The Week in Breach News: 07/26/23 – 08/01/23
This week: The MOVEit exploit nets a big fish, a cyberattack leaves them losing sleep at Tempur Sealy, an exciting new capability in BullPhish ID and the benefits of Ransomware Rollback.
See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>
Maximus
Exploit: Hacking
Maximus: Government Services Company
Risk to Business: 1.734 = Extreme
Maximus, a service provider to several U.S. federal agencies including The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), has disclosed that it has been caught up in the MOVEit exploit net. In a filing with the U.S. Security and Exchange Commission (SEC), Maximus said that it discovered in May that its corporate network was affected by the MOVEit ransomware attack. The company determined that the attackers snatched files containing sensitive information including Social Security numbers belonging to between 8 million and 11 million individuals. The investigation into the incident is ongoing.
How It Could Affect Your Customers’ Business: This zero-day exploit has been a gold mine for Cl0p and new companies are added to the victim list every day.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
Southern Association of Independent Schools, Inc (SAIS)
https://www.websiteplanet.com/news/sais-breach-report/
Exploit: Misconfiguration
Southern Association of Independent Schools, Inc (SAIS): Accreditation Non-Profit
Risk to Business: 1.876 = Severe
Website Planet reported the discovery of a large unsecured database belonging to the Southern Association of Independent Schools, Inc (SAIS) that contains highly sensitive information. Researchers discovered a variety of data inside including multiple types of student and teacher records, health information, teacher background checks and Social Security numbers, active shooter and lockdown notifications, maps of schools, financial budgets, school cybersecurity plans and much more. Incredibly, the treasure trove also contained third-party security reports that exposed weaknesses in school security, locations of cameras, access and entry points, and more. These documents could pose a potentially serious real-world security risk to the safety of students and teachers. Once informed SAIS took action to resolve the problem.
How It Could Affect Your Customers’ Business Education has been a top sector for ransomware attacks because it’s both time-sensitive and a great source of data.
Kaseya to the Rescue: Credential compromise isn’t the only risk that businesses face from the dark web. Learn about five dark web dangers for businesses in this infographic. GET INFOGRAPHIC>>
Rite Aid
https://healthitsecurity.com/news/software-vulnerability-triggers-rite-aid-data-breach-24k-impacted
Exploit: Hacking
Rite Aid: Pharmacy Chain
Risk to Business: 1.612 = Severe
Rite Aid has revealed a data breach that impacts the personally identifiable information (PII) of an estimated 24,400 customers. The trouble began on May 31, 2023, when a vendor partner alerted Rite Aid about a vulnerability in their software. Unfortunately, it was too late, and Rite Aid discovered that the vulnerability had already been exploited by bad actors. Customers’ exposed PII includes a patient’s first and last names, dates of birth, addresses, prescription data like medication names and fill dates, prescriber information, and in some cases, limited insurance data such as the plan name and cardholder ID.
How It Could Affect Your Customers’ Business: This breach will be very expensive for Rite Aid after investigation costs and regulatory penalties are added up.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
Tempur Sealy
https://therecord.media/mattress-giant-tempur-sealy-cyberattack
Exploit: Hacking
Tempur Sealy: Mattress Manufacturer
Risk to Business: 1.349 = Moderate
No one’s sleeping easy at Tempur Sealy as the company contends with a cyberattack. The incident began on July 23 and the company said it was forced to shut down its IT systems and implement its business continuity plan. In a filing to the U.S. Securities and Exchange Commission, Tempur Sealy said that the company’s operations had been hindered, but did not specify the extent. Although this looks like a ransomware attack, no ransomware group has claimed responsibility. The company said that it has contracted with an outside cybersecurity specialist in the investigation as well as law enforcement.
How It Could Affect Your Customers’ Business: Even one small cyberattack can be a big problem that brings big bills for any business.
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
Pacific Premier Bancorp
https://www.reuters.com/technology/pacific-premier-says-vendor-hit-by-moveit-data-breach-2023-07-25/
Exploit: Supply Chain Attack
Pacific Premier Bancorp: Bank
Risk to Business: 1.637 = Severe
California-based Pacific Premier Bancorp is the latest financial institution to become ensnared in the MOVEit exploit storm. In a filing with the U.S. Securities and Exchange Commission, the bank disclosed that customers’ sensitive data had been stolen in an attack on one of the bank’s vendors. The data snatched includes customers’ names, Social Security numbers, account numbers and other unspecified personally identifiable information. Impacted customers will be informed by mail. The bank did not specify how many customers had data exposed, saying that their investigation is ongoing.
How it Could Affect Your Customers’ Business: Supply chain risk is constantly growing for businesses as bad actors ramp up strategic attack pressure.
Kaseya to the Rescue: Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>>
Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>
Canada – CardioComm
https://www.securityweek.com/cardiocomm-takes-systems-offline-following-cyberattack/
Exploit: Hacking
CardioComm: Medical Technology Company
Risk to Business: 1.766 = Severe
CardioComm a Canadian heart monitoring and medical electrocardiogram solutions provider announced that it has taken systems offline following a cyberattack. The company admitted that the attack has impacted its production server environments and will have an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline. CardioComm said that it does not believe that customer health information was compromised in the attack, noting that it does not collect that data.
