The Week in Breach News: 08/02/23 – 08/08/23
This week: The biggest medical cyberattack of the year, MOVEit keeps snagging companies, two new infographics explaining the benefits of managed SOC and why opting for managed detection and response (MDR) is a smart choice.
See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>
Hot Topic
https://www.cshub.com/attacks/news/hot-topic-hit-by-wave-of-cyber-attacks
Exploit: Credential Stuffing
Hot Topic: Retailer
Risk to Business: 1.876 = Severe
Retailer Hot Topic has disclosed that it has likely experienced a data breach after experiencing a series of credential stuffing attacks. The retailer said that the attacks took place between February 7 and June 21, 2023. Hot Topic says that legitimate credentials were ultimately used to access the company’s systems. Bad actors may have stolen customer information, including customer names, mailing addresses, dates of birth, phone numbers and order history. Partial payment card information (the last four digits of the payment card) may have been accessed if victims had their payment card details saved to their accounts.)
How It Could Affect Your Customers’ Business: Teaching employees how to safely handle credentials will prevent cybersecurity trouble like this.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
Oregon Health Plan (OHP)
Exploit: Supply Chain Attack
Oregon Health Plan (OHP): Insurer
Risk to Business: 1.721 = Severe
The Oregon Health Authority has announced that its members’ data may have been exposed due to a MOVEit-related cyberattack on one of its service providers. Vendor PH Tech notified Oregon government officials that they’d experienced a data breach. In their investigation, PH Tech determined that the sensitive data of OHP members was accessed by bad actors. OHP said the illegally accessed data included personal information and some protected health information like enrollment, authorization and claims files. Exposed information varies from person to person but might include name, date of birth, social security number, address, member ID number, plan ID number, email address, authorization information, diagnosis code, procedure codes and claim information. An estimated 1 million people had data exposed in this incident.
How It Could Affect Your Customers’ Business Supply chain cyberattacks and the risk they bring to business needs to be top-of-mind for IT professionals.
Kaseya to the Rescue: Credential compromise isn’t the only risk that businesses face from the dark web. Learn about five dark web dangers for businesses in this infographic. GET INFOGRAPHIC>>
Prospect Medical Holdings
https://www.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california
Exploit: Hacking
Prospect Medical Holdings: Medical Facility Operator
Risk to Business: 1.673 = Severe
California-based Prospect Medical Holdings has disclosed that it experienced a cyberattack that has pushed 16 hospitals and about 100 other medical facilities offline in California, Connecticut, Pennsylvania and Rhode Island. The incident began on August 1. Medical providers at the impacted facilities have had to resort to pencil and paper charting. Some of the outpatient facilities that Prospect manages have been forced to close because of the attacks, including radiology, diagnostic and heart health facilities in Connecticut. This is the largest medical cyberattack in the U.S. so far in 2023.
How It Could Affect Your Customers’ Business: This breach is currently the worst medical cyberattack of 2023, but there’s still time for bad actors to make an even bigger strike.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
Prudential Insurance Company of America
https://www.jdsupra.com/legalnews/prudential-insurance-company-files-8788805/
Exploit: Supply Chain Attack
Prudential Insurance Company of America: Insurer
Risk to Business: 1.649 = Severe
Prudential Insurance Company of America filed a notice of data breach with the Attorney General of Maine after discovering that one of the company’s vendors experienced a data breach caused by the MOVEit exploit. Prudential was recently informed of the attack on their vendor, Pension Benefit Information, LLC (PBI). The incident resulted in the exposure of consumers’ sensitive information, which includes their names, Social Security numbers, addresses, dates of birth and phone numbers. PBI recently began sending out data breach notification letters to all 320,840 individuals whose information was stolen.
How It Could Affect Your Customers’ Business: Supply chain attacks are escalating, and just one attack on a supplier can be a big problem that brings big bills for any business.
