Please fill in the form below to subscribe to our blog

The Week in Breach News: 07/10/24 – 07/16/24

July 17, 2024

This week: The Snowflake cyberattack saga keeps snowballing with two new victims, a cyberattack snarls gold and platinum mining, three new multilingual training courses in BullPhish ID and a deep dive into a stealthy player: software supply chain risk.


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



AT&T

https://www.cnbc.com/2024/07/12/snowflake-shares-slip-after-att-says-hackers-accessed-data.html

Exploit: Supply Chain Hacking

AT&T: Telecom Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.356 = Extreme

Telecommunications giant AT&T disclosed in a regulatory filing on Friday that hackers had breached a cloud platform containing customer data, accessing records of subscribers’ calls and text messages over a six-month period in 2022. The compromised data includes phone numbers, aggregate call duration, and some cell site details, according to AT&T. Reports suggest that AT&T paid the hackers over $307,000. An AT&T spokesperson informed CNBC that the cloud service was owned by Snowflake, the embattled cloud data platform also implicated in the recent Neiman Marcus breach.

How It Could Affect Your Customers’ Business: Bad actors are finding creative ways to strike organizations like backdoors and supply chain attacks.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


The Heritage Foundation

https://techcrunch.com/2024/04/12/heritage-foundation-cyberattack/

Exploit: Hacking

The Heritage Foundation: Think Tank

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.356 = Extreme

The Heritage Foundation experienced a data breach last week. Self-proclaimed “Gay Furry Hackers” SiegedSec claimed credit for the attack. The group stated that this hack is the result of their opposition to Project 2025, a recently released Christian Nationalist action plan crafted to serve as a roadmap of steps that a new Trump administration could take to swing the U.S. hard to the right. The Heritage Foundation first denied that the hackers had breached their systems, then claimed that only old records from its newsletter were accessed, finally pivoting to saying that the cyberattack likely came from nation-state hackers. This is a developing story.

How It Could Affect Your Customers’ Business: Endpoint detection and response (EDR) is a vital tool for minimizing the impact of a cyberattack.

Kaseya to the Rescue:  In The Comprehensive Guide to Third-party and Supply Chain Risk we show you how to mitigate cyber risk from partners and suppliers. DOWNLOAD IT>>


Rite Aid

https://www.bleepingcomputer.com/news/security/rite-aid-confirms-data-breach-after-june-ransomware-attack

Exploit: Ransomware

Rite Aid: Drugstore Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

The drugstore chain giant Rite Aid experienced a data breach in June following a cyberattack by the RansomHub ransomware group. While Rite Aid has not disclosed what specific customer data was accessed or the number of individuals affected, it confirmed that health or financial information was not compromised. The gang claims to have obtained over 10 GB of customer information, equating to around 45 million lines of personal data. This includes names, addresses, driver’s licenses or ID numbers, birthdates, and Rite Aid rewards numbers. Although the incident occurred in June, RansomHub only recently added Rite Aid to their site, citing a breakdown in payment negotiations.

How It Could Affect Your Customers’ Business: Bad actors are always hungry for data that can facilitate identity theft.

Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>


The Florida Department of Health (DOH)

https://www.positivelyosceola.com/florida-health-department-hit-by-ransomware-attack-sensitive-data-released-on-dark-web/

Exploit: Ransomware

The Florida Department of Health (DOH): Regional Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.812 = Severe

The Florida Department of Health (DOH) has confirmed that it was targeted by the ransomware group RansomHub. After the state refused to pay the ransom, hackers exfiltrated and published 100 gigabytes of sensitive data on the dark web. Over 20,000 files containing highly sensitive information about Floridians have been leaked, including lab results, signed medical release forms, workers’ compensation records, and COVID-19 diagnoses. Some files even contain photos of passports and detailed personal information, such as full names, dates of birth, addresses, Social Security numbers, and insurance details. Most of these records are from 2023 and 2024. Florida’s DOH says that it is in the process of notifying impacted individuals.

How It Could Affect Your Customers’ Business: Even a government agency can incur big bills from hefty fines slapped on by regulators after a medical data breach.