How it Could Affect Your Customers’ Business: Even if they don’t steal any data, the bad guys can cause trouble with disruptive cyberattacks.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
Yamaha Canada Music
Exploit: Ransomware
Yamaha Canada Music: Musical Instrument Company
Risk to Business: 1.707 = Severe
Canadian musical instrument maker Yamaha Canada Music has disclosed that it has been the victim of a ransomware attack. In an interesting twist, just like some of last week’s attacks, this one also features more than one ransomware group claiming responsibility, this time BlackByte and Akira. BlackByte included Yamaha Canada on its list of victims on June 14 before the company was added by Akira ransomware on its leak site on July 21. The company admitted that the personal data of some of its employees had been compromised but did not offer specifics. The incident is under investigation.
How it Could Affect Your Customers’ Business: Employee data is just as useful and profitable for bad actors as consumer data.
Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
Scotland – University of Western Scotland (UWS)
https://www.computerweekly.com/news/366546112/Scottish-university-hit-by-Rhysida-ransomware-gang
Exploit: Ransomware
University of Western Scotland (UWS): Institution of Higher Learning
Risk to Business: 1.413 = Moderate
Data purportedly stolen from the University of Western Scotland (UWS) has made its way to the dark web courtesy of the up-and-coming Rhysida ransomware gang. The group is demanding over $450k to not expose any more data or sell the lot in the next few days. UWS’ trouble began in early July when the cyberattack caused a brief period of downtime across some of UWS’s key systems, including its public-facing website. The attackers claim that the data they have includes the personal details of staff members, including financial and National Insurance data, and a number of internal university documents. The university is working with Police Scotland and the National Cyber Security Centre (NCSC) in the investigation.
How it Could Affect Your Customers’ Business: The sum requested is outrageous, but fledgling ransomware groups often do things like that to make a name for themselves.
Kaseya to the Rescue: In today’s volatile cybersecurity landscape, insurers are requiring businesses to have certain solutions in place. See how Datto EDR satisfies insurance requirements. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Add Users to Ongoing Training Campaigns in BullPhish ID
Ready to save more time and ensure that much-needed security training reaches new hires? BullPhish ID has a new feature that can help! The new Continuous Target Sync feature in BullPhish ID makes it much easier to add new targets to ongoing training campaigns.
When Continuous Target Sync is enabled, after a target is added to a group that is part of an ongoing training campaign, the target is automatically added to the campaign.
The Continuous Target Sync toggle is available on the Training & Awareness Dashboard (select Training & Awareness > View All Training Campaigns) and applies only to training campaigns.
When Continuous Target Sync is enabled, a one-time sync is initiated for all ongoing training campaigns associated with your SMB organizations. Please note that it may take several hours for the campaigns to be updated with the latest target list.
For more details, refer to this article about adding new targets to ongoing training campaigns. Along with more detailed information about the Continuous Target Sync feature, the article also describes specific scenarios that apply.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
3 Managed SOC Essentials
Explore the advantages that Kaseya Managed SOC powered by RocketCyber brings to the table in these three must-haves.
How Managed SOC Defends Against Cyberattacks Infographic – Follow the path of an incident response with Managed SOC. DOWNLOAD INFOGRAPHIC>>
Keys to Selecting a Managed SOC Service Checklist – See key features and functions that you should look for when selecting a managed SOC. DOWNLOAD CHECKLIST>>
EDR + Managed SOC is a Game Changer Product Brief – Learn how Datto EDR and Managed SOC work together seamlessly to provide powerful security benefits. DOWNLOAD PRODUCT BRIEF>>
Did you miss… the infographic What Phishing Tricks Do Employees Fall For? GET IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Prepare Now to Quickly Recover from a Ransomware Attack with Ransomware Rollback
No IT professional wants to come face to face with ransomware. However, in today’s volatile security landscape, it’s highly probable that a company will have to navigate through the shark-infested waters of a major incident response and try to survive a ransomware attack at least once. The year is only a little over half over, yet ransomware losses have already reached about the same amount as they did in all of 2022. In fact, ransomware gangs are well on their way to having a banner year ever, having snatched up an estimated $449.1 million through June. Experts at Chainalysis estimate that if ransomware attacks and damage continue at this pace, the bad guys could steal $898.6 million. What all of this means for MSPs and other IT professionals is that mounting a solid defense against ransomware is critical and having the right tools to do it is essential.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
What are the most common types of ransomware?
There are many strains of ransomware in use by cybercriminals and ransomware groups are constantly innovating to make their malware more dangerous. An estimated 300,000 new pieces of malware, including ransomware, are created daily. However, all ransomware attacks are not created equal. There are several styles of attack that bad actors may choose to employ. A ransomware attack is a type of extortion. For example, in a classic ransomware attack scenario, cybercriminals encrypt a company’s systems and demand payment in exchange for the decryption key.
