The Week in Breach News: 06/22/22 – 06/28/22
Two automotive companies get hit by ransomware, a remarkable tale of a data loss incident for one Japanese city and why MSPs need to be careful about cyber threats to their own businesses right now.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Flagstar Bank
https://www.housingwire.com/articles/flagstar-reports-data-breach-affecting-1-5-million-clients/
Exploit: Hacking
Flagstar Bank: Banking & Financial Services
Risk to Business: 1.617 = Severe
Flagstar Bank disclosed that they’ve had a data breach that impacts an estimated 1.5 million customers. The Michigan-based bank says that the cyberattack occurred on Dec. 3 and Dec. 4, 2021. However, the company did not determine who was affected until June 2022. The data breach happened during Flagstar Bancorp’s acquisition by New York Community Bank. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio.
Individual Risk: 1.878 = Severe
The only available information about the breached data says that the Social Security numbers were exposed.
How It Could Affect Your Customers’ Business: Banking & Finance was the sector that experienced the most cyberattacks including ransomware in 2021.
ID Agent to the Rescue: See the biggest risks that businesses face today and get a look at what cyber threats your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
ADM Associates, Inc.
https://www.jdsupra.com/legalnews/adm-associates-inc-announces-data-breach-3316382/
Exploit: Hacking
ADM Associates: Energy Consulting
Risk to Business: 2.785 = Moderate
Energy evaluation company ADM Associates has reported a data breach impacting consumers. The company said that between August and September 2021 an unauthorized individual may have accessed and acquired certain information from its systems. ADM associates does energy research and evaluation for public utility companies. Affected individuals have been informed via letter and the company is offering free credit monitoring.
Individual Risk: 2.831 = Moderate
Exposed information may include customer PII including names, addresses and other identifying data as well as sensitive financial information and Social Security numbers.
How It Could Affect Your Customers’ Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.
ID Agent to the Rescue: The checklist Are Your Users Trained to Handle These Risks? helps program administrators make sure their training programs cover all of the bases! GET INFOGRAPHIC>>
Atrium Health
Exploit: Phishing
Atrium Health: Medical System
Risk to Business: 1.601 = Severe
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
Individual Risk: 1.733 = Severe
Patient PII that was exposed included names, addresses, dates of birth and health insurance information. A limited number of patients may have also had their Social Security numbers, driver’s license numbers and financial account numbers compromised in the breach.
How It Could Affect Your Customers’ Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.
ID Agent to the Rescue: Security awareness training can help companies prevent costly mistakes like this. Learn how to make it happen in How to Build a Security Awareness Training Program. GET IT>>
Watch this webinar to learn how to make Dark Web ID your prospecting secret weapon! WATCH NOW>>
Brazil – Fast Shop
Exploit: Ransomware
Fast Shop: Online Retailer
Risk to Business: 1.872 = Severe
A ransomware attack at Brazilian retailer Fast Shop ended up shutting down the company’s online store briefly. The outage impacted the company’s main website, mobile apps and online ordering system. An unnamed hacking group claimed that they’ve snatched the company’s data from various cloud services including AWS, AZURE, GITLAB and IBM cloud including source codes, PCI data, and various user and corporate data. Bad actors also took control of the company’s Twitter account where they announced the breach.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business: Cybercriminals love to hit online retailers because of the possibility they’re storing profitable sensitive personal and financial customer data
ID Agent to the Rescue: Help your clients be ready for cybercrime trouble and keep their data safe with The Computer Security To-Do List. DOWNLOAD IT>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
United Kingdom – Yodel
https://www.infosecurity-magazine.com/news/yodel-cyber-incident-disrupts-uk/
Exploit: Ransomware
Yodel: Logistics Company
Risk to Business: 2.183 = Severe
UK delivery company Yodel has experienced a suspected ransomware attack that has disrupted its services. Yodel’s tracking and customer services went down over the weekend as a result of the attack and the company is working to restore its services. The firm says that it doesn’t hold any customer payment information, and Yodel is currently investigating whether any personally identifiable information (PII) pertaining to clients has been taken.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Aside from the initial expense, ransomware can also lead to lost productivity, lost business and reputation loss.
ID Agent to the Rescue Get an in-depth look at how ransomware is evolving, who profits from it and how to fight back in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>
Japan – Nichirin
https://www.securityweek.com/us-subsidiary-automotive-hose-maker-nichirin-hit-ransomware
Exploit: Ransomware
Nichirin: Auto Parts Manufacturer
Risk to Business: 2.206= Severe
Auto hose manufacturer Nichirin has announced that its U.S. subsidiary, Nichirin-Flex USA, has experienced a ransomware attack. The incident has caused the company to take production and technology systems offline, potentially impacting the manufacturing and delivery of customer orders. The firm’s website was briefly taken offline, and the damage appears to have been limited to the company’s U.S. operations.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Manufacturers aren’t safe from cybercriminals looking to score fast payments to prevent supply chain disruption.
