Please fill in the form below to subscribe to our blog

The Week in Breach News: 07/18/24 – 07/23/24

July 24, 2024

This week: Cybercriminals make themselves at home at Basset Furniture, hackers leak two companies’ data, why monthly pentesting is a smart idea and six new phishing simulations for training campaigns Down Under.


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



Basset Furniture

https://businessofhome.com/articles/cyberattack-temporarily-halts-bassett-s-manufacturing

Exploit: Ransomware

Basset Furniture: Furniture Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.356 = Extreme

Basset Furniture, a Virginia-based home goods company over 100 years old, experienced ransomware last week that disrupted production and snarled retail operations. Discovered on July 10, the breach led to system shutdowns and halted manufacturing. Basset’s retail stores also experienced systems outages. Production has since resumed, and the company reported that while some data files were encrypted, no consumer personal information was compromised.

How It Could Affect Your Customers’ Business: Shutting down production lines at manufacturers has been a go-to tactic for ransomware groups.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


Atlassian

https://securityboulevard.com/2024/07/hacker-leaks-data-of-more-than-15-million-trello-users/

Exploit: Hacking

Atlassian: Software Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.356 = Moderate

A hacker going by the name “emo” has released data stolen from over 15 million Atlassian Trello accounts on the dark web. Breached in January 2024 through an unsecured API, the exposed information includes user IDs, usernames, full names, profile URLs and email addresses. While most profile details were public, the email addresses were not. Atlassian said in a statement that after the incident, it made it impossible for unauthenticated users to request another user’s public information via email.  

How It Could Affect Your Customers’ Business: Vulnerabilities through APIs, Zero-Days and other unexpected directions are a problem that just keeps growing.

Kaseya to the Rescue:  Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right solution to discover unexpected security weaknesses. GET THE GUIDE>>


FirstNet

https://www.benton.org/headlines/reversal-att-says-most-firstnet-customers-impacted-data-breach

Exploit: Third-Party Cyberattack

FirstNet: Public Safety Communications Network

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

AT&T has disclosed that it was mistaken about the impact of the cyberattack the company suffered earlier this month on FirstNet. The public safety communications network is a program run by the U.S. Department of Commerce and relied on by first responders from federal, state, local and tribal governments for emergency public safety services like fire and police departments. The company initially said only a small portion of FirstNet data was compromised, but now admits that nearly all FirstNet numbers were compromised.   

How It Could Affect Your Customers’ Business: It is dangerous for this type of sensitive information to end up in the wrong hands where it can be used for dark purposes.

Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>


The Superior Court of Los Angeles County

https://www.jurist.org/news/2024/07/ransomware-attack-shuts-down-los-angeles-superior-court-systems/

Exploit: Ransomware

The Superior Court of Los Angeles County: Regional Legal Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.812 = Severe

The Superior Court of Los Angeles County experienced a ransomware attack last week, leading to the shutdown of its internal computer systems, leading to a slowdown in its operations. The court confirmed the breach and stated that multiple agencies are investigating and mitigating the damage. Preliminary investigations show no evidence of compromised court data. The Superior Court of Los Angeles County is the largest trial court system in the U.S.

How It Could Affect Your Customers’ Business: Cybercriminals are always looking to profit from creating disruptions in the operation of important government bodies.

Kaseya to the Rescue:  Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>


Life360

https://www.techradar.com/pro/security/thousands-of-life360-users-have-data-leaked-following-breach

Exploit: Hacking

Life360: Location App

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.812 = Severe

Nearly 500,000 Life360 customers just had their data leaked on the dark web. The leak follows a suspected March 2024 data breach. A threat actor using the moniker “emo” released the data on a dark web forum. The hacker said the breach occurred when a flaw in the site’s login API was exploited, exposing users’ first names and phone numbers. The issue has since been fixed. Life360 also owns Tile, the location tracking company that fell victim to a hacker attack a few weeks ago.

How it Could Affect Your Customers’ Business: Bad actors are always on the hunt for the slightest opening in a company’s armor that they can exploit to strike.

Kaseya to the Rescue:  Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for social sharing! DOWNLOAD IT>>


Pueblo County District 70

https://www.kktv.com/2024/07/17/pueblo-county-school-district-potentially-compromised-by-data-breach-ransomware-incident

Exploit: Ransomware

Pueblo County District 70: Regional Education Authority 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.896 = Moderate

Pueblo County School District 70 is addressing a ransomware attack and data breach potentially compromising personal information of former students (1991-2006) and current/former staff. The initial attack was detected in April 2024 by a third-party IT service provider for the district, and federal officials confirmed the data breach in May. The district is working with state and federal authorities and experts from Colorado State University Pueblo to investigate and remediate.

How it Could Affect Your Customers’ Business: Schools have been at the top of the cybercriminals’ ransomware target list for several years.

Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>> 


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Get Vonahi’s exclusive report on the top findings of thousands of penetration tests. GET THE REPORT>>



Croatia – The University Hospital Centre in Zagreb (KBC Zagreb)

https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

Exploit: Hacking

The University Hospital Centre in Zagreb (KBC Zagreb): Medical Center 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

The LockBit ransomware group claimed responsibility for a cyberattack on Croatia’s largest hospital, KBC Zagreb, forcing a one-day IT shutdown. They accessed patient and employee information, medical records, organ and donor data, and external contracts. The attack slowed emergency services, diverting patients to other institutions. While most testing continued, the radiological system was severely affected. Croatian police and security services are investigating.

How it Could Affect Your Customers’ Business: A successful cyberattack on a hospital can have a disastrous impact on the local community.

Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>



Australia – Wattle Range Council

https://www.cyberdaily.au/security/10852-exclusive-south-australian-council-confirms-lockbit-ransomware-attack

Exploit: Ransomware

Wattle Range Council: Regional Government Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.866 = Severe

A South Australian council fell victim to the LockBit ransomware gang, which posted details of the attack and stolen data on their darknet site. LockBit claims to have stolen 103 gigabytes of data, including 46,248 files in over 7,000 folders. The stolen documents include complaint notices, rate notices, banking applications, tax invoices, and customer information from the Southern Ocean Tourist Park. The documents, accessed between June 20 and 24, appear legitimate. LockBit has set a ransom deadline of August 4. 

How it Could Affect Your Customers’ Business: Bad actors know that government agencies can be rich repositories of data with many types available in one place.

Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>> 


Datto EDR’s Ransomware Rollback rolls data and systems back to their pre-attack state in minutes SEE HOW IT WORKS>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



6 New Zealand and Australia-focused phishing simulation kits are here


Bank phishing scams are common. Keeping employees alert and ready to spot a bank scam with phishing simulations is an important way to ensure that they’re ready for trouble. These six new phishing simulation kits featuring supposed messages from two big banks in Australia and New Zealand are perfect for your next training effort.

  1. ASB Bank – Account Closure Notice (Australia/New Zealand)
  2. ASB Bank – New Login Attempt (Australia/New Zealand)
  3. ASB Bank – Verify Your Account Information (Australia/New Zealand)
  4. BNZ Bank – Account Lockout (Australia/New Zealand)
  5. BNZ Bank – Outdated Account Information (Australia/New Zealand)
  6. BNZ Bank – Unsuccessful Login Attempts (Australia/New Zealand) 

Learn more in the Update Notes. READ MORE>>


Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>



Dive into our tested, proven AI-driven phishing defense


Many companies are touting how they’ve started leveraging artificial intelligence (AI) in their security solutions. However, we’ve been utilizing AI for years and Graphus has been AI-driven since its inception. By combining advanced AI, machine learning and graph theory, TrustGraph, the core of Graphus, detects and stops even the most sophisticated phishing threats, including business email compromise (BEC), account takeover (ATO) and ransomware — without any manual intervention.

Learn more about how our tested, proven AI neutralizes phishing in the TrustGraph feature sheet. DOWNLOAD IT>>

Did you miss… The infographic 10 Tips for Successful Employee Security Awareness TrainingDOWNLOAD IT>>


an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>




Amidst the range of cybersecurity strategies, penetration testing or pentesting stands out as a vital, proactive practice. Traditionally, due to an unpleasant mix of costs and headaches, businesses would only run pentests at a frequency demanded by compliance with regulations or insurance requirements. Unfortunately, new zero-day vulnerabilities and innovative cyberattacks emerge at a faster pace than ever before, making penetration testing to find security gaps critical for avoiding costly cyberattacks. The good news is that advances in technology like automation have made pentesting much more affordable, making it possible for cost-conscious businesses to pentest monthly.  


What should you be looking for in an EDR solution? This checklist helps you make a smart choice! GET IT>>



The cyber landscape moves fast, and defenders need to move fast too. Bad actors are constantly refining their tactics, techniques and procedures (TTPs) as they seek new ways to break into networks to deploy ransomware or steal data. Monthly penetration testing gives businesses and MSPs an edge against rapidly evolving cyber threats. Here are six significant benefits of conducting monthly penetration tests: 

1. Real-time vulnerability identification 

Frequent penetration tests provide ongoing, real-time assessments of a company’s digital infrastructure. Cybercriminals are quick to adapt their methods and tools to exploit new vulnerabilities. Regular testing enables organizations to stay ahead by promptly identifying and addressing weaknesses, thus minimizing the window of opportunity for potential attackers. 

2. Adapting to evolving threats 

Cyber threats are constantly evolving, becoming more sophisticated and harder to combat over time. Monthly penetration tests allow a company’s cybersecurity team to update their strategies based on the latest threat intelligence. This proactive approach ensures that an organization’s defenses remain one step ahead of the ever-changing threat landscape. 