- In a double extortion ransomware attack, cybercriminals may encrypt a company’s systems or steal data as well as threaten to take a second action to damage the victim company, like publishing the stolen data on the dark web or selling it to the highest bidder, if the ransom is unpaid by a deadline.
- In a triple extortion ransomware scenario, not only do the attackers demand payment from the victim for a decryption key and to not sell their stolen data, but they’ll also demand payment to prevent a third negative consequence. That third problem may include leaking sensitive data to the media, blackmailing executives, damaging the company’s reputation or launching a barrage of demonstrated denial of service attacks (DDoS) to further disrupt the business of the victim company.
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
What are the possible results of a ransomware attack?
A successful ransomware attack on an organization can have many unpleasant consequences for that company, including putting it out of business. Just like any other cyberattack, a company will incur an expensive incident response and recovery operation. Here are some of the other consequences a company might face after falling victim to a ransomware attack:
- Theft of data like customer and employee records containing personally identifiable information (PII), intellectual property or proprietary data
- Cybercriminals stealing information about operational technology (OT)
- Loss of access to critical systems, including industrial control systems (ICS) or OT
- Extended network downtime
- Loss of access to company data
- An adversary taking control of OT or ICS
- Bad actors learning company or personal secrets
- The release of company data or damaging information about a company on the dark web
- Lost productivity and increased payroll expenses
- Reputation damage that impacts future deals or consumer sentiment
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
How can ransomware contaminate data and systems?
There are a few basic ways that ransomware or other malware can enter an organization’s environment. These two are the most common:
A phishing email — The most likely way for ransomware to infiltrate a business is through a malicious email. These messages are often sophisticated, making it difficult for employees to quickly judge their validity. The phishing message will then direct the employee to take an action like clicking on a malicious link or downloading a poisonous attachment that is laden with ransomware, kicking off the attack.
Direct deployment — This is a trickier way for bad actors to inject ransomware. In this scenario, bad actors have to gain access to a company’s environment directly. This is typically done through hacking, capitalizing on an exploit or using stolen credentials. Sometimes a malicious employee will infect their company’s environment with ransomware.
Never Lose Critical Files to a Ransomware Attack
One of the biggest stressors and obstacles for a company grappling with a ransomware attack is lost data. Businesses face the prospect of paying extortionists and hoping that their data is returned uncopied, or trying to recover from backups that may be incomplete. But those aren’t the only ways to get a company’s data back after a ransomware attack. Datto EDR makes it simple for MSPs and other IT professionals to enhance business continuity and reduce downtime with Ransomware Rollback, a new free feature that was recently added to Datto EDR.
If the worst does happen and a company faces a ransomware disaster, with Ransomware Rollback it’s fast and easy for that company to restore their systems and data to exactly where they were when the attack started, enabling them to get back to work fast. With one click, instantly revert files to their original state after a ransomware attack and ensure normal business operations are up and running without any loss of time, money or data.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Roll Everything Back Fast
Ransomware Rollback allows you to go back in time and quickly recover ransomware-encrypted files, ensuring business operations continue to run as if nothing ever happened. This feature helps ensure quick and efficient file recovery with no mess or fuss. By tracking changes to users’ files in real time, Ransomware Rollback provides you with the ability to revert multiple files at once and at scale. No matter an organization’s size, it’s a snap for IT professionals to restore an organization’s files to their original state, enhancing a company’s resilience against cyberattacks.
Ransomware Rollback Desktop Application is easily and instantly installed on managed devices that have Datto EDR and Ransomware Detection, improving a company’s security posture right away. It’s simple to monitor tracked changes through the Rollback Desktop Application. Access all the reverted files and view the file name, file size, update time and date at a glance. Best of all, this must-have tool is a free add-on for those who subscribe to Datto EDR as part of the platform’s Ransomware Detection feature.
Dive into the details of Ransomware Rollback in the datasheet. GET THE DATA SHEET>>
Learn more about this amazing new feature in this blog post. LEARN MORE>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Kaseya’s Security Suite Gives IT Professionals the Tools That They Need to Strengthen Cyber Resilience
Get powerful protection and must-have tools for keeping businesses out of cybersecurity trouble with Kaseya’s Security Suite.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
Test Your Knowledge & Win Prizes at Cybersecurity Jeopardy!
Ready to see how well you understand cybersecurity and win fabulous prizes? Our most popular event Cybersecurity Jeopardy is back! Join us for some fun on August 8 at 4 PM ET/ 1 PM PT.REGISTER NOW>>
August 3: Kaseya + Datto Connect Local Doral Miami REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Malaysia MSP REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 17: Kaseya + Datto Connect Singapore REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
August 29: Kaseya + Datto Connect Local Denmark REGISTER NOW>>
August 31: Kaseya + Datto Connect Local Sweden REGISTER NOW>>
September 7: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
September 21: Kaseya + Datto Connect Local Nashville “Building the Business” Series REGISTER NOW>>
September 26: Kaseya + Datto Connect Local Sugarland Sales & Marketing Series REGISTER NOW>>
September 28: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!