The Week in Breach News: 06/21/23 – 06/27/23
This week: An unusual demand in a cyberattack on Reddit, more MOVEit victims emerge, new training videos in BullPhish ID and the results of our 2023 IT Operations Survey.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Gen Digital
https://www.securityweek.com/norton-parent-says-employee-data-stolen-in-moveit-ransomware-attack/
Exploit: Ransomware
Gen Digital: Technology Company
Risk to Business: 1.886 = Severe
Gen Digital, the parent company of cybersecurity brands such as Avast, Avira, AVG, Norton, and LifeLock, has confirmed that employees’ personal information was compromised in a ransomware attack tied to the MOVEit exploit. The company disclosed that some personal information of Gen employees and contractors was potentially exposed including a worker’s name, company email address, employee ID number, and in some limited cases home address and date of birth. The company was quick to note that it does not believe that any customer data was stolen.
How It Could Affect Your Customers’ Business: Zero-day attacks and similar exploits are an unfortunate reality that businesses have to handle now and moving forward.
Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>
Exploit: Ransomware
Reddit: Online Forum
Risk to Business: 1.876 = Severe
BlackCat claims that it snatched 80GB of data from Redditt in a ransomware attack in February 2023 that is just coming to light. Reddit confirmed the attack, admitting that the bad actors made off with an array of internal documents, source code, employee data and limited data about the company’s advertisers. User data was not impacted. In an interesting twist, BlackCat is threatening to leak Reddit’s data if the company doesn’t pay the ransom and backtrack on its plans on charging for API access. Reddit has been facing backlash over its plan to charge for API access at an expected price of $0.24 per 1,000 calls.
How It Could Affect Your Customers’ Business Using ransomware to punish companies for instituting unpopular policies is just one more use for that dangerous menace.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
The California Public Employees’ Retirement System (CalSTRS)
https://www.planadviser.com/calpers-calstrs-hit-third-party-cybersecurity-breach/
Exploit: Ransomware
The California Public Employees’ Retirement System (CalSTRS): Benefits System
Risk to Business: 1.469 = Severe
The California Public Employees’ Retirement System, the largest of its kind in the U.S., has announced that it has fallen victim to a cyberattack thanks to the MOVEit exploit that may impact 769,000 members. CalSTRS said that it became mixed up in this ongoing cyber incident through one of its service providers, PBI Research Services, on June 24. How much and what kind of data was stolen was not available at press time. CalSTRS says that retirees and beneficiaries with impacted personal information are being contacted by mail. The California State Teachers Retirement System, the public pension fund serving California teachers, has also disclosed that it is a victim of a similar attack.
How It Could Affect Your Customers’ Business: Many exploits can be avoided by regularly patching and updating software and systems.
Kaseya to the Rescue: See how Kaseya’s Security Suite protects businesses and benefits MSPs in this webinar that shows you how to become a client’s trusted security expert. WATCH NOW>>
Pilot Credentials
https://www.theregister.com/2023/06/26/american_southwest_airline_breach/
Exploit: Hacking
Pilot Credentials: Recruiting Platform
Risk to Business: 2.149 = Severe
Airline pilot recruiting platform Pilot Credentials has disclosed that it has experienced a data breach. The Texas-based company said that bad actors obtained access to its network on April 30 and the impacted airlines, including Southwest Airlines and American Airlines, were notified of the attack on May 3. The files stolen contained a range of data about pilot applicants, including their names, Social Security numbers, passport numbers, driver’s license numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers. An estimated 8000 people had their data exposed.
How It Could Affect Your Customers’ Business: This kind of very specialized data has many uses for bad actors, especially for spear phishing.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Suncor Energy
Exploit: Hacking
Suncor Energy: Fuel Company
Risk to Business: 1.337 = Extreme
Suncor Energy, the parent company of Petro-Canada gas stations, announced last week that it had been the victim of a cyberattack. The incident left customers unable to pay with a credit card or use their rewards points. The company assured the public that they are working to fix the problem quickly, but transactions with customers and suppliers will continue to be negatively impacted until the incident is resolved. Suncor Energy also stressed that it does not believe that any customer or employee data was taken.
How it Could Affect Your Customers’ Business: A cyberattack can often also lead to lost productivity and lost sales, adding more expense to the cleanup.
Kaseya to the Rescue: Learn how to prevent dangerous email-based cyberattacks with the tips in this handy infographic (it’s perfect for social sharing). GET INFOGRAPHIC>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Ireland – Public Appointments Service (PAS)
Exploit: Human Error
Public Appointments Service (PAS): Recruiter
Risk to Business: 2.766 = Moderate
Ireland’s Public Appointments Service (PAS), and independent recruiter for government and civil service jobs, has disclosed that it has experienced a data breach caused by an employee error. PAS said that an administrative error when collating the mailing list for job message alerts led to the exposure of some job seeker data including a candidate’s name and the job alerts that they had subscribed to for an estimated 15,471 candidates.