ID Agent to the Rescue Get tips to help your clients avoid trouble with strong security policies coupled with comprehensive security and compliance awareness training. GET INFOGRAPHIC>>
Japan – TB Kawashima
https://www.theregister.com/2022/06/27/security_in_brief/
Exploit: Ransomware
TB Kawashima: Auto Parts Manufacturer
Risk to Business: 2.206 = Severe
In this week’s second incident at a Japanese auto parts company, automotive fabrics company TB Kawashima has disclosed that it has been the victim of a ransomware attack. The LockBit group has claimed responsibility. TB Kawashima is a division of Toyota Boshoku of the Toyota Group of companies. The company’s website was knocked offline, but they expect minimal impact on production or sales.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Manufacturers that are linchpins in a supply chain are prime targets for hackers these days.
ID Agent to the Rescue Get the resources that you need to build your cybersecurity business and protect your clients from risks like this in our Intro to Cybersecurity Resource Bundle. GET BUNDLE>>
Japan – The City of Amagasaki
https://www.theregister.com/2022/06/27/security_in_brief/
Exploit: Insider Threat (Employee Mistake)
Amagasaki: Municipal Government
Risk to Business: 1.772 = Severe
In this week’s most interesting breach tale, the city of Amagasaki, Japan has found itself embroiled in a data breach thanks to the actions of one careless worker. A contractor who was working for this city to disburse pandemic subsidies took a USB drive containing numerous city records out of the office. But rather than heading straight home, the worker decided to go out on the town. That resulted in the worker passing out in the street and losing the bag containing the USB and all that city data.
Individual Risk: 1.613 = Severe
The USB contained names, birth dates, addresses, tax details, banking information and social security records for city residents.
How it Could Affect Your Customers’ Business Data stored on physical devices is data that can be more easily misplaced or lost with careless handling.
ID Agent to the Rescue Get tips and helpful data to start conversations about ways to mitigate insider risk with your clients in our Guide to Reducing Insider Risk. DOWNLOAD IT>>
See why security awareness training is a security and revenue superstar that you & your clients need to invest in now. GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- Malware is a Growing Problem Raising New Concerns for Businesses
- What to Look for When Evaluating Training Solutions
- Employees & Email Are a Data Security Disaster Waiting to Happen
- 10 Spoofing Facts You Need to See
- The Week in Breach News: 06/15/22 – 06/21/22
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
Fresh Resources
Gain Insight & Business Tips from Our MSP Cybersecurity Roundtable Series
Listen to the webinars in our Cybersecurity Roundtable Series and learn how to defend your clients against today’s nastiest risks.
How Infrastructure Attacks Can Hurt Every Business Explore how infrastructure attacks endanger your clients and what to do to protect them. WATCH NOW>>
How to Improve Your Incident Response Plan Learn about the importance of incident response planning and the advantages it brings. WATCH NOW>>
Nation-State Hacking: It’s Everyone’s Problem Now Get expert advice and insight into how nation-state cybercrime impacts your clients. WATCH NOW>>
Did You Miss? The Security Awareness Buyer’s Guide for Businesses DOWNLOAD IT NOW>>
Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>
MSPs Need to Protect Themselves from Cyber Threats Too
Why MSP Cyberattack Risk is Up & What to Do About It
Many of today’s nastiest and most disruptive cyberattacks have been attacks that target key linchpins in the supply chain. From shipping companies to auto parts manufacturers, bad actors are refining their targets to ensure that a successful attack hurts more than just one company, and that list includes MSPs. Supply chain risk has been an increasing problem for businesses as cybercriminals seek large stores of data and quick payoffs by disrupting business operations with attacks on companies that provide goods and services. IBM warned back in January that supply chain cyberattacks would be a major concern for businesses in 2022, a prediction that has proved to be true. That includes forays into the software and technical services supply chain, which spells trouble for MSPs.
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
CISA: MSPs and Their Customers Are in Danger of Trouble
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert warning MSPs that they were squarely within cybercriminals’ sights. The alert stated “The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base.”
The alert goes on to note that authorities from those same nations had previously issued general guidance for MSPs and their customers. However, this particular advisory was intended to provide specific guidance to encourage “transparent, well-informed discussions” between MSPs and their customers that center on securing sensitive information and data. Officials are hoping that those discussions result in revisiting security plans to ensure that they’re ready for today’s threats, including a re-evaluation-evaluation of security processes and contractual commitments in order to accommodate customer risk tolerance. The aim is to bolster a shared commitment to security between MSPs and their clients that will reduce supply chain risk for both MSPs and their customers.