Kaseya to the Rescue:  Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>


Advance Auto Parts 

https://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people

Exploit: Supply Chain Hacking

Advance Auto Parts: Automotive Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.812 = Severe

Advance Auto Parts is notifying over 2.3 million individuals that their personal data was stolen in a recent data breach linked to the Snowflake data theft attacks. On June 5, 2024, a threat actor known as ‘Sp1d3r’ began selling a 3TB database purportedly containing 380 million Advance customer records, including orders, transaction details, and other sensitive information. On June 19, the company confirmed the breach in a Form 8-K filing, stating it only affects current and former employees and job applicants.

How it Could Affect Your Customers’ Business: Incident response planning is critical for reducing the downtime a business experiences in the wake of a cyberattack.

Kaseya to the Rescue:  Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>


The Goshen (New York) Central School District

https://midhudsonnews.com/2024/07/12/goshen-school-district-under-cyber-attack/

Exploit: Ransomware

The Goshen (New York) Central School District: Regional Education Authority

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.896 = Moderate

The Goshen Central School District in New York experienced a ransomware attack late Wednesday afternoon, resulting in the disruption of its computer services, which has subsequently affected access to phones and email systems. Authorities have been informed, and the district has initiated collaboration with cybersecurity specialists to identify the origin of the attack and promptly address the issues. Fortunately, as most U.S. schools are currently on summer break, there has been no impact on educational activities. The district’s schools and offices will continue to operate for in-person meetings, while summer programs will proceed as scheduled.

How it Could Affect Your Customers’ Business: Schools have been at the top of the cybercriminals’ ransomware target list for several years.

Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from landing unsuspecting employees. DOWNLOAD IT>> 


The Walt Disney Company

https://www.csoonline.com/article/2517985/disney-suffers-massive-internal-communications-data-leak-after-cyberattack.html

Exploit: Hacking

The Walt Disney Company: Entertainment Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

The Walt Disney Company’s internal communications on Slack have been leaked online, revealing sensitive information about everything from advertising campaigns to interview candidates. The hacker group NullBulge has claimed responsibility for the breach, announcing in a blog post that they released over one terabyte of data from 10,000 Disney Slack channels. The conversations include computer code, studio technology discussions, the management of Disney’s corporate website, software development discussions and information on unreleased projects, with the leaked conversations dating back to at least 2019. NullBulge stated that they gained access to the information by compromising the computer of a Disney software development manager. The group said they chose to hack Disney to protect artists’ rights and compensation. This story was still developing at press time.

How it Could Affect Your Customers’ Business: One employee falling for a cybercriminals trick or mishandling a password can be a disaster.

Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>



Federated Co-operatives Ltd. (FCL)

https://thestarphoenix.com/news/local-news/western-canada-wholesaler-fcl-still-dealing-cyberattack

Exploit: Hacking

Federated Co-operatives Ltd. (FCL): Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.866 = Severe

Saskatoon-based Federated Co-operatives Ltd. (FCL) reported experiencing a cybersecurity “incident” impacting several of its operations, including its fuel cardlock system that provides fuel to corporate clients around the clock. The fuel cardlock system is now fully back online after being disrupted for several days. However, FCL’s website, as well as the websites of various member cooperatives, remained offline. In a statement posted on its social media channels, FCL stated that it does not believe customer data was compromised by the attack.

How it Could Affect Your Customers’ Business: Making incident response plans for specific threats like ransomware helps companies bounce back faster.

Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>> 




South Africa – Sibanye-Stillwater

https://www.reuters.com/technology/cybersecurity/platinum-giant-sibanye-says-its-system-has-been-hit-cyberattack-2024-07-11/

Exploit: Ransomware

Sibanye-Stillwater: Mining

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

Last Thursday, platinum and gold mining company Sibanye-Stillwater announced that a cyberattack on its IT system, which began Monday morning, has caused limited disruption to its global operations. The company emphasized that its core mining and processing business continues to operate normally. The Johannesburg-based precious metals producer reported that it successfully protected its data.  The attack brought down its server and disrupted the system globally. An investigation into the incident is underway. 

