The Week in Breach News: 06/29/22 – 07/05/22
An insider incident causes trouble for OpenSea, cybercriminals claim to have scored data from AMD and ransomware stops the presses at Macmillan plus the importance of making sure that your clients are ready for a ransomware attack.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Geographic Solutions Inc.
Exploit: Ransomware
Geographic Solutions Inc.: Software Company
Risk to Business: 1.427 = Extreme
A ransomware attack on a major provider of software to state government agencies around the U.S. has resulted in website outages that impacted government services. Geographic Solutions provides workforce development, labor market information, and unemployment insurance software solutions to 35 U.S. states including Nebraska, Tennessee, Texas, Florida, North Carolina, California and Indiana. Labor department job search and unemployment program website outages left citizens and government officials scrambling. The company has engaged a third-party firm to help with the cleanup and most services have been restored.
How It Could Affect Your Customers’ Business: A data security incident at a service provider can be a disaster for any business and it will be especially damaging for the healthcare clients involved here.
ID Agent to the Rescue: Help your clients secure their businesses against third-party risk with tips in the eBook Breaking Up with Third-Party and Supply Chain Risk. DOWNLOAD IT>>
California Department of Justice
https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach
Exploit: Human Error
California Department of Justice: State Government Agency
Risk to Business: 2.617 = Moderate
The California Department of Justice has disclosed a messy data breach courtesy of its Firearms Dashboard Portal. In the course of an update in late June, user data for anyone who had applied for a concealed carry firearms permit from 2011 through 2021 using the site was exposed for an estimated 24 hours in an unsecured spreadsheet. Data was also exposed on several other state-maintained gun-related online dashboards, including the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Order dashboards.
Individual Risk: 2.613 = Moderate
User data that may have been exposed includes names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories. Social Security numbers and financial information were not involved.
How It Could Affect Your Customers’ Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.
ID Agent to the Rescue: The checklist Are Your Users Trained to Handle These Risks? helps program administrators make sure their training programs cover all of the bases! GET INFOGRAPHIC>>
Napa Valley Community College
Exploit: Ransomware
Napa Valley Community College: Institution for Higher Learning
Risk to Business: 1.601 = Severe
Napa Valley College has experienced a ransomware attack that resulted in its website and network systems being knocked offline. The incident, which started over two weeks ago, knocked systems including the college’s on-campus telephones and employee email accounts out, leaving social media and an athletic department website run on a separate network as the only communication channels for the college. Professors and staff have since had email restored. The college also announced that it will continue teaching summer-session classes both in-person and remotely using an online platform that includes email and communication with professors. The incident is under investigation.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: The education sector has been hammered by cyberattacks for the last few years impacting schools at every level.
ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and how to help your clients defend against it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
OpenSea
https://techcrunch.com/2022/06/30/nft-opensea-data-breach/
Exploit: Insider Threat
OpenSea: Non-Fungible Token Marketplace
Risk to Business: 1.903 = Severe
NFT giant OpenSea has had a data breach caused by an employee at a third-party service provider misusing their access to data. OpenSea announced last week that an employee of email vendor Customer.io, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party. Customer.io told TechCrunch that the culprit was likely an employee who abused their role-specific access privileges and that no other company’s data was involved in this incident.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business: Finance sector organizations have been at the top of the cybercriminal hit list, especially crypto-related entities.
ID Agent to the Rescue: Deliberately malicious acts by employees are a major threat to your clients’ security. Get tips to protect them in our Guide to Reducing Insider Risk. DOWNLOAD IT>>
New Peoples Bank
Exploit: Hacking
New Peoples Bank: Financial Institution
Risk to Business: 2.304 = Severe
New Peoples Bank, a bank with branches in Virginia, West Virginia and Tennessee, has announced that it has experienced a data breach. An unauthorized person accessed bank systems on June 9, leading to data exposure for customers as well as disrupting banking and financial services. The bank is providing one year of free credit monitoring for impacted clients. Services have since been restored.
Individual Impact: 2.383 = Severe
New Peoples Bank, a bank with branches in Virginia, West Virginia and Tennessee, has announced that it has experienced a data breach. An unauthorized person accessed bank systems on June 9, leading to data exposure for customers as well as disrupting banking and financial services. The bank is providing one year of free credit monitoring for impacted clients. Services have since been restored.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Banks of every size are a likely target of ransomware attacks and need to take extra security precautions.
