The Week in Breach News: 07/12/23 – 07/18/23
This week: A record-breaking U.S. healthcare data breach, MOVEit ensnares more companies, the new Ransomware Rollback feature in Datto EDR and the inside scoop on business cybersecurity challenges from our new Mid-Year Cyber Risk Report 2023.
See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>
Hospital Corporation of America (HCA)
Exploit: Hacking
Hospital Corporation of America (HCA): Healthcare Facility Operator
Risk to Business: 1.423 = Extreme
Tennessee-based for-profit hospital operator Hospital Corporation of America has experienced a record-breaking data breach that began on or around July 5. An estimated 11 million patients had data exposed in this incident. HCA was quick to assure customers that they do not believe that any clinical data like information about a patient’s treatment, diagnosis and condition or patient financial data like payment information, credit card or account number was stolen. The company also said that the breach does not include other sensitive data like passwords, driver’s licenses or social security numbers. The data exposed includes a patient’s name, city, state, zip code, email, telephone number, date of birth, gender, service date, location and next appointment date. HCA says that the breach came from an external storage location used to automate emails like appointment reminders.
How It Could Affect Your Customers’ Business: This data breach has set a new record, but its not a record any company wants to hold.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
Choice Hotels
https://cybernews.com/security/choice-hotels-radisson-guest-info-breached-in-moveit-attacks/
Exploit: Hacking
Choice Hotels: Hotelier
Risk to Business: 1.876 = Severe
Choice Hotels has announced that it has become caught up in the MOVEit exploit trouble. The company said that some customer records, primarily from its Radisson Hotel chain but possibly from other properties as well, may have been accessed by bad actors. The Cl0p ransomware group, which has been responsible for the MOVEit attacks, added Choice Hotels to its dark web leak site, noting that the company had not been receptive to communication about paying a ransom. Choice Hotels said that it is still investigating the incident and has not yet released a list of the compromised data types.
How It Could Affect Your Customers’ Business Zero-day exploits like MOVEit can happen at any time, so it’s essential for companies to have a plan for the situation.
Kaseya to the Rescue: Credential compromise isn’t the only risk that businesses face from the dark web. Learn about five dark web dangers for businesses in this infographic. GET INFOGRAPHIC>>
Hillsborough County, FL
Exploit: Supply Chain Attack
Advanced Medical Management: Healthcare Management Services
Risk to Business: 1.669 = Severe
The government of Hillsborough County is informing more than 70,000 residents that their personal data may have been exposed in a data breach after falling victim to a cyberattack involving the MOVEit file transfer exploit. The count’s cybersecurity team first learned about the issue on June 18. After an investigation, the county determined that files from the Healthcare Services and Aging Services departments were involved. The stolen files included protected health and personal information, including first and last names, social security numbers, dates of birth, home addresses, medical conditions and diagnoses and disability codes. The breach could have also impacted Aging Services vendor employees. Victims have been notified by mail.
How It Could Affect Your Customers’ Business: This will be a very expensive mess for Hillsborough County because it involves protected health information (PHI).
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
Lansing Community College
https://cybernews.com/news/lansing-community-college-cyberattack/
Exploit: Hacking
Lansing Community College: Institution of Higher Learning
Risk to Business: 2.149 = Severe
Lansing Community College in Michigan is informing students that some of their personal data may have been stolen in a data breach. The college said that bad actors gained access to its systems from December 25, 2022, through March 15, 2023. That enabled them to steal the names and social security numbers of 758,000 people. The college also said that unspecified vendor and employee data had been exposed in the incident.
How It Could Affect Your Customers’ Business: Obtaining names and social security numbers enables bad actors to facilitate identity theft.
Kaseya to the Rescue: Learn more about the dark web economy and see how data like this gets bought and sold on the dark web in The IT Professional’s Guide to the Dark Web. DOWNLOAD IT>>
ZooTampa
https://therecord.media/tampa-zoo-targeted-in-cyberattack
Exploit: Ransomware
ZooTampa: Zoo
Risk to Business: 2.637 = Moderate
U.S. top 10 zoo ZooTampa has disclosed that it was recently the victim of a cyberattack. Black Suit, a suspected offshoot of the Royal ransomware gang, has claimed responsibility. The non-profit zoo said that vendor and employee information is involved in the incident but did not specify the specific data types. ZooTampa said that it does not retain personal or financial information about visitors or members. The zoo has engaged third-party forensic specialists to secure its network environment and investigate the extent of the unauthorized activity.
How it Could Affect Your Customers’ Business: Cybercriminals will hit any organization in any sector, and that means every organization must be ready for trouble.