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
What Do Experts Recommend MSPs Do to Mitigate Their Risk?
Attacks on MSPs offer cybercriminals a wealth of tools, options and opportunities that they can exploit for further gain. MSPs are attractive targets for cyber criminals, especially ransomware groups. MSPs tend to store and handle valuable information, including customer data and information about operational technology (OT). Attacks on MSPs also offer the bad guys chances to obtain access to the MSPs customers’ environments, allowing them to quickly penetrate security at another company that they’ve been trying to go after. A successful attack at an MSP can even offer cybercriminals the advantage that they need to plant a backdoor in that MSPs client’s environment, enabling the bad guys to return at their leisure. In this alert, CISA offered a variety of recommendations that will help reduce cyber attack risk for both MSPs and their clients. Here are four major areas for MSPs to consider.
Preventing Initial Compromise
Cybercriminals often exploit vulnerable devices and internet-facing services when launching attacks aimed at MSPs. Sometimes these are brute force attacks, and other times their sneakier attacks that are perpetrated through phishing. CISA recommends that MSPs and their customers should ensure they are mitigating these attack methods.
Eliminate Old User Accounts & Obsolete Infrastructure
Both MSPs and customers should take a hard look at their user accounts and take steps to disable accounts that are no longer in use. Eliminating old user accounts is especially important when you or your clients have a personnel transition. Over 80% of former employees in a survey said they could access accounts at their previous place of employment even after leaving the company. CISA also advises that Organizations and MSPs should be cautious about infrastructure on the MSP-customer boundary, taking care to identify and disable unused systems and services. Port scanning tools and automated system inventories can assist organizations in confirming the roles and responsibilities of systems.
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Develop & Exercise Incident Response & Recovery Plans
1 in 3 businesses is flirting with disaster by not having an incident response plan. Neither you or your clients should be on the list of organizations that aren’t ready for incident response. CISA advises that organizations should maintain up-to-date hard copies of plans to ensure responders can access them should the network be inaccessible, as may be the case in a ransomware scenario. The agency goes on to caution that MSPs should develop and regularly exercise internal incident response and recovery plans and encourage customers to do the same. The advisory includes a reminder that everyone’s incident response and recovery plans should include roles and responsibilities for all organizational stakeholders, including executives, technical leads and procurement officers.
Understand & Proactively Manage Supply Chain Risk
The advisory makes it clear that all organizations should proactively manage information and communications technology (ICT) services supply chain risk. CISA says that companies and MSPs should use risk assessments to identify and prioritize the allocation of resources, with the caution that MSPs need to make sure that they understand their own supply chain risk and concentrate some of their efforts on managing the potential for cascading risk that it poses to customers. In a recent survey, more than 80% of CISOs said that they believe that their software supply chains are vulnerable.
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Choose Solutions That Are Proven Winners to Protect Your MSP & Your Clients
Dark Web ID enables you to get a clear picture of your clients’ credential compromise threats from dark web sources.
- Our 24/7/365 always-on monitoring alerts businesses to credentials appearing on the dark web that may have been stolen or phished to mitigate the risk of bad actors using a stolen password to gain access to your systems and data.
- Automated alerts and reporting mean that your team doesn’t need to spend time staring at a dashboard or pulling reports.
BullPhish ID improves employee security awareness and increases phishing resistance
- Ground staffers in cybersecurity best practices including compliance, password safety, security hygiene and more with memorable video lessons and measure retention with quizzes.
- Choose from our plug-and-play complete training modules and phishing simulations or customize the content to reflect the unique industry risks those employees face daily.
Contact our solutions experts today to learn how your business can benefit from strong, affordable security and receive a personalized demonstration.
Join the over 4,000 MSPs who are prospering as an ID Agent Partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
It Pays to Invest in Incident Response
Want to know a secret that can help you avoid a cyber attack? Companies that invest in a formal, tested incident response plan are less likely to have a cybersecurity incident than companies that don’t have an incident response plan and they save money if they do have an incident. Incident response planning is a win-win for every business.
It’s true. IBM researchers announced that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan. That’s a big benefit that you gain immediately and enjoy even if you never use the plan.
Unfortunately, 1 in 3 companies hasn’t got an incident response plan, and that’s a disaster waiting to happen. If you’re not ready for trouble, you’ll be scrambling when trouble finds you. Save time, money and maybe even your company by talking to your MSP and making or updating your incident response plan right away.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!