The Week in Breach News: 07/24/24 – 07/30/24
This week: A concerning data breach at Leidos; hackers snarl operations at Croatia’s St. Jeronim Airport; new WhatsApp-themed phishing simulation kits; and why you need both pentesting and vulnerability scanning.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Leidos
https://www.scmagazine.com/brief/us-defense-contractor-leidos-data-leaked
Exploit: Third-Party Breach
Leidos: IT Service Provider
Risk to Business: 2.356 = Extreme
Leidos Holdings, the IT services provider for the U.S. Department of Defense, the Department of Homeland Security, and NASA, has confirmed having internal data stolen from a third-party breach exposed by threat actors but emphasized that neither its network nor customer information was affected, stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023. Such exposed information may have been exfiltrated from a compromised Diligent Corp. system leveraged by Leidos for internal investigation data hosting, noted a source close to the matter. Meanwhile, Diligent disclosed the incident, which has affected fewer than 15 clients, to be related to the breach of its subsidiary Steele Compliance Solutions two years ago.
How It Could Affect Your Customers’ Business: This was a close shave for Leidos and a good illustration of why it is essential to consider cybersecurity risks from suppliers and service providers.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Michigan Medicine
https://www.securityweek.com/57000-patients-impacted-by-michigan-medicine-data-breach/
Exploit: Hacking
Michigan Medicine: Medical Center
Risk to Business: 1.356 = Severe
Michigan Medicine, part of the University of Michigan, is notifying around 57,000 individuals of a data breach that may have compromised their personal and health information. The breach occurred when threat actors accessed employee email accounts on May 23 and May 29. Compromised data includes names, addresses, birth dates, medical record numbers, diagnostic and treatment information, and health insurance details. While no financial information was affected, Social Security numbers of four patients were exposed. The compromised accounts were disabled promptly upon discovery.
How It Could Affect Your Customers’ Business: A data breach is an expensive proposition for any organization but it is especially expensive for organizations in the healthcare sector.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Gemini
https://thecyberexpress.com/crypto-exchange-gemini-data-breach/
Exploit: Third-Party Hacking
Gemini: Cryptocurrency Exchange
Risk to Business: 1.721 = Severe
Cryptocurrency exchange Gemini disclosed a data breach caused by a cyberattack on its ACH service provider. Between June 3 and June 7, 2024, an unauthorized actor accessed the vendor’s systems. Gemini notified affected individuals on June 26, 2024, and submitted details to California’s Attorney General’s Office. The breach may have compromised some customers’ banking information, including names, bank account numbers, and routing numbers. Gemini assured clients that no other sensitive information was affected.
How It Could Affect Your Customers’ Business: Business relationships can bring unexpected cyber risks in their wake, so it pays to evaluate the cybersecurity of suppliers and service providers.
Kaseya to the Rescue: In The Comprehensive Guide to Third-Party and Supply Chain Risk, you’ll learn about the risks presented by business connections and how to mitigate them. GET THE EBOOK>>
Peco Foods
https://www.jurist.org/news/2024/07/ransomware-attack-shuts-down-los-angeles-superior-court-systems/
Exploit: Hacking
Peco Foods: Poultry Products Provider
Risk to Business: 2.632 = Moderate
On July 24, 2024, Peco Foods, Inc. reported a data breach to the Maine Attorney General after discovering unauthorized access to its IT network. The breach involved sensitive consumer information, prompting Peco Foods to notify affected individuals. The company detected the cyberattack on December 4, 2023, which disrupted its computer system. Peco Foods quickly secured its systems and collaborated with cybersecurity experts to investigate. By May 23, 2024, they identified the compromised information and impacted consumers. Notification letters were sent out on July 24, 2024, detailing the incident. Although the general notice doesn’t specify the types of leaked data, personalized letters include this information for each individual.
How It Could Affect Your Customers’ Business: It’s critical for companies to put themselves in the best possible position for a fast, smooth incident response.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Croatia – St. Jeronim Airport
https://www.barrons.com/news/cyberattack-hits-croatia-s-split-airport-dac3d776
Exploit: Ransomware
St. Jeronim Airport: Airport
Risk to Business: 1.112 = Extreme
A cyberattack at St. Jeronim Airport in Split, Croatia, snarled air traffic. The airport experienced technical difficulties around 7:30 pm, leading to flight cancellations and delays. Passengers were forced to spend the night at the airport as the system was rebooted. The IT system is still recovering, and staff are managing operations manually. The Akira cybercrime group claimed responsibility for the attack, demanding negotiations, which authorities refused.
How it Could Affect Your Customers’ Business: Bad actors are always on the hunt for the slightest opening in a company’s armor that they can exploit to strike.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for social sharing! DOWNLOAD IT>>
India – Taj Hotels
Exploit: Hacking
Taj Hotels: Hospitality Chain
Risk to Business: 2.896 = Severe
India-based Taj Hotels experienced a data breach that potentially compromised the sensitive personal information of about 1.5 million guests, according to the Economic Times. Tata Group’s Indian Hotels Company (IHCL), which operates Taj Hotels, is investigating the incident. The hacker, known as “Dnacookies,” is demanding $5,000 for the dataset, which includes mobile numbers, addresses, membership IDs and other personal information. The company’s spokesperson stated there are no signs of ongoing security issues or disruptions to operations.