How it Could Affect Your Customers’ Business: Security solutions like Managed Detection and Response (MDR) can help minimize the damage and cost of a cybersecurity incident.

Kaseya to the Rescue: Should you rely on a Managed SOC for MDR or build your own SOC? This whitepaper helps clarify the dollars and cents costs of both options. DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



New multilingual BullPhish ID training courses are here 


We’re proud to offer a new assortment of training courses for BullPhish ID that are available in Spanish, Portugese and French. These translated training courses are now available in the BullPhish Training portal:
Baiting: Learn about the social engineering attack known as baiting.

  • Cebo (Spanish)
  • Isca (Portuguese)
  • Appatage (French)

Smishing and Vishing: Learn about the social engineering attacks through voice and text message phishing, known as vishing and smishing respectively.

  • Smishing e vishing (Portuguese)

Tailgating and Piggybacking: Learn about the in-person social engineering attacks known as tailgating and piggybacking.

  • Tailgating e piggybacking (Portuguese)
  • Tailgating y piggybacking (Spanish)
  • Passage en double et accès à califourchon (French)

Learn more in the Update Notes. READ MORE>>


How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>



Datto EDR and Datto AV are redefining endpoint security


Datto EDR and Datto AV have earned the Miercom Certified Secure designation. This prestigious designation has been awarded for providing exceptional detection and response capabilities against zero days, malware, and other serious threats. But don’t take our word for it. Check out the results of Miercom’s study on the effectiveness of Datto AV and Datto EDR in this infographic. DOWNLOAD IT>>

Did you miss… The Midyear Cyber-risk Report 2024? DOWNLOAD IT>>


an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>




Have you considered the implications of a software supply chain cyberattack on your cyber defenses? If you said no, you need to change that immediately. In a recent survey, an overwhelming majority of respondents admitted that their organization has experienced cybersecurity trouble through its software supply chain. An estimated 91% of the organizations have experienced a software supply chain attack over the last year. Mitigating risk around software supply chain cyberattacks is a vital area of a company’s defense that cannot be overlooked. Take a deep dive into this stealthy risk to learn what it’s all about and get tips to defend against software supply chain cyberattacks. 


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



A software supply chain compromise occurs when malicious actors infiltrate the software development and support lifecycle. This can happen at various stages, including: 

  • Source Code Repositories: Attackers may inject malicious code into open-source or proprietary repositories. 
  • Build Systems: Compromising the build environment to insert malicious payloads during the compilation process. 
  • Distribution Channels: Infecting software updates or third-party components that are integrated into a larger software system. 

Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>



Software supply chain compromise can lead to many undesirable outcomes. Exploits lead the pack, with virtually all respondents noting that they had experienced a cyber incident as a result of an exploit encountered through their software supply chain. Recent research shows that exploits are up an eye-popping 180% over last year.  

Factor % of total respondents who experienced it 
zero-day exploit on vulnerabilities within third-party code   41% 
misconfigured cloud service exploits 40% 
vulnerability exploits in open-source software and container images 40% 
secrets/token/passwords stolen from source code repositories 37% 
API data breaches in third-party software and code 35% 

Source: Data Theorem 



A software supply chain cyberattack isn’t an easy risk to pin down because it can happen in so many different ways. Taking a look at several high-profile software supply chain-related cyberattacks illustrates the myriad of problems that a business might encounter as well as the devastation that can be caused by them.  

  • SolarWinds Attack (2020): Perhaps the most notorious example, is where attackers inserted malicious code into the Orion software updates, impacting numerous government and private sector organizations. 
  • Codecov Bash Uploader (2021): Attackers modified the Bash Uploader script to exfiltrate sensitive information from environments using Codecov. 
  • Octopus Scanner (2020): This malware targeted the open-source software supply chain by infecting projects on GitHub. The malware was spread through the use of malicious dependencies in open-source projects. 
  • Dependency Confusion (2021): This attack targeted software development environments by uploading malicious packages to public repositories with the same names as internal packages. When developers mistakenly pulled these public packages, they introduced malware into their applications. 
  • NotPetya (2017): Although primarily known as a ransomware attack, NotPetya spread through a compromised update of the Ukrainian accounting software MeDoc. This led to widespread disruptions in various organizations globally. 