ID Agent to the Rescue See the biggest risks that businesses face today and get a look at what cyber threats your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Advanced Micro Devices (AMD)
https://www.securityweek.com/us-subsidiary-automotive-hose-maker-nichirin-hit-ransomware
Exploit: Hacking
Advanced Micro Devices (AMD): Semiconductor Company
Risk to Business: 2.822 = Moderate
Chipmaker AMD is investigating a security breach after cybercrime gang RansomHouse, published a claim that they have obtained the company’s data. claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, boasting that it was able to compromise AMD due to the organization’s weak passwords. In addition to the passwords, RansomHouse claims to have snatched network files and system information from AMD as well.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Manufacturers aren’t safe from cybercriminals looking to snatch information about operational technology.
ID Agent to the Rescue Get tips to help your clients avoid trouble with strong security policies coupled with comprehensive security and compliance awareness training. GET INFOGRAPHIC>>
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
United Kingdom – Macmillan Publishing
Exploit: Ransomware
Macmillan Publishing: Media Company
Risk to Business: 2.206 = Severe
Major publisher Macmillan has experienced a ransomware attack that impacted its offices and warehouses in the U.S. and U.K.. The late June incident caused the company to shut down all of its IT systems. The company said in a statement that “certain files on its network” had been encrypted. Macmillan employees were briefly unable to access email and sales representatives shared that there may be publishing delays as a result of the attack.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Companies that handle time-sensitive business are prime targets for cybercriminals looking for a quick payoff.
ID Agent to the Rescue Get the resources that you need to build your cybersecurity business and protect your clients from risks like this in our Intro to Cybersecurity Resource Bundle. GET BUNDLE>>
United Kingdom – Apetito
Exploit: Hacking
Apetito: Meal Delivery Service
Risk to Business: 1.922 = Severe
UK meal delivery company Apetito has announced that meal service to thousands of people in western England was disrupted for several days due to a cyberattack. Apetito delivers ready-to-eat meals to hospitals, elder care facilities, schools, childcare facilities and the homes of vulnerable people. The attack also impacted Apetito’s subsidiary Wiltshire Farm Foods, which delivers frozen heat-and-eat meals. Service was expected to be restored around July 4.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Service providers have been popular targets for cybercriminals hunting for data to sell.
ID Agent to the Rescue Help your clients discover dangerous vulnerabilities and slay dastardly cyberattack risks with The Cybersecurity Monster Hunter’s Checklist. DOWNLOAD IT>>
Austria – The Medical University of Innsbruck
Exploit: Ransomware
The Medical University of Innsbruck: Institution of Higher Learning
Risk to Business: 1.922 = Severe
The ransomware group Vice Society has claimed responsibility for a ransomware attack against the Medical University of Innsbruck. That attack took place last week, causing major disruptions and resulting in data exposure. A report in Bleeping Computer noted that the attack forced the university’s IT team to reset all 3,400 student and 2,200 employee account passwords in an arduous process that required everyone to personally collect their new credentials manually. Operations have since been restored. Vice Society has posted a sample of the stolen documents on its website.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Universities are major targets for cyberattacks thanks to the amount of data they store and the need to maintain constant uptime.
ID Agent to the Rescue Security awareness training can prevent a ransomware attack. Learn how to make it happen in How to Build a Security Awareness Training Program. GET IT>>
Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.
- Training Transforms Employees into Security Assets Affordably
- Ransomware Does More Damage Than You Think
- Malware is a Growing Problem Raising New Concerns for Businesses
- What to Look for When Evaluating Training Solutions
- The Week in Breach News: 06/22/22 – 06/28/22
Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>
Fresh Resources
Resources That Can Help You Sell More Security Awareness Training
This trio of eBooks are valuable tools for you to use to educate clients about the benefits of security and compliance awareness training.
The Security Awareness Training Buyer’s Guide for Businesses Give clients this eBook with tips on features to look for and how to choose the right solution. DOWNLOAD IT>>
The Business Case for Security Awareness Training You and your clients can use this tool to demonstrate the value of security and compliance awareness training to budget controllers. DOWNLOAD IT>>
Security Awareness Training: Your Best Investment This eBook offers a wide lens overview of why security awareness training is critical for businesses in today’s dangerous world. DOWNLOAD IT>>
Did You Miss This? Read The Global Year in Breach 2022 cybercrime report! DOWNLOAD IT>>
Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>
Are Your Clients Ready for a Ransomware Incident?