How it Could Affect Your Customers’ Business: The hospitality sector keeps many types of data from guests, making hotels and resorts attractive targets for bad actors.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Taiwan – Liteon Technology Corporation
https://www.redhotcyber.com/en/post/the-ransomware-group-ransomexx-claims-attack-on-liteon/
Exploit: Ransomware
Liteon Technology Corporation: Electronics Manufacturer
Risk to Business: 1.661 = Severe
Liteon Technology Corporation, a Taiwan-based leader in electronic components, was attacked on July 26, 2024, by the Ransomexx group. Founded in 1975, Liteon specializes in optoelectronic devices, storage devices, and more, including LED lighting, semiconductors, and automotive electronics. Ransomexx infiltrated Liteon’s systems, encrypting 142GB of critical data and threatened to release it unless a ransom is paid.
How it Could Affect Your Customers’ Business: A successful cyberattack on a manufacturer can have a disastrous impact on the businesses it supplies too.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
New Zealand – Squirrel
Exploit: Hacking
Squirrel: Financial Services
Risk to Business: 1.866 = Severe
New Zealand-based mortgage broking and investment firm Squirrel experienced a data breach that exposed the passport or driver’s license details of 600 peer-to-peer investors. Squirrel informed clients that an unauthorized user accessed a third-party system used in their investor registration process. This breach allowed the extraction of personal information, specifically passport or driver’s license details, for customers who registered in the 30 days prior to July 21, 2024.
How it Could Affect Your Customers’ Business: The financial services sector has been a top target for ransomware attacks by bad actors for the past few years.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
4 WhatsApp Themed phishing simulations are now available
It’s important to keep employees alert to phishing from many angles. Four new phishing simulation kits that are themed around the popular messaging app WhatsApp have just landed in the BullPhish ID training portal.
- WhatsApp – Account Has Been Banned
- WhatsApp – New Voice Message
- WhatsApp – Storage Full
- WhatsApp – Verify Your Account Information
Learn more in the Update Notes. READ MORE>>
Watch the ID Agent and Graphus Q3 Product Innovation Webinar
Ready to learn all the details about the innovations and automations that are on the way for BullPhish ID, Dark Web ID, Passly and Graphus?
In this session, our expert team will share all of our news with you and offer you a look at the road ahead. Hear from:
- BJ Bateman, Product Owner, Dark Web ID
- Latika Varma, Product Manager, BullPhish ID
- Miles Walker, Channel Development Manager, Kaseya
- Sven Bechmann, Senior Product Manager, Graphus
- Corey O’Donnel, Senior Vice President, Strategy and Marketing, Kaseya
Did you miss… The Graphus TrustGraph Feature Sheet? DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Why Combining Regular Pentests and Vulnerability Scans is Key for Security Success
Cybercriminals are becoming increasingly sophisticated, continuously finding new ways to exploit vulnerabilities in corporate networks, systems, and applications. To stay ahead of these threats and protect sensitive data, companies must employ robust cybersecurity measures. Two critical components of a comprehensive security strategy are penetration testing and vulnerability scanning. While these terms are often used interchangeably, they serve distinct and complementary purposes in safeguarding an organization’s digital Assets.
Comparing and contrasting vulnerability scanning and penetration testing
Penetration testing and vulnerability scanning are not merely optional practices; they are essential for any organization serious about its cybersecurity posture.
Vulnerability Scanning
Vulnerability scanning helps identify potential security weaknesses in a system by systematically probing for known vulnerabilities, allowing organizations to address issues before they can be exploited. Additionally, it assists in maintaining compliance with industry standards and regulations by providing continuous monitoring and assessment of security controls. Here’s a breakdown of the details.
- Purpose: The primary goal of a vulnerability scan is to identify, quantify, and prioritize potential security weaknesses in an organization’s digital infrastructure.
- Method: This process is automated, using specialized software to scan systems, networks and applications against a database of known vulnerabilities.
- Output: The scan typically generates a report listing identified vulnerabilities, their severity and recommendations for remediation.
- Intrusiveness: Vulnerability scanning is generally non-intrusive, as it does not exploit vulnerabilities but merely identifies them.
- Frequency: These scans can be performed regularly (e.g., daily, weekly, or monthly) to maintain an up-to-date awareness of security status.
- Skill Level: Conducting a vulnerability scan typically requires less specialized knowledge, as it is largely automated.
Penetration Testing
Penetration testing identifies and exploits vulnerabilities in a system, providing a realistic assessment of security defenses and potential impacts of attacks. It also helps improve security posture by uncovering weaknesses that other tools might miss, enabling organizations to fortify their systems against real-world threats. This look at the key attributes of pentesting showcases its benefits.
