS>>


Contact us for an expert analysis of your company’s security needs and a report on your Dark Web exposure!

SCHEDULE IT NOW>>



We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.