These Best Practice Tips Can Improve Readiness
Did you know that almost 80% of respondents in a recent study said that their organizations experienced a ransomware attack in 2021? To make matters worse, almost three-quarters of them said that a successful attack caused a negative financial and operational impact on their companies. That’s what makes readiness for a specialized cyberattack like ransomware so critical for businesses right now. Unfortunately, too many businesses aren’t prepared for a ransomware-specific incident response. But there are steps you can help your clients take to mitigate the risk of a successful ransomware strike on their organizations and the damage that an incident like this could do to their organization.
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Everyone is at Risk of an Attack
Those scary statistics above came from the study The Long Road Ahead to Ransomware Preparedness by Hitachi Vantara and the Enterprise Strategy Group. For that report, researchers looked at the ransomware preparedness levels of businesses. They started by establishing a baseline for business ransomware risk by determining that a shocking four in five businesses that they surveyed experienced a ransomware attack in 2021. Just over 40% of those organizations reported just one damaging ransomware attack last year, but one in three weren’t quite so lucky and reported that they were hit successfully more than once.
Ransomware Attack Frequency
by % of respondents
| Sporadically | 32% |
| Never | 21% |
| Weekly | 17% |
| Monthly | 17% |
| Daily | 13% |
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
More Than Half of Orgs Paid the Ransom
As IT professionals well know, a successful attack is a gold mine for the bad guys and a disaster for businesses. The extortion payments that cybercriminals demand in the wake of a ransomware attack that lands just grow more expensive every year. The average ransomware payment demanded by bad actors from a business jumped up by 82% in 2021, rising from an already painful $234,000 in 2020 to a record $570,000 in 2021. IT professionals also know that paying off the bad guys only makes the ransomware problem worse for everyone. Just like any other business, cybercrime groups will continue to do what’s profitable. The majority of respondents in this survey said that their organizations ponied up the ransom that the cybercriminals demanded.
Did the Victim Pay the Ransom?
in % of total respondents
| Yes | 56% |
| No | 42% |
| Don’t know/Prefer not to say | 2% |
Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>
Less Than Half of Payers Recovered More Than Half of Their Data
Paying the extortionists isn’t a good idea for many reasons, but organizations still choose to do it in the hopes of recovering their stolen data or gaining a decryptor. Historically that hasn’t been an effective strategy for a business trying to recover its data, a conclusion that is borne out by the results of this survey. Only 14% of respondents said that their organization recovered all of their data by paying the extortionists and just under 20% of the organizations that paid the ransom recovered less than half of their stolen data.
% of Stolen Data Recovered After Paying the Ransom
% of respondents
| % of data recovered | % of total respondents |
| 100% | 14% |
| 79 – 99% | 26% |
| 51 – 75% | 42% |
| 26 – 50% | 16% |
| 25% or less | 3% |
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
Too Many Organizations Believe They’re Ready for Trouble but Aren’t
Being ready for a ransomware attack is critical if an organization wants to come out the other side in a strong position to recover from the incident. Incident response preparedness is key, especially preparedness to respond to specific cyberattack scenarios. Almost all of the IT professionals surveyed said that their organizations are ready to handle a ransomware attack with 52% saying that their company is in a much stronger position than it was two years ago and 47% responding that their company’s position is somewhat stronger. Executives also seem to be taking the threat seriously. Just over a quarter of respondents designated ransomware readiness as the top business priority, with another 53% putting ransomware readiness in their company’s top 5 business priorities.
Organizations are also ready to spend money to make sure that they’re ready for trouble with ransomware. An estimated 35% of the IT professionals surveyed said that their organizations will spend significantly more money on ransomware preparedness in 2022 than they did in the prior year. Another 47% of respondents don’t expect a major investment but do anticipate that their organization intends to spend slightly more on ransomware readiness in 2022 than in 2021. Both figures offer prime business opportunities for MSPs who are ready to help companies fulfill their ransomware readiness priorities.