How it Could Affect Your Customers’ Business: Employee mistakes can easily lead to expensive and damaging cybersecurity disasters, but training reduces the rate of an employee mistake.
Kaseya to the Rescue: Security awareness training reduces the risk of a malicious insider causing trouble without being noticed and stopped. GET TRAINING TIPS>>
Australia – National Disability Insurance Agency
Exploit: Supply Chain Attack
National Disability Insurance Agency: Government Agency
Risk to Business: 1.607 = Severe
Australia’s National Disability Insurance Agency is working to determine the extent of data theft that is connected with a February attack on law firm HWL Ebsworth. The agency had contracted with HWL Ebsworth for representation in legal appeals brought against the agency regarding client NDIS plans. HWL Ebsworth announced that it had first learned that a cyberattack (likely ransomware) by the BlackCat group had struck the firm on June 9, 2023, and the bad actors made off with data from a number of clients. BlackCat says that it obtained 3.6TB worth of data from the firm’s clients including this agency and the Office of the Australian Information Commissioner, and the gang began releasing the stolen data on its dark web leak site last week.
How it Could Affect Your Customers’ Business:
Kaseya to the Rescue: BullPhish ID + Graphus together give companies powerful protection against phishing and email-based cybercrime including ransomware attacks. LEARN MORE>>
New Zealand – Smartpay
https://www.reuters.com/technology/new-zealands-smartpay-experiences-ransomware-attack-2023-06-16/
Exploit: Ransomware
Smartpay: Electronic Payment Solutions Company
Risk to Business: 2.773 = Moderate
Smartpay announced that it had been the victim of a ransomware attack last week. The electronic payments provider confirmed that information from customers in Australia and New Zealand was stolen in the attack. The company did not specify exact data types, simply saying that it doesn’t collect or store individual cardholder information. Smartpay said it is investigating the incident with third-party experts CyberCX, and the government.
How it Could Affect Your Customers’ Business: Banks, credit card companies, lenders and other financial industry players have been at the top of cybercriminal hit lists for the past few years.
Kaseya to the Rescue: Learn more about defending against often email-based cyberattacks like ransomware in our eBook A Comprehensive Guide to Email-Based Cyberattacks. GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Register Now for the ID Agent & Graphus Q3 Product Innovation Webinar
JULY 18 |10 AM EDT | 7 AM PDT | 2 PM GMT
JULY 19 | 8 AM AEST | 3 PM PDT, 6 PM EDT
Join us at one of two convenient sessions to hear the product managers for BullPhish ID, Dark Web ID, Passly and Graphus highlight the latest product innovations. You will learn about new time-saving product integrations and the latest new product features and enhancements, including the mini-demos of the most exciting features. Here are some of the things you’ll learn about:
• New integrations between our Security products and other products in the Kaseya family
• New Personalized Spam Filter from Graphus
• New BullPhish ID automation features
• What’s on the Security products’ roadmaps for Q3 and beyond
• And much more!
REGISTER NOW>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The 2023 IT Operations Survey
Discover what lies ahead for small and midsize businesses (SMBs) in 2023 and how this particularly challenging year will affect their business and growth prospects. The 2023 IT Operations Survey Report provides valuable insight into these questions and the IT trends and challenges shaping the trajectory of business IT operations.
DOWNLOAD IT NOW>>
Did you miss… the new edition of Ransomware 101? GET EBOOK>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Shifting IT Priorities & Shrinking Budgets Create Challenges
Technology is constantly evolving, with world pressures and factors driving some of that evolution. The COVID-19 pandemic set off a tidal wave of change that was a game-changer, shaping the way that people and organizations work and do business. The fiscal measures taken around the world that were implemented to combat the global pandemic’s cost on the economy have given rise to a fresh crop of serious economic concerns. New technologies and considerations have also come onto the scene, bringing with them new changes and challenges that we will be grappling with in the future. For example, the buzz and anticipation surrounding new and expanded uses of artificial intelligence (AI) technology have led to a larger conversation about the implications of AI in our personal and professional lives.
These changes have compelled companies of all sizes to reassess their operations and business strategies and identify areas for improvement. Kaseya’s 2023 IT Operations Survey looks at the steps that IT departments at small and midsize businesses (SMBs) are taking to navigate this exceptionally challenging year and come out strong. Factors such as recessionary fears, scarcity of skilled IT technicians and increase in cybersecurity risks are prompting SMBs to consider automation and integration as a means to overcome the challenges they face and deliver best-in-class end-user experience.
