The Week in Breach News: 07/05/23 – 07/11/23
This week: A cyberattack shuts down Japan’s largest port, Sun Life is impacted by MOVEit, a look at the phishing simulations that employees fell for last year and a deep dive into two dangerous malware attacks.
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
The Law Foundation of Silicon Valley
https://therecord.media/thousands-affected-by-ransomware-on-law-firm
Exploit: Ransomware
The Law Foundation of Silicon Valley: Non-Profit
Risk to Business: 1.886 = Severe
A ransomware attack on a California law firm that provides free services to those in need has resulted in data exposure for an estimated 42,000 people. The Law Foundation of Silicon Valley notified regulators in California and Maine this week that the February ransomware attack on their offices resulted in a data breach. That impacted both clients and staff members. Exposed information includes Social Security numbers, medical records, immigration numbers, financial data, driver’s license numbers, financial account/payment card information, passport/government identification, taxpayer numbers, dates of birth and digital signatures. The AlphV/Black Cat ransomware group has claimed the attack.
How It Could Affect Your Customers’ Business: This data breach is going to cost a fortune after state regulators get finished with this California-based organization.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
National Institutes of Health Federal Credit Union (NIHFCU)
https://www.jdsupra.com/legalnews/nih-federal-credit-union-notifies-14-1232621/
Exploit: Credential Compromise
National Institutes of Health (NIH) Federal Credit Union: Financial Institution
Risk to Business: 1.876 = Severe
The National Institutes of Health Federal Credit Union (NIHFCU) filed a notice of data breach with the Attorney General of Maine on July 5. NIHFCU said that it had discovered that bad actors had gained access to an employee email account, which resulted in those bad actors gaining access to consumers’ sensitive information, including their names and Social Security numbers.
How It Could Affect Your Customers’ Business The financial sector has consistently been among the top sectors that cybercriminals have been attacking in the last few years.
Kaseya to the Rescue: Credential compromise isn’t the only risk that businesses face from the dark web. Learn about five dark web dangers for businesses in this infographic. GET INFOGRAPHIC>>
Advanced Medical Management
Exploit: Supply Chain Attack
Advanced Medical Management: Healthcare Management Services
Risk to Business: 1.669 = Severe
Advanced Medical Management has disclosed a data breach that impacted 319,485 people. The company discovered that portions of the company’s IT network that were designed and maintained by third-party vendors were accessible to an unauthorized party. Advanced Medical Management explained in a data breach notice that the incident resulted in an unauthorized party being able to access consumers’ sensitive information between May 10, 2023, and May 13, 2023. The data exposed includes names, Social Security numbers, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, protected health information, and health insurance information.
How It Could Affect Your Customers’ Business: Security awareness training isn’t just for cyberattacks, it also helps employees become more conscientious about security overall to limit mistakes.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
Pepsi Bottling Ventures
https://www.securityweek.com/28000-impacted-by-data-breach-at-pepsi-bottling-ventures/
Exploit: Hacking
Pepsi Bottling Ventures: Soft Drink Distributor
Risk to Business: 2.149 = Severe
Pepsi Bottling Ventures has admitted that it suffered a data breach between December 23, 2022, and January 19, 2023, that resulted in the personal, financial, and health information of the company’s employees being accessed by an unauthorized party. The breach was discovered on January 10. The compromised data belongs to current and former employees and to contractors. That data is comprised of names, addresses, email addresses, financial account information, ID numbers, driver’s license numbers, Social Security numbers, digital signatures, medical history details and health insurance information.
How It Could Affect Your Customers’ Business: Employee data is a treasure trove for bad actors as it can contain PHI, PII, financial details and other information that sells fast.
Kaseya to the Rescue: Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Sun Life
Exploit: Supply Chain Risk
Sun Life: Insurer
Risk to Business: 2.637 = Severe
Sun Life, one of Canada’s leading insurance providers, says the personal data of some of its U.S. customers has been compromised after one of its vendors was caught up in the MOVEit exploit attack spree. Sun Life made it clear that while it doesn’t use MOVEit, one of its vendors, Pension Benefit Information (PBI) did use it and some members’ personal information was accessed by an unauthorized third party using the exploit. Bad actors may have gained access to information including a client’s name, Social Security Number, policy and account number, and/or date of birth. However, no financial information like account values or medical claims was exposed.
How it Could Affect Your Customers’ Business: Supply chain relationships have become increasingly fraught for businesses and that trend will continue.