What Ransomware Readiness Activities & Processes Are Companies Choosing to Invest In?
in % of respondents
| Data recovery testing | 58% |
| Ongoing employee security awareness training | 53% |
| Response readiness assessment | 58% |
| Incident response functional exercises | 45% |
| Penetration testing | 45% |
| Incident planning and playbook development | 44% |
| Active email/phishing simulation program | 42% |
| Tabletop exercise | 27% |
| Blue team/red team/purple team engagement | 75% |
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
Simple Steps Can Be Taken to Improve Readiness and Reduce Risk
You can help your clients be ready for a response to a ransomware attack as well as ensure that they’re committed to maintaining a strong overall security posture by encouraging them to take sensible precautions and adopt best practices that mitigate risk. These tips might assist in making sure that you’re covering some bases that are frequently overlooked.
Advise Them to Create a Formal, Ransomware-Specific Communication Plan
In any emergency situation, communication is key. A ransomware incident is no different. By having a formal, ransomware-specific communication plan in place that can be implemented quickly in the event of a ransomware incident, businesses start from a strong position that sets them up for incident response and recovery success. In this survey, 53% of respondents said that they had a thoughtfully designed communication plan in place for a ransomware emergency. However, 35% of IT professionals noted that their company’s plan needs improvement.
Find More Money for Ransomware Readiness
Everyone’s looking for ways to save money and make smart, strategic business investments these days. Your clients will appreciate your insight in evaluating the solutions that they have in place and finding ways for them to reallocate IT spending for maximum efficiency. Experts estimate that many enterprises maintain 19 different security tools, with less than one-quarter of those tools serving primary security objectives. Only about 47% of existing IT security tools are actually used daily. By eliminating unnecessary expenditures, you can shake out more cash for other security improvements that you recommend.
Employees Can’t Help Mitigate a Rist That They Don’t Know About
IT professionals are keenly aware of ransomware and the devastation that it can cause, but the average employee isn’t. It’s important to keep in mind the sad fact that only an estimated 30% of internet users even know what ransomware or malware is. Employees who don’t know about a problem can’t help solve it. Unfortunately, just 36% of organizations in a recent study reported that they train their employees to face a specific risk like ransomware. Training for specific risks ensures that even the least tech-savvy employees know that a risk like ransomware exists and what to do if they encounter it.
See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>
Help Your Clients Improve Their Ransomware Readiness with BullPhish ID
Are you ready to put the power of security awareness training to work to conquer security challenges like ransomware risk? BullPhish ID is the ideal solution to use for ongoing security awareness and phishing resistance training. Conduct efficient, effective training around compliance education as well as a variety of risks, including phishing and ransomware, all in one place for less money than competing solutions. You’ll love:
- Tailor training to meet your clients’ needs fast with fully customizable phishing simulation kits, including messages, landing pages and attachments, or choose from our and plug-and-play phishing kits that make running simulations about the latest threats a snap.
- Access a large library of engaging video lessons accompanied by short quizzes that cover threats employees may face, compliance requirements and cybersecurity best practices.
- Provide compliance training for PCI-DSS, HIPAA, GDPR, PIPEDA, CMMC and more.
- Use simple, clear progress reports delivered automatically to demonstrate the value of training and show who needs more help at a glance.
- Offer content in eight languages including English, Dutch, French, German, Italian, Portuguese, Spanish (Iberian/European) and Spanish (Latin).
Join the over 4,000 MSPs who are prospering as an ID Agent Partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
Educated Employees Are Major Security Assets
Forbes reports that businesses suffered 50% more cyberattacks per week in 2021 than in any prior year. That’s 50% more chances for your employees to encounter a cyberattack threat – and your organization benefits if they know what to look for and how to stop a cyberattack.
Unfortunately, not everyone is as aware of the danger that businesses face in today’s volatile cyber attack landscape as you might think. An estimated 45% of respondents in a HIPAA Journal survey said that they don’t need to worry about cybersecurity safeguards because they don’t work in the IT department.
Even if an employee is aware that everyone is responsible for maintaining security, there’s still a good chance that they don’t know what to look for when it comes to spotting a cyberattack. Only an estimated 30% of internet users even know what ransomware or malware is.
But cybersecurity education works. Employees that are educated about cyber threats make better security decisions. Overall security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training.
Get serious about security and compliance awareness training today and you’ll enjoy lower risk and fewer cybersecurity incidents every day.
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!