Please fill in the form below to subscribe to our blog

The Week in Breach News: 08/17/22 – 08/23/22

August 24, 2022

 It’s all ransomware all the time this week with a spate of damaging attacks in the U.S., U.K. and South America. Plus, find out which training videos are the most popular and take a look at the two threats that make up almost three-quarters of cyberattacks. 


Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>



Entrust

https://www.securityweek.com/ransomware-group-threatens-leak-data-stolen-security-firm-entrust

Exploit: Ransomware

Entrust: Cybersecurity Solutions Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.877 = Severe

Entrust has fallen victim to a ransomware attack by the LockBit group. LockBit added Entrust to its Tor site last Thursday. The Minneapolis-based provider of payment security solutions confirmed the incident. The company admitted that threat actors had gained access to systems used for HR, finance and marketing, but said there was no evidence that the operation or security of its products and services was impacted. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Ransomware groups have been ramping up operations, with risk up by over 60%.

ID Agent to the Rescue: Our Monsters of Cybersecurity eBook helps you discover and mitigate the killer risks that are lurking around every corner. DOWNLOAD IT>>


Practice Resources LLC

https://www.cshub.com/attacks/news/almost-one-million-people-affected-by-medical-billing-ransomware-attack 

Exploit: Misconfiguration

Practice Resources LLC: Medical Billing Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.687 = Severe

Practice Resources LLC (PRL) is at the center of a ransomware attack that led to a supply chain data breach impacting 26 healthcare organizations. In a filing, PRL declared that 942,138 people had data exposed in the April 2022 incident. The company provides billing and other related services to healthcare providers. PRL declared that it has sent out data breach letters to all affected parties.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.733 = Severe

The information exposed in the attack included patient names, addresses, health plan numbers, dates of treatment, and medical record numbers. 

How It Could Affect Your Customers’ Business Supply chain risk has been a constantly rising risk for businesses as bad actors target service providers.

ID Agent to the Rescue: Learn to build an effective program that reduces cyberattack risk with the guide How to Build a Security Awareness Training Program. DOWNLOAD IT>> 


Valent U.S.A. LLC 

https://www.jdsupra.com/legalnews/valent-u-s-a-llc-announces-data-breach-5375329/

Exploit: Ransomware

Valent U.S.A. LLC: Agricultural Chemical Manufacturing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.902 = Severe

Chemical company Valent U.S.A. LLC has filed notices that it experienced a data breach as a result of a suspected ransomware attack. The company revealed that the attack was discovered when employees were unable to access some of Valent’s computer systems and subsequently discovered that files had been encrypted. Valent said that it secured its network and then retained an outside cybersecurity firm to investigate the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.768 = Severe

The company says the breach resulted in the names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and dates of birth of certain individuals being compromised.

How It Could Affect Your Customers’ Business: Both the Chemical and Agricultural sectors have been under heavy pressure from bad actors in the last 12 months.

ID Agent to the Rescue:  See the biggest risks that businesses in different sectors face today and get a look your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>> 


Brasseler USA

https://www.jdsupra.com/legalnews/brasseler-usa-announces-data-breach-4677092/

Exploit: Ransomware

Brasseler USA: Dental Equipment Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.077 = Severe

Brasseler USA has disclosed that it experienced a data breach as a result of a ransomware attack. The company discovered that this incident occurred in June 2022. In July 2022, the company learned that certain files containing sensitive consumer data were compromised. The company says that it reported the incident to law enforcement and then worked with third-party data security specialists to investigate the scope of the cyberattack Brasseler USA is a dental and surgical product manufacturer based in Savannah, Georgia.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.966 = Severe

Breached information varies depending on the individual, but may include an individual’s name, Social Security numbers, driver’s license numbers, passport number, financial account information (including debit card and credit card numbers), medical and insurance information and other information, such as date of birth. 

How it Could Affect Your Customers’ Business: Manufacturing companies have ad it rough as bad actors seek valuable OT and personal data.

ID Agent to the Rescue:  Get the resources that you need to help you protect clients from complex risks in the Deep Dive Into Cybersecurity Bundle. GET BUNDLE>>


The Government of Fremont County, Colorado

https://www.canoncitydailyrecord.com/2022/08/17/fremont-county-government-offices-closed-after-cyber-security-attack/ 

Exploit: Ransomware

The Government of Fremont County, Colorado: Regional Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.684 = Severe

The government of Fremont County, Colorado has been paralyzed by a cyberattack that left employees unable to connect to networks or access email. Local reports say that the Fremont County Administration Building, Garden Park Building, Department of Human Services and Fremont County Sheriff’s Office are closed to the public, although the Sherrif’s Office is still operating. The phone systems for the impacted offices are still working. A spokesperson said that they do not believe that any data was stolen. Efforts are underway to restore services.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business It pays to remember that the most likely vector for ransomware is a phishing message.