3. Enhancing incident response preparedness: 

In incident response, time is crucial. Frequent penetration testing helps refine a company’s incident response capabilities by simulating various attack scenarios. This allows organizations to fine-tune their response procedures, enabling security teams to detect, contain, and mitigate potential threats more effectively. Such preparedness is invaluable in the event of a real cyber incident. 


How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>


4. Meeting compliance requirements 

Many industries require regular security assessments for regulatory compliance. Frequent penetration tests ensure compliance with these regulations and demonstrate a commitment to cybersecurity best practices. This proactive approach not only protects the organization but also builds trust with clients, partners, and stakeholders. 

5. Optimizing resource allocation: 

Regular penetration testing helps organizations optimize resource allocation by identifying specific areas of vulnerability. Instead of implementing broad security measures, businesses can focus their efforts and resources on the most critical areas identified through frequent testing, thus maximizing the effectiveness of their cybersecurity investments. 

6. Safeguarding reputation and customer trust: 

A security breach can result in significant reputational damage and loss of customer trust. Frequent penetration tests reduce the likelihood of successful cyberattacks and demonstrate a commitment to maintaining the confidentiality and integrity of customer data. This enhances trust among clients and stakeholders. 

By adopting a proactive approach to cybersecurity through regular assessments, organizations can strengthen their digital defenses, adapt to emerging threats, and maintain a resilient stance against the ever-evolving landscape of cyber risks.


Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>



As businesses navigate the complexities of the digital world, frequent penetration testing is a smart move. Proactive cybersecurity is not only a necessity but also a strategic imperative in the ongoing battle against cyber threats. These tips can help IT professionals run efficient and thorough pentests.  

  • Define clear goals: Before beginning the test, define specific objectives for your penetration tests, such as full black box to test existing security controls, limiting specific network segments or testing hours. 
  • Scope your tests: Clearly define the scope of the penetration test. This includes specifying which systems and networks will be tested and gathering all IP or IP ranges you want to include in your test. 
  • Understand the environment: Before you start, map your network and gather detailed information about its architecture, applications, and systems to fully understand what you’re working with. 
  • Communicate with stakeholders: Keep all stakeholders informed about the test plan, schedule, and potential impacts. Ensure they understand the goals and benefits of the penetration test. 
  • Analyze results carefully: After each test, thoroughly review the results to identify any recurring issues or new vulnerabilities. 
  • Prioritize and fix issues: Prioritize fixing the vulnerabilities based on their severity and potential impact on your network. 
  • Retest after remediation: After vulnerabilities have been addressed, conduct follow-up tests to ensure that they have been effectively resolved and no new issues have been introduced. 
  • Schedule tests regularly: Implement a regular penetration testing schedule, such as monthly or quarterly, to continually assess and improve your network’s security. Security threats evolve, so periodic testing helps ensure ongoing protection. 
  • Train your team: Ensure that your IT and security teams know how to use a tool like vPenTest effectively and understand how to respond to its findings. 
  • Integrate with security programs: Align penetration testing with other security initiatives like vulnerability management, incident response, and compliance programs. 

In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>



Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.    

BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.     

Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.    

Graphus: Graphus is a cutting-edge, automated phishing defense solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone solution or supercharges your Microsoft 365 and Google Workspace email security.  

RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).      

Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero-days and ransomware, with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average. 

Learn more about our security products, or better yet, take the next step and book a demo today! 


See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>



Demystifying Email Security – Making Sense of Email Alphabet Soup 

August 8, 2024 | 1 PM ET/ 10 AM PT

Did you know that an estimated 9 in 10 cyberattacks start with a phishing email? Email remains one of the most crucial IT tools for businesses and, as a result, the primary target for cyber threats. However, the email security landscape can be confusing. We’re here to help. Join Chris McKie, Kaseya’s VP of Product Marketing, Networking and Security Solutions for a webinar that will bring clarity. 

  • We’ll break down the complexities of email security and provide you with the knowledge to safeguard your people, devices and data.
  • Demystify the alphabet soup of email protocols such as SPF, DKIM, DMARC and others and learn how they function to facilitate secure email communication.
  • Discover practical strategies and best practices to minimize your email threat vector and enhance your organization’s email security.

Don’t miss this illuminating session! REGISTER NOW>>

August 6: Kaseya+Datto Connect Local Atlanta REGISTER NOW>>

August 8: Kaseya+Datto Connect Local Perth (Australia) REGISTER NOW>>

August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>

August 22: Kaseya+Datto Local Symposium Long Branch REGISTER NOW>>

August 28: Kaseya+Datto Connect Local New York REGISTER NOW>>

September 19: Kaseya+Datto Connect Local the Netherlands REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>


Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

SCHEDULE IT NOW>>