Excerpted from the 2023 IT Operations Survey Report DOWNLOAD IT>>
5 Key Insights into Business IT Operations
Here are five key insights from our analysis of our survey responses:
1. SMBs are feeling the impact of economic uncertainty
IT budgets and staffing are likely to take a hit as economic uncertainty continues. With the possibility of budget cuts and hiring freezes looming ahead, more businesses are looking to outsource to managed service providers (MSPs) to stay cost-efficient and productive.
2. Automation is essential
To weather the challenges and increase productivity, businesses are increasingly allocating resources toward automating more of the common tasks and tickets they face.
3. Integration is non-negotiable
To support increased automation and reduce vendor fatigue, more businesses are replacing legacy tools with properly integrated solutions.
4. Updating legacy systems
Traditional IT environments, with isolated tools, hinder automation and integration. Businesses are replacing legacy tools with cutting-edge technologies to remain competitive and respond to changing customer needs quickly.
5. Cybersecurity remains a top priority
Despite anticipating cost reductions and a hiring freeze, organizations are placing a strong emphasis on cybersecurity, with a focus on allocating resources and hiring talent in this area
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
IT budgets are tighter than ever
When times are tough, budgets take a beating. Reflecting the concerns surrounding IT budgets, 18% of respondents stated that their 2023 IT budgets had decreased. This is an 8% increase in respondents selecting this option compared to 2022. IT spending on software, hardware and hiring is likely to bear the impact of cost-cutting measures since companies are implementing new policies better aligned to evolving economic and technological changes. About 40% of respondents, roughly the same as last year, said IT budgets increased. Many companies are planning strategic investments, such as in automation, cybersecurity and integration, that hold the potential to drive down costs and enhance overall efficiency in the long run.
Source: Kaseya
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
Budget cuts hit software the hardest
Budget cuts are an unpleasant reality that many companies face as they juggle economic pressures and the need to upgrade technology to keep pace with things like compliance and cybersecurity concerns. The biggest chunk of cuts is expected in software spending, with 40% of our respondents anticipating that software will bear the brunt of cost cuts. Respondents also expect hardware spending to decline significantly, with 35% highlighting this area as a likely target for cost-saving measures. Nearly one-quarter of respondents also anticipate reduced budgets to result in job cuts
Source: Kaseya
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
2023 budget drivers
In an environment characterized by limited visibility into the future, achieving business growth has taken center stage. It’s the top 2023 budget driver for 32% of respondents. Achieving growth requires making strategic changes. Replacing outdated IT infrastructure, as identified by 29% of respondents, with solutions that are faster and capable of responding to evolving needs can help businesses stay competitive, tap into new markets and reduce operational costs.
Security remains a high priority despite (or perhaps driven by) economic worries. With 28% of respondents selecting security incidents or concerns as their 2023 budget driver, it’s evident that businesses understand the importance of safeguarding their systems and data. Economic concerns are a significant factor too, with approximately 25% of respondents identifying them as one of the drivers for budget considerations in 2023.
Source: Kaseya
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Almost half of respondents will invest in cybersecurity this year
With the growing importance of safeguarding sensitive data, businesses are recognizing the need for robust cybersecurity measures to stay ahead of the game. It’s no wonder 47% of the respondents said they will likely add or change cybersecurity solutions in 2023. However, they’re not stopping there. Backup and recovery solutions are also on their radar, knowing that a comprehensive data protection plan is the way forward.
Ever stricter cybersecurity regulations mean that businesses cannot take compliance lightly, and one-quarter of our survey respondents want the right tools in their arsenal to tackle it head-on. Endpoint management and IT documentation are the heart of any IT setup, and companies want to use only the best solutions that integrate easily, are feature rich and easy on the pocket.
Source: Kaseya
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
The Kaseya Security Suite helps businesses mitigate cybercrime risk.
Major protection from today’s most dangerous and damaging cyberattacks doesn’t have to come with a major price tag with Kaseya’s Security Suite.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
July 11: Kaseya + Datto Connect Local Anaheim REGISTER NOW>>
July 18: Kaseya + Datto Connect Local Boston REGISTER NOW>>
July 18: ID Agent & Graphus Q3 Product Update Webinar REGISTER NOW>>
July 20: Kaseya + Datto Connect Local Baltimore REGISTER NOW>>
July 21: Kaseya + Datto Connect Local Baltimore IT Professionals Series REGISTER NOW>>
August 3: Kaseya + Datto Connect Local Doral Miami REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!