Kaseya to the Rescue: Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>>
Germany – Deutsche Bank
Exploit: Supply Chain Attack
Deutsche Bank: Bank
Risk to Business: 1.766 = Severe
Deutsche Bank has disclosed that it recently became aware of a security incident at one of its external service providers that operates the bank’s account switching service in Germany. That unnamed service provider has fallen victim to the MOVEit exploit. Deutsche Bank clarified that the bank’s internal systems were unaffected by the incident. The incident may have impacted a limited amount of unspecified personal data belonging to customers in Germany who used the bank’s account switching service in 2016, 2017, 2018 and 2020. The stolen data cannot be used to gain access to accounts, but bad actors could use it to try to initiate unauthorized direct debits. Other banks in Germany may have been similarly impacted. The MOVEit exploit has resulted in cyberattacks on an estimated 250 businesses.
How it Could Affect Your Customers’ Business: Financial institutions of every kind have been at the top of cybercriminals’ hit lists for the last few years.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
New Zealand – Mahony Horner Lawyers
Exploit: Hacking
Mahony Horner Lawyers: Law Firm
Risk to Business: 1.707 = Severe
Wellington-based law firm Mahony Horner Lawyers is informing clients that their personal data may have been stolen in a recent cyberattack. In a letter explaining the incident to its clients, the firm said that it is taking time for them to determine exactly what data was snatched, but they do know so far that copies of clients’ driver’s licenses or passports that were collected in the last three years were exposed. Mahony Horner said that it has engaged a third-party firm to help investigate the incident.
How it Could Affect Your Customers’ Business: Law firms can be treasure troves for bad actors because of the wide variety and sensitivity of the information they hold.
Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Singapore – Razer
Exploit: Hacking
Razer: Gaming Hardware Company
Risk to Business: 1.443 = Extreme
Razer, a well-known provider of hardware like mice for electronic gaming, is embroiled in a data breach investigation after hackers claim to have obtained critical information about its virtual gaming credits marketplace Razer Gold. Hackers have claimed to have stolen information that impacts Razer Gold like source code, databases and encryption keys as well as backend access logins for Razer.com, the company’s main website. Razer said that it has taken steps to secure its platforms after it was alerted to the threat on Sunday. The hacker, going by the moniker “Nationalist,” is asking for $100,000 in Monero. The incident remains under investigation.
How it Could Affect Your Customers’ Business: New hackers often try to make a name for themselves by attacking big, well-known companies to make a splash.
Kaseya to the Rescue: In today’s volatile cybersecurity landscape, insurers are requiring businesses to have certain solutions in place. See how Datto EDR satisfies insurance requirements. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Introducing Ransomware Rollback With Datto EDR
We’re excited to announce the launch of Ransomware Rollback, an integral component of Ransomware Detection, which is included with Datto Endpoint Detection and Response (EDR). This application tracks changes on endpoint disk space, providing the ability to roll back functionality for files and databases impacted by ransomware attacks, making recovery easy and efficient!
What it is:
Ransomware Rollback is a lightweight application that tracks changes on endpoint disk space, providing the ability to roll back functionality for files and databases impacted by ransomware attacks. With just one click, users can quickly revert encrypted data and files back to their previous state, making recovery easy and efficient.
Why it matters:
When ransomware strikes and files are encrypted, there’s no guarantee that users will ever be able to unlock their files, even if they pay the ransom. Ransomware Rollback is a new feature included with Datto EDR that allows customers to restore their files to the state they were in before the ransomware incident occurred.
Learn more about this amazing new feature in this blog post. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The Mid-Year Cyber Risk Report 2023
The turbulent cybersecurity landscape has been a trial for businesses in the first six months of 2023. In The Mid-Year Cyber Risk Report 2023, we look at:
- How escalating cyberattack rates have battered IT security teams
- The anatomy of six notable 2023 breaches
- Cybercrime trend data from the first half of 2023
Did you miss… the infographic What Phishing Tricks Do Employees Fall For? GET IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
More Than Half of Businesses Have Suffered a Successful Cyberattack
Cybercrime is a continuous menace to businesses, and the pace of attacks seems to be constantly accelerating. With many organizations fighting to keep their heads above water in today’s challenging economy, no business can afford a costly and damaging cyberattack. Navigating the turbulent cybersecurity landscape has been an especially difficult proposition for businesses and IT professionals in the first half of 2023. A rise in the frequency and number of phishing, ransomware, business email compromise (BEC) and other devastating cyberattacks have battered businesses and IT security teams. Here’s what we’ve heard from our survey respondents about their cybersecurity challenges.