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
Colorado Department of Higher Education (CDHE)
https://cybernews.com/news/colorado-education-department-data-breach/
Exploit: Ransomware
Colorado Department of Higher Education: Regional Government Agency
Risk to Business: 1.707 = Severe
The personal data of students and employees may have been exposed in a data breach at the Colorado Department of Education (CDHE). Specifically, the data of anyone who studied at a public high school in the state between 2004 and 2020, anyone who took a course at a higher education facility between 2007 and 2020, anyone who held a K-12 teacher’s license in the district, obtained participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, or obtained a GED between 2007-2011 may be impacted by this incident. between 2010-2014, may be affected. CDHE disclosed that a bad actor accessed CDHE systems between June 11 and June 19, 2023. The incident remains under investigation.
How it Could Affect Your Customers’ Business: Educational institutions can hold a lot of valuable data and have historically weak security.
Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>
Allegheny County, Pennsylvania
https://www.govtech.com/security/allegheny-county-pa-issues-alert-on-may-data-breach
Exploit: Hacking
Allegheny County, Pennsylvania: Regional Government
Risk to Business: 1.637 = Moderate
Allegheny County, Pennsylvania said that it has experienced a cyberattack that led to a data breach on May 28 and 29. Thanks to MOVEit. The county said that residents’ data may have been exposed including name, Social Security number, date of birth, driver’s license/state ID number, taxpayer ID number and student ID numbers. For some, some types of medical information (e.g., diagnosis, treatment type, admission date), health insurance information, and billing/claim information may be involved.
How it Could Affect Your Customers’ Business: Governments of every size and government agencies have been high on cybercriminal hit lists.
Kaseya to the Rescue: Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>>
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Canada – Health Employers Association of British Columbia
Exploit: Hacking
Health Employers Association of British Columbia: Professional Group
Risk to Business: 1.766 = Severe
Health Employers Association of British Columbia admitted that a cyberattack on three of its websites has likely resulted in the exposure of some personal data for an estimated 240,000 people. The association said that three websites recruiting physicians, nurses and other health professionals are at the center of the storm: Health Match B.C., Locums for Rural B.C. and the B.C. Care Aide & Community Health Worker Registry. The attack was first detected on July 13, but an investigation determined that the hackers had been in the company’s systems from May 9 to June 10. The incident remains under investigation.
How it Could Affect Your Customers’ Business: Job and hiring websites often hold onto or maintain access to big stores of valuable personal data.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
Australia – Aristocrat Gaming
Exploit: Hacking
Aristocrat Gaming: Gambling Machine Manufacturer
Risk to Business: 1.413 = Moderate
Australia’s largest gaming machine manufacturer said that it has been hit in a cyberattack thanks to the MOVEit vulnerability. Aristocrat Gaming said that the June 1 attack led to the exposure of unspecified data for Aristocrat employees. Aristocrat said in a statement that it expects low business impact from this incident and that appropriate authorities are part of the investigation.
How it Could Affect Your Customers’ Business: A zero day vulnerability can be the catalyst for a cyberattack at any time. Businesses need to remain vigilant.
Kaseya to the Rescue: In today’s volatile cybersecurity landscape, insurers are requiring businesses to have certain solutions in place. See how Datto EDR satisfies insurance requirements. LEARN MORE>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
2 New Campaigns from Powered Services Pro
Powered Services Pro offers MSPs incredible resources to help them grow their businesses, like these two new campaigns.
Graphus: Simple, Automated & Affordable Email Security – This campaign aims to help you sell services using Kaseya’s Graphus product. GET IT>>
Employee Cybersecurity Training: Building a Cyber-Ready Workforce – Show how security awareness training minimizes the risk of employee-targeted cyberattacks by keeping employees up to date with the latest cyber risks and the best practices to defend against them. GET IT>>
Did you miss… the EDR + Managed SOC is a Game Changer product brief? GET IT>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Find the Perfect Managed SOC With These Two Resources
These two resources can help MSPs and their clients find the ideal managed SOC.