- Purpose: The main objective of penetration testing (pen testing) is to simulate real-world attacks to exploit identified vulnerabilities and assess the effectiveness of existing security controls.
- Method: Pen testing involves a combination of automated tools and manual techniques by skilled security professionals to actively exploit vulnerabilities and uncover security gaps.
- Output: The result is a detailed report that not only lists vulnerabilities but also demonstrates how they can be exploited, the potential impact of an attack, and specific recommendations for mitigation.
- Intrusiveness: Penetration testing is more intrusive, as it actively tests the limits of the security defenses by simulating attacks.
- Frequency: Due to its thorough and detailed nature, penetration testing is typically conducted less frequently, such as annually or quarterly. However, advances in automation technology have made monthly penetration testing easy and affordable.
- Skill Level: Penetration testing requires a higher level of expertise and is often conducted by specialized security professionals or ethical hackers.
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Contrasting pentesting and vulnerability scanning
Vulnerability scans are automated processes that identify known vulnerabilities in a system by systematically scanning for security weaknesses, providing a broad overview of potential issues. In contrast, penetration testing involves manual and automated techniques where ethical hackers actively exploit vulnerabilities to assess the effectiveness of security measures, offering a deeper and more comprehensive analysis of the system’s defenses. These key differences between pentesting and vulnerability scanning offer a look at why companies benefit from leveraging both of these technologies.
5 key contrasts between pentesting and vulnerability scanning
| Factor | Vulnerability scanning | Penetration testing |
| Scope and depth | Provides a broad overview of potential security issues | An in-depth analysis of the most critical vulnerabilities by actively exploiting them |
| Intrusiveness | Typically non-intrusive | Can be disruptive due to their intrusive nature |
| Outcomes | Generates reports that list potential vulnerabilities | Provides a comprehensive analysis, including exploited vulnerabilities, potential impact and remediation recommendations. |
| Expertise required | Requires less specialized knowledge and can be performed by in-house IT staff | Requires specialized skills and is often outsourced to professional security firms |
| Detail and accuracy | May produce both false positives and false negatives | Provides more accurate and detailed insights by actively testing and validating vulnerabilities |
By understanding and implementing both methods, businesses can identify potential weaknesses before malicious actors do, ensuring a proactive approach to defense. Whether you are a small business or a large enterprise, conducting both automated monthly pentests and regular vulnerability scans can significantly enhance your ability to detect, mitigate and prevent cyber threats, ultimately protecting your bottom line and reputation.
Easy, affordable pentesting is within reach with vPenTest
vPenTest is the top automated network penetration testing platform, designed to help you proactively reduce security risks and breaches. With vPenTest, conducting both internal and external network tests is easy and cost-effective. Here are some of the key benefits.
Real-world simulations that mimic today’s biggest threats: Realistic cyber threat simulations that provide invaluable insights into your security posture and readiness against malicious actors.
Timely and actionable reporting: vPenTest offers detailed, easy-to-understand reports that highlight vulnerabilities, their potential impacts, and recommended actions, keeping you ahead of threats.
Affordable, easy frequent testing: Stay proactive with vPenTest’s affordable monthly testing, ensuring a robust security posture that adapts quickly to emerging threats.
Be ready for trouble with efficient incident response: By identifying vulnerabilities in advance, vPenTest helps you prepare to respond to potential security incidents efficiently and effectively.
Promotes compliance alignment: vPenTest aligns seamlessly with regulatory requirements like SOC2, PCI DSS, HIPAA, ISO 27001 as well as cyber insurance mandates, simplifying your compliance management. Plus, vPenTest recently earned CREST certification.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Kaseya’s Security Suite Helps Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus: Graphus is a cutting-edge, automated phishing defense solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero-days and ransomware, with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.
Learn more about our security products, or better yet, take the next step and book a demo today!
Demystifying Email Security – Making Sense of Email Alphabet Soup
August 8, 2024 | 1 PM ET/ 10 AM PT
Did you know that an estimated 9 in 10 cyberattacks start with a phishing email? Email remains one of the most crucial IT tools for businesses and, as a result, the primary target for cyber threats. However, the email security landscape can be confusing. We’re here to help. Join Chris McKie, Kaseya’s VP of Product Marketing, Networking and Security Solutions for a webinar that will bring clarity.
- We’ll break down the complexities of email security and provide you with the knowledge to safeguard your people, devices and data.
- Demystify the alphabet soup of email protocols such as SPF, DKIM, DMARC and others and learn how they function to facilitate secure email communication.
- Discover practical strategies and best practices to minimize your email threat vector and enhance your organization’s email security.
Don’t miss this illuminating session! REGISTER NOW>>
August 6: Kaseya+Datto Connect Local Atlanta REGISTER NOW>>
August 8: Kaseya+Datto Connect Local Perth (Australia) REGISTER NOW>>
August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>
August 22: Kaseya+Datto Local Symposium Long Branch REGISTER NOW>>
August 28: Kaseya+Datto Connect Local New York REGISTER NOW>>
September 19: Kaseya+Datto Connect Local the Netherlands REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!