In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>



Businesses face a variety of undesirable outcomes after encountering a software supply chain cyberattack even if it happened to them through no fault of their own. The consequences of these attacks are broad: 

  • Widespread Distribution: A single compromised component can be propagated to countless downstream users, amplifying the damage. 
  • Stealth and Persistence: These attacks can remain undetected for extended periods, allowing attackers to gather sensitive information and cause prolonged damage. 
  • Trust Erosion: Organizations lose trust in their software providers, and end-users become wary of software updates, hindering the adoption of necessary patches. 

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>



It is essential that IT professionals take proactive action to prevent damage from software supply chain threats. Staying informed about cyber risks and on top of maintenance is key. There are a few other steps that IT professionals can take to mitigate this risk. These five tips help strengthen security in critical areas: 

  1. Enhanced Code Review: Implementing rigorous code review processes, especially for third-party components, to detect and prevent malicious code insertion. 
  1. Securing Build Environments: Isolating and securing build systems with robust access controls and monitoring to detect unauthorized changes. 
  1. Dependency Management: Regularly auditing and managing dependencies to ensure the integrity of third-party components. 
  1. Incident Response Planning: Developing and rehearsing incident response plans to quickly address and mitigate the impact of a compromise. 
  1. Transparency and Communication: Encouraging open communication and transparency among developers and vendors to quickly share information about potential threats and vulnerabilities. 
  1. Patching and Updating: Don’t put off maintenance because you’re too busy. By far the easiest and most effective way to mitigate this risk is patching and updating all software religiously.  

As the digital landscape evolves, so must our approach to cybersecurity. Software supply chain compromises represent a complex and evolving threat that requires a multi-faceted defense and constant vigilance strategy. By understanding the nature of these attacks and implementing robust security measures, organizations can better protect themselves and their users from the potentially devastating impacts of software supply chain compromises. 


Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably. It features automated and AI-driven features that make IT professionals’ lives easier.   

BullPhish ID – This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.      

Dark Web ID – Our award-winning dark web monitoring solution is the channel leader for a good reason. It provides the greatest amount of protection around, with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.     

Graphus – Graphus is a cutting-edge, automated phishing defense solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security.       

RocketCyber Managed SOC – Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.  

Datto EDR – Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).       

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.    

Learn more about our security products, or better yet, take the next step and book a demo today! 




Top Secrets of MDR Revealed

July 18, 2024 | 1 PM ET / 10 AM PT

Join us as we demystify managed detection and response (MDR). We’ll reveal why it’s a must-have solution for your defense-in-depth security architecture. 

  • An insider’s view of how a world-class MDR service operates, from threat detection to incident response.
  • Common misconceptions about MDR, including what it can and can’t do.
  • Key factors to consider when selecting an MDR provider.
  • The differences between MDR and managed endpoint detection and response (EDR) and why these distinctions matter for your security posture.

This is a must-see webinar! REGISTER NOW>>

Discover Your Prospecting Secret Weapon

July 23, 2024 | 1 PM ET / 10 AM PT

Ready to boost your profits and secure your clients effortlessly this summer? Join us for an insightful webinar as host Miles Walker shows you how to unleash the potential of Dark Web ID for your MSP business. We’ll share:

  • Effective ways to convey the urgency of credential-related threats to decision-makers.
  • Practical tips on converting prospects into loyal clients.
  • How to enhance your service offerings and generate new revenue streams.

Don’t miss out on this opportunity to send your profits soaring! REGISTER NOW>>

July 23: Discover Your Prospecting Secret Weapon REGISTER NOW>>

August 6: Kaseya+Datto Connect Local Atlanta REGISTER NOW>>

August 8: Kaseya+Datto Connect Local Perth (Australia) REGISTER NOW>>

August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>

August 22: Kaseya+Datto Local Symposium Long Branch REGISTER NOW>>

August 28: Kaseya+Datto Connect Local New York REGISTER NOW>>

September 19: Kaseya+Datto Connect Local the Netherlands REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!