Kaseya to the Rescue: Learn more about the dark web economy and see how data like this gets bought and sold on the dark web in The IT Professional’s Guide to the Dark Web. DOWNLOAD IT>>
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Scotland – The University of the West of Scotland (UWS)
Exploit: Hacking
The University of the West of Scotland (UWS): Institution of Higher Learning
Risk to Business: 2.766 = Moderate
The University of the West of Scotland is experiencing an ongoing cyber incident that is affecting a number of its digital systems. The university’s website is currently down and other digital systems at the university have reportedly been down for days. The university is working with experts from Police Scotland, the National Cyber Security Centre and the Scottish government in the investigation. University officials were quick to reassure the public that graduations are continuing as planned this week with no interruption.
How it Could Affect Your Customers’ Business: Targets from every part of the education sector have been popular because of the often time-sensitive nature of their business.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
Australia – Ventia
Exploit: Hacking
Ventia: Critical Infrastructure Management
Risk to Business: 1.707 = Severe
Ventia, a Sydney-based company that provides long-term management, maintenance and operations services for critical infrastructure organizations has announced that it is taking some systems offline due to a weekend cyberattack. While the company has not confirmed the nature of the attack, experts are pointing to ransomware. The company says that it has engaged with external experts and law enforcement to investigate the incident, and all operations are expected to return to normal within the following days.
How it Could Affect Your Customers’ Business: Infrastructure attacks and attacks on companies that support it have been continuing to increase worldwide.
Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Japan – The Port of Nagoya
https://www.darkreading.com/attacks-breaches/ransomware-halts-operations-at-japan-port-of-nagoya
Exploit: Ransomware
The Port of Nagoya: Seaport
Risk to Business: 1.443 = Extreme
The largest seaport in Japan and the central shipping hub for Toyota, the Port of Nagoya, experienced a ransomware attack last Tuesday that led to a total shutdown. The port’s operator, Nagoya Harbor Transportation, disclosed that it received a ransom demand from LockBit 3.0 immediately following the beginning of systems failure in the early morning. All cargo operations, including the loading and unloading of containers onto trailers, were suspended as of July 4 but port officials expected to resume operations within a few days.
How it Could Affect Your Customers’ Business: This is a good example of the destructive power of cyberattacks against infrastructure. For something like a port, even a few hours of downtime is a disaster.
Kaseya to the Rescue: In today’s volatile cybersecurity landscape, insurers are requiring businesses to have certain solutions in place. See how Datto EDR satisfies insurance requirements. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Don’t Miss the ID Agent & Graphus Q3 Product Innovation Webinar Next Week
JULY 18 | 3 PM PDT, 6 PM EDT | 8 AM AEST (JULY 19)Join us for an informative webinar with the product managers for BullPhish ID, Dark Web ID, Passly and Graphus as we highlight the latest product innovations. You will learn about new time-saving product integrations and the latest new product features and enhancements, including mini-demos of the most exciting features. You’ll learn about:
- New integrations between our Security products and other products in the Kaseya family
- New Personal Spam Filter from Graphus
- New BullPhish ID automation features
- What’s on the Security products’ roadmaps for Q3 and beyond
This must-see webinar is just one week away! REGISTER NOW>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
What Phishing Tricks Do Employees Fall For?
Our award-winning security awareness training and phishing simulation solution, BullPhish ID, helps companies train employees to practice safe security behaviors and recognize phishing messages. After all, employees need help spotting and stopping threats, as these results from a year of security awareness training and phishing simulation with BullPhish ID show. See which phishing messages employees fell for in a new infographic. DOWNLOAD THE INFOGRAPHIC>>
Did you miss… the Keys to Selecting a Managed SOC checklist? GET IT>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Go Inside 2 of Today’s Worst Malware Attacks
Ransomware attacks are the bane of every IT professional. That notorious type of malware can serve as a multi-purpose attack for cybercriminals of all stripes, from your run-of-the-mill cybercrime gang to sophisticated nation-state threat actors. But that’s not the only type of malware that’s out there that can cause massive, expensive damage to a business. Take a look at the ransomware lifecycle and the process by which wiper malware inflicts a massive blow on its victims to understand why these attacks are so popular and what IT professionals can do to keep businesses out of trouble.
Excerpted in part from our new 2023 edition of Ransomware 101. DOWNLOAD IT>>
What is a typical ransomware attack lifecycle?
Ransomware can enter a company’s environment in many ways, including through email or direct deployment. The most common way for a company to fall victim to a ransomware attack is through email. About 90% of cyberattacks, like ransomware attacks, start with a phishing email landing in a user’s inbox. Here’s the lifecycle of a ransomware attack conducted through phishing:
- A ransomware gang forms.
- They recruit affiliates and hire personnel like developers and hackers.
- The gang decides to target Company X and plans to take their data and systems hostage.
- They gather the necessary resources, usually from the dark web, to craft a spear phishing email that will entice an employee of Company X into clicking on it.