Excerpted in part from our NEW Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>
Rapidly evolving security challenges are taxing IT teams
Businesses have been dealing with a steadily increasing stream of cyberattacks. This challenge has been made even more complex by the wide variety of vectors and approaches that cybercriminals exploit. IT teams face obstacles from every side, making it harder and more stressful to defend systems and data against cyberattacks, as we discovered in the Datto SMB Cybersecurity for MSPs Report in 2022.
Main causes of cybersecurity incidents according to SMBs
Issue | Response |
Phishing emails | 37% |
Malicious websites/web ads | 27% |
Weak passwords/access management | 24% |
Poor user practices/gullibility | 24% |
Lack of end-user cybersecurity training | 23% |
Lack of administrator cybersecurity training | 19% |
Phishing phone calls | 19% |
Lack of defense solutions (antivirus) | 19% |
Insufficient security support for different types of user devices | 18% |
Outdated security patches | 18% |
Lack of funding for IT security solutions | 17% |
Lost/stolen employee credentials | 17% |
Lack of executive buy-in for adopting security solutions | 16% |
Open remote desktop protocol (RDP) access | 15% |
Shadow IT | 13% |
Source: Datto SMB Cybersecurity for MSPs Report
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
Half of businesses have endured a cyberattack
More than half of the respondents to the 2022 Kaseya Security Insights Survey said their organization had fallen victim to a cyberattack at some point. For more than one-fifth of the businesses surveyed (22%), that cyberattack occurred within the past 12 months. The percentage rises to a little over one-third (34%) when expanded to a three-year span.
Organizations experiencing a successful cyberattack or security breach
Timeframe | Responses |
Never | 26% |
Within the past 6 months | 16% |
Within the past year | 22% |
Within the past 3 years | 24% |
Over 3 years ago | 12% |
Source: Kaseya Security Insights Report 2022
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
The dark web economy is stronger than ever
Economic turbulence is an ongoing theme worldwide. However, one economy is thriving rather than struggling, and that’s the dark web economy. Cybersecurity Ventures estimates that the dark web is projected to cost the world $8 trillion in 2023 and $10.5 trillion by 2025.1
Like any other marketplace, prices on the dark web for data, malware or hacking services are fluid, with certain data types or services trending and fading for a wide variety of reasons. An entire new identity can be purchased for $1,010, but that price could change at any time. This snapshot from the Dark Web Price Index offers an idea of what services and commodities sell for on the dark web.
Estimated marketplace prices on the dark web
Malware, premium quality, per 1,000 installs | $5,550 |
DDoS attack, unprotected website, 10,000 to 50,000 requests per second, 24 hours | $45 |
Stolen online banking logins, minimum $2,000 in account | $65 |
Hacked Coinbase verified account | $120 |
10 million U.S. email addresses | $120 |
Credit card information | $17 – $120 |
Digital wallets of platforms like Coinbase | $250 |
Source: Dark Web Price Index 2022
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Cybercrime-as-a-Service (CaaS) is a major growth industry
The CaaS gig economy is the main driver of economic growth on the dark web and is getting bigger every year. An estimated 90% of posts on popular dark web forums are from buyers looking to contract someone for cybercrime services. CaaS groups can be small operators or huge outfits that operate like legitimate businesses, complete with sales reps and customer service departments.
Malware-as-a-Service and its offshoot Ransomware-as-a-Service form a thriving component of the CaaS economy. These specialists create and distribute malware on the Software-as-a-Service model and sell their software to cybercriminals and nation-state threat actors. An estimated 300,000 new pieces of malware are created daily.
Phishing-as-a-Service (PhaaS) is an up-and-coming specialty service that is attractive and affordable for cybercrime groups, with everything from DIY kits to full-service contracting available for as little as $30 and full-service “subscription” plans in which the PhaaS group facilitates the entire attack for a customer running at about $800 per month.
A galaxy of cybercrime specialists at the disposal of bad actors makes conducting a sophisticated cyberattack simple. Unfortunately, the thriving CaaS economy also places businesses in greater danger of a cyberattack than ever before.
Kaseya’s Security Suite Helps Businesses Mitigate Cyber Risk Quickly and Affordably
Major protection from today’s most dangerous and damaging cyberattacks doesn’t have to come with a major price tag with Kaseya’s Security Suite.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
July 20: Kaseya + Datto Connect Local Baltimore REGISTER NOW>>
July 21: Kaseya + Datto Connect Local Baltimore IT Professionals Series REGISTER NOW>>
July 24: Cyber Insurance Fast-Track Program Webinar REGISTER NOW>>
July 26: Combatting Advanced Threats with Datto EDR and Managed SOC REGISTER NOW>>
July 27: Cybersecurity Round Table: Cyber Insurance 101 REGISTER NOW>>
August 3: Kaseya + Datto Connect Local Doral Miami REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
November 14 – 16: Kaseya DattoCon APAC REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!