ID Agent to the Rescue See the reasons why an AI-driven automated email security solution is the answer to email security challenges and why you and your clients will love it. DOWNLOAD INFOGRAPHIC>>


See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>



Argentina – Judiciary of Córdoba

https://www.itworldcanada.com/article/canadian-recreational-vehicle-maker-brp-ontario-cannabis-store-dealing-with-cyber-attacks/497252 

Exploit: Ransomware

Judiciary of Córdoba: Government Entity

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.429 = Severe

New ransomware group Play has hit Argentina’s Judiciary of Córdoba. The government entity was forced to shut down its IT systems last week and its online portal and was left only able to conduct business through old-fashioned paper and pen. The Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro, and local specialists to investigate the attack and restore services.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.

ID Agent to the Rescue Gain 3 resources featuring a wealth of knowledge about ransomware and how to keep your clients safe from our Introduction to Ransomware Resource Bundle! DOWNLOAD THE BUNDLE


Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>



United Kingdom – South Staffordshire PLC 

https://www.energylivenews.com/2022/08/17/uk-water-company-hit-by-cyber-attack/

Exploit: Ransomware

South Staffordshire PLC: Utility Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.173 = Severe

This week’s most interesting story starts with South Staffordshire PLC. The parent company of South Staffs Water and Cambridge Water confirmed on Monday that it was the victim of a ransomware attack. The Cl0p ransomware gang claimed responsibility but named the wrong water company on its dark web leak site. The group initially said that the victim was Thames Water and not South Staffordshire. Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city. Data posted to the gang’s dark web site includes a spreadsheet of usernames and passwords featuring South Staff Water and South Staffordshire email addresses.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Cybercriminals love to go after utility companies because of the high chance they’ll get paid to avoid service disruptions.

ID Agent to the Rescue Learn more about the business of ransomware including how the bad guys get paid and get tips for securing your clients in Ransomware Exposed! DOWNLOAD EBOOK>>


United Kingdom – Holdcroft Motor Group

https://techmonitor.ai/technology/cybersecurity/holdcroft-motor-group-cyberattack

Exploit: Ransomware

Holdcroft Motor Group: Car Dealerships

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.634 = Severe

U.K. auto retailer Holdcroft Motor Group has admitted that it has fallen victim to a ransomware attack that has led to some dire consequences. The company said that the July 2022 attack caused significant damage, resulting in the deletion of data from its servers. Internal investigations revealed that some of the data that was compromised may have contained employee personal information. Holdcroft Motor Group operates nine different dealer franchises across 23 locations in the Midlands and north of England. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Paying the bad guys doesn’t mean you’re getting your data back, more than 90% of organizations that pay don’t get all their data back.

ID Agent to the Rescue Learn how to choose a training solution that will offer you and your clients a high degree of satisfaction in our Security Awareness Training Buyer’s Guide for MSPs. DOWNLOAD IT>>


See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident



See how today’s biggest threats may impact your MSP and your customers in our security blogs.



These Are the Top BullPhish ID Training Courses of 2022


What lessons are companies most interested in when choosing components of their security and compliance awareness training programs that utilize BullPhish ID? Here are the top five.

  1. Credential Exposure How to Protect Credentials: Brand Impersonation
  2. Zero Trust Security: Introduction & Definition
  3. Nation-State Cybercrime: How Employees May Encounter Nation-State Threats
  4. HIPAA: Overview of the Privacy Rule and Security Rule
  5. Brand Fraud & Spoofing

Security awareness training can prevent up to 70% of cybersecurity incidents. Take a look at the amazing value, customization and training flexibility you and your clients will enjoy with BullPhish ID or contact a solutions expert for a demo!


remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>



Learn More About Our Latest Integrations & Get Development Updates

Ready to find out what we’re working on this quarter plus get a sneak peek at what’s next? These three resources have the answers that you’re looking for!

BullPhish ID-Graphus Drop-a-Phish Integration

Everything you need to know about this awesome new integration is explained by our experts in this informative overview. DOWNLOAD NOW>>

Q3 Dark Web ID & Passly Product Update

Get the scoop on what’s happening with BullPhish ID and Passly and the innovations ahead. WATCH NOW>>

Q3 BullPhish ID & Graphus Product Update

Dive into the newest developments for BullPhish ID and Graphus and learn more about the roadmap for these two superstars. WATCH NOW>>

Did you miss…The Security Awareness Training Buyer’s Guide for MSPs? DOWNLOAD IT>>


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>



Protect Your Clients from 70% of Cyberattacks with a Strong Defense Against 2 Threats 


See Why Danger is Surging Around 2 Types of Cyber Threat


Protecting your clients from cyberattacks in a quickly shifting threat landscape isn’t an easy task. There are many routes to a devastating cyberattack that are complicated by x-factors like international tensions and economic pressure, ensuring that the popularity of certain attacks waxes and wanes constantly. This was exemplified by the massive surge in phishing and a barrage of cyberattacks against healthcare facilities at the start of the global pandemic. However, new data on the attack types that make up the lion’s share of cyberattacks can help you find the right path to keeping your clients’ businesses out of trouble. 


Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>


These 2 Threats Are at the Root of Almost Three-Quarters of Attacks 


Everyone wants to make money, but that can be a challenge for any enterprise in turbulent economic times. Cybercriminals are also in business, and they have been concentrating their efforts on attacks that are very profitable for them. Recent analysis from Palo Alto Networks shows that more than two-thirds of cyberattacks on businesses in the last 12 months have been limited to two expensive attack types: business email compromise (BEC) and ransomware. The leader in that race is ransomware, the method for over one-third (36%) of business cyberattacks. BEC comes in second with another third, the method behind 34% of the attacks analyzed.  

What Are the Most Common Sources of Cybersecurity Trouble?

Source: Palo Alto Networks


Gain expert insight in the MSP Cybersecurity Roundtable: How Infrastructure Attacks Can Hurt Every Business. WATCH NOW>>


BEC & Ransomware Cost Businesses a Fortune in 2021 


Cybercriminals made huge amounts of money from BEC and ransomware in 2021, and that trend has continued this year. In the U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) 2021 report, we get a look at the financial damage that BEC and ransomware have wrought in the U.S. and it is major. The BEC/EAC category topped the chart for cybercrimes with the biggest victim losses again, with complainants to IC3 suffering a whopping $2,395,953,296 in losses in 2021, 28% higher than 2020’s record total of $1,866,642,107, with 3% more total BEC complaints. IC3 also received 3,729 complaints identified as ransomware in 2021, a 51% increase over 2020. Ransomware was also to blame for losses of more than $49.2 million, a 69% increase over 2020.  

Source: FBI IC3


Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>


How Are the Bad Guys Getting In? 


It’s no surprise to IT professionals that the most likely attack vector for a business to suffer a ransomware or BEC attack is phishing. More than one-third (37%) of all of the cyberattacks that researchers analyzed started with a phishing attack. In fact, phishing, exploitation of known software vulnerabilities and brute-force credential attacks were at the root of over three-quarters (77%) of the cyberattacks analyzed. Phishing has reached new heights, reaching an all-time high in Q1 2022 by surpassing one million recorded attacks. Software vulnerabilities came in second as a major pathway to trouble, but some paths are more well-worn than others. Researchers determined that 87% of intrusions via software vulnerability hewed to one of six CVEs: ProxyShell (CVE-2021-34473, CVE-202134523, CVE-2021-31207), Log4j, SonicWall CVEs, ProxyLogon (CVE-2021-26855, CVE-202126857, CVE-2021-26858, CVE-2021-27065), Zoho ManageEngine ADSelfService Plus (CVE-2021-40539).  

What Are the Top Means of Initial Access?

Source: Palo Alto Networks


Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>


Why is BEC Expected to Remain the Leader in Cyberattacks Against Businesses? 


Ransomware attacks get plenty of headlines. But one of the results of all that press is an increase in awareness by law enforcement of ransomware gangs. Wired magazine warns that the combination of heavy scrutiny and high levels of law enforcement action around recent high-profile ransomware attacks are likely to push top ransomware groups into exploring new horizons. That will result in many skilled cybercriminals looking for a new way to make money, and bad actors can easily leverage their existing resources and skillset to shift operations into BEC. Social engineering expertise used in phishing for ransomware attacks can be quickly turned to conducting BEC attacks. Ransomware groups also have the skills to easily establish “initial access” because they can call on their previous relationships with initial access brokers and other dark web resources. Plus, the software that they use is designed to be malleable, making it easy for them to shift lanes and find success fast.   

Bad actors are constantly varying their approaches to BEC, making it a tricky attack to pin down. Microsoft researchers recently detailed one BEC campaign that has attempted to target an estimated 10,000 businesses since September 2021. The large-scale phishing campaign uses adversary-in-the-middle (AiTM) phishing sites to steal passwords, sometimes spoofing branded messages and web pages to fool victims. In AiTM phishing, the attacker’s goal is to obtain their victim’s session cookie, enabling them to skip the authentication process and act quickly as that user. In this scenario, bad actors then hijack the victim/user’s sign-in session and avoid the authentication process, even if the user has enabled multifactor authentication (MFA). The attackers then use the stolen credentials and session cookies to access affected users’ mailboxes, utilizing that resource to conduct further BEC campaigns against other targets.   


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>


Which Industries Are Most At Risk? 


Every business is at risk of a BEC or ransomware attack, but a few sectors are carrying more risk right now than others. The top five most affected industries in this report accounted for more than 60% of the cyberattacks analyzed. Those unfortunate sectors were finance, professional and legal services, manufacturing, healthcare, high tech, and wholesale and retail. Researchers pointed out that these industries tend to gather, transmit and maintain large amounts of valuable personal and financial data, making attacks on organizations in those sectors highly profitable and therefore more attractive for bad actors. However, most attackers are opportunistic and constantly on the hunt for vulnerabilities to exploit. 

Which Industries Are Under Attack in 2022