- The email makes it past Company X’s Secure Email Gateway (SEG) or other email security and lands in an employee’s inbox.
- The employee takes the bait, opens the email and interacts with it by visiting a poisoned website or downloading a tainted attachment.
- The malicious payload infects the employee’s computer with a ransomware client that takes control of it.
- The infected computer then establishes a connection with the cybercriminals’ network.
- The malware begins encrypting Company X’s systems and/or exfiltrating data.
- The cybercriminals contact Company X with a ransom demand, payable in cryptocurrency.
- Company X must decide if they will pay the extortionists (which may be illegal) or attempt to recover their data or restore their network another way.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
How Do Ransomware Gangs Make Money?
When a company pays a ransom, that money travels far and wide across the dark web. Ransoms don’t just go to one person or organization — even an ancillary participant in a ransomware attack will profit. That’s a major reason why cybercriminals of every stripe are quick to jump into a ransomware operation. Those criminals have a high chance of walking away with substantial cash, and everyone gets paid.
The big, powerful ransomware gangs rarely run campaigns themselves. Instead, they operate Cybercrime-as-a-Service platforms that cybercriminals can use to conduct operations, attract talent, network with freelancers and receive payments. The boss gang makes their money from their cut of the profits when a successful ransomware attack occurs under their auspices. Those attacks are conducted by allied independent contractors known as affiliates. The affiliates are the ones doing the day-to-day work of mounting a successful ransomware attack.
The affiliate is responsible for running everything about a ransomware attack — from planning to execution to receiving payment — against their chosen target. The affiliate may be a smaller gang or just a group of freelancers getting together for one job. Sometimes, the boss gang supplies the malware or the affiliate may prefer to use their own. However, if an affiliate gets the job done, if their attack is successful, they’re obligated to send a cut up the chain to the boss — the gang that runs the platform — generally 10–20% of the take, as well as pay any subcontractors that they’ve hired. The rest of the money is theirs to enjoy.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Ransomware isn’t the only malware threat businesses face
While ransomware gets more press attention, cybercriminals have a much more devastating weapon in their arsenal: wiper malware. This nightmarish attack is designed to completely, irrecoverably erase a victim’s data, making recovery a major challenge. The malware attacks the physical location where the data is stored and deletes it permanently. This data assassin spreads throughout a network quickly.
Many cybercriminal gangs use wipers to cover up their traces after an intrusion, and this is a go-to attack for nation-state threat actors. The Russia-Ukraine war gave rise to a new round of wiper malware attacks in 2022, as several versions of wipers were used to disrupt the critical infrastructure of Ukrainian systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an advisory to businesses and government agencies advising vigilance against new strains of wiper malware that emerged during that conflict.
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
How does wiper malware work?
The most straightforward way to wipe out data from a system is to overwrite the data in a specific physical location with other data. This process is arduous for cybercriminals as they have to write several gigabytes or terabytes of data, which is highly time-consuming and can open them up to detection. But wiper malware greatly speeds up that process by first destroying two particular files in the system and then erasing the data in minutes.
- The first file that gets annihilated in a wiper malware attack is the Master Boot Record (MBR), which identifies the operating system’s location during the boot process. If the cybercriminals succeed in destroying the MBR, the boot process crashes, making the files inaccessible unless forensic methodologies are used, and sometimes that won’t even work.
- The next to go is the Master File Table (MFT), which exists in every NTFS file system, containing the physical location of files in the drive, their logical and physical size and other related metadata. As many big files cannot use consecutive blocks in the hard drive, they are fragmented to accommodate the storage of large files. The MFT comes in handy here, as it stores the information of where each fragment is present in the drive. If the cybercriminals get hold of your MFT, you can still access your small files using forensic tools but accessing large files is practically impossible since the link between fragments is lost. This is a critical step in making data unrecoverable.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
The Kaseya Security Suite helps IT professionals mitigate cyber risk.
Major protection from today’s most dangerous and damaging cyberattacks doesn’t have to come with a major price tag with Kaseya’s Security Suite.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
July 18: Kaseya + Datto Connect Local Boston REGISTER NOW>>
July 18: ID Agent & Graphus Q3 Product Update Webinar REGISTER NOW>>
July 24: Cyber Insurance Fast-Track Program Webinar REGISTER NOW>>
July 20: Kaseya + Datto Connect Local Baltimore REGISTER NOW>>
July 21: Kaseya + Datto Connect Local Baltimore IT Professionals Series REGISTER NOW>>
July 27: Cyber Security Round Table: Cyber Insurance 101 REGISTER NOW>>
August 3: Kaseya + Datto Connect Local Doral Miami REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!