5 Reasons Why You Should Offer Managed SOC Services -This infographic shares five compelling reasons why offering managed SOC services is a smart choice for every MSP. DOWNLOAD IT>>
Keys to Selecting a Managed SOC Service – Perfect for sharing with your customers! See how a SOC functions and what to consider when building and/or outsourcing a managed SOC. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Should You Choose Managed Detection & Response (MDR)?
With cybercrime risk continuing to rise, MSPs need the right tools at hand to protect their clients from trouble. But setting up a security operations center can be cost-prohibitive, and finding the right talent to run it can be extremely challenging. That’s one reason why it makes sense for MSPs to opt for a managed security operations center (SOC). Taking a look at what a Managed SOC does, how it fits into security best practices and which features of a managed SOC may be most beneficial can help MSPs choose the perfect option for their clients and their MSP
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
What is Managed Detection & Response (MDR)
Managed detection and response (MDR), also known as managed SOC, gives MSPs and businesses access to a remote security operations center featuring expert consultants without adding security personnel to their team. The primary function of a managed SOC is to rapidly analyze, detect and respond to cyber threats that bypass traditional cybersecurity tools. Comprehensive MDR will cover:
Endpoint Security – Protect your endpoints with Windows and MacOS event log monitoring, advanced breach detection, malicious files and processes, threat hunting, intrusion detection, 3rd party next-gen AV integrations and more.
Network Security – Gain new levels of network protection with firewall and edge device log monitoring integrated with real time threat reputation, DNS information and malicious connection alerts.
Cloud Security – Secure the cloud with Microsoft 365 security event log monitoring, Azure AD monitoring, Microsoft 365 malicious logins and overall Secure Score.
Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>
What Can a SOC’s Analysts Do?
In MDR, analysis is done by collecting information from a variety of sources like endpoints, cloud services and firewall logs. From this telemetry, trained SOC analysts can:
- Investigate suspicious activities
- Proactively hunt for latent threats hidden
- Respond to and remediate early-stage threats
- Spot and stop cyberattacks
- Take care of problems before they become disasters
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
How Managed SOC Services Fit into Security Best Practices
Managed SOC is a key component of ensuring that a company is following cybersecurity best practices, including:
Taking defense-in-depth approach – An organization practicing this tactic will have a variety of security tools and controls layered throughout their network, creating a more resilient barrier between cybercriminals and a company’s systems and data.
Using a cybersecurity framework – Using one of the standard cybersecurity frameworks (CSF) is an easy and effective way to ensure that a company is covering all of its bases, especially if that company faces compliance requirements around information security. Some frequently used security frameworks include NIST, HIPAA and GDPR.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
How Does a Business Benefit from Using a Cybersecurity Framework?
Leveraging a cybersecurity framework helps a business:
- Identify problems – Find security weak points where a company may be over or under invested
- Protect – Locate every possible vector that needs to be defended and take steps to add the right protection to keep cybercriminals from slipping through
- Detect – Spot security problems before the bad guys do and discover cyberattacks
- Respond – Take action to close security gaps and isolate threats quickly in emergency situations
- Recover – Get a company back on its feet with minimal downtime in the event of a cyberattack and repair damage from a security incident
If the worst does happen, minimizing the time from discovery to recovery is the most important factor in keeping a company afloat. The global mean time to identify and contain an average data breach is 277 long, expensive days. That climbs to 326 days if ransomware is involved.
Investing in strong security and following security best practices is a smart, holistic and comprehensive way to set a company up for security success today and I the future. Taking an inefficient one-off approach leaves dangerous security gaps, creates management challenges holes and adds unnecessary layers of complexity.
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Choosing Between Building a SOC or Leveraging a Managed SOC
Many MSPs and SMBs envision building a security operations center. However, that’s a complex and costly task. Leveraging a managed SOC lowers the barrier to entry, making MDR easy and affordable. Keep these key points of consideration in mind when considering your options:
Personnel – Most SOCs are 24/7/365 operation centers and creating your own means that you will need to have a large enough team on the payroll to handle its needs.
Availability – Keep in mind, many sophisticated attacks tend to start on a Friday evening and even more occur on a 3-day weekend. Ensuring that personnel are available at off times or during holidays can be difficult and expensive.
Talent – Obtaining and retaining talent is a challenge. Unfortunately, the market demand for security professionals far outweighs the market availability. This drives up the costs of hiring cybersecurity professionals, as well as making it harder to keep trained experts on staff.
Investment – Advanced cybersecurity tools aren’t cheap, and they can be costly to set up. For example, in a SOC you’ll need many defensive tools available like threat intelligence feeds and malware analysis solutions as well as experienced staffers who can utilize them to their fullest extent.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Identifying Key Capabilities of a Managed SOC Service
The right managed SOC service will include these key capabilities:
- 24x7x365 service – The SOC must be operational every hour of every day all year long. This is the most crucial factor to consider, as many attackers try to time their attacks to land when companies have fewer staffers available, especially over holiday weekends – ransomware attack rates climb by about 30% during the winter holiday season.
- Integrated threat intelligence – Threat intelligence is the lifeblood of a SOC. Make sure that the SOC you choose brings in multiple threat feeds in order to quickly identify the latest emerging threats.
- Threat hunting – In order to find and neutralize threats, a SOC must always have experienced cybersecurity analysts on hand. These experts will proactively hunt for latent threats and other security dangers that could be hiding in a company’s network.
- Expert analysis – A SOC is only as good as its cybersecurity experts. Make sure that the analysts and threat hunters your SOC relies on are true cybersecurity experts, trained to detect suspicious behaviors as well as stealthy threats.
- Time to resolution – These days, it’s less of an “if’ and more of a “when” a company faces a cyberattack. Discovering a cyberattack quickly and limiting the damage that it does is critical to a company’s survival. Ask how the SOC will respond to and remediate an incident
- SIEM-less log monitoring – Find out if you’re required to deploy a security information and event management system (SIEM) for the SOC to function. Ideally, you want to have a managed SOC solution that does not require a SIEM, technology that can be very costly and cumbersome to manage.
- MITRE ATT&CK alignment – It’s one thing to have a CSF in place, but another to be able to leverage the MITRE ATT&CK framework in the event of an attack. Understanding how the MITRE ATT&CK framework can help prevent and mitigate cyberattacks is critical.
- Intrusion monitoring – Cybersecurity is a fast-paced arena. The right SOC will be able to detect suspicious activity in real time, including connections to terrorist nation-states, unauthorized TCP/UDP services, as well as backdoor connections to command-and-control servers.
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Kaseya’s Security Suite Gives IT Professionals the Tools That They Need to Strengthen Cyber Resilience
Get powerful protection and must-have tools for keeping businesses out of cybersecurity trouble with Kaseya’s Security Suite.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents cyberattacks and reduces an organization’s chance of experiencing a cybersecurity disaster by up to 70%.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
August 15: Kaseya + Datto Connect Local Detroit REGISTER NOW>>
August 15: Kaseya + Datto Connect Local Malaysia MSP REGISTER NOW>>
August 17: Kaseya + Datto Symposium Long Branch REGISTER NOW>>
August 17: Kaseya + Datto Connect Singapore REGISTER NOW>>
August 22: Kaseya + Datto Connect Local Kansas City REGISTER NOW>>
August 29: Kaseya + Datto Connect Local San Diego REGISTER NOW>>
August 29: Kaseya + Datto Connect Local Denmark REGISTER NOW>>
August 31: Kaseya + Datto Connect Local Sweden REGISTER NOW>>
September 7: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
September 21: Kaseya + Datto Connect Local Nashville “Building the Business” Series REGISTER NOW>>
September 26: Kaseya + Datto Connect Local Sugarland Sales & Marketing Series REGISTER NOW>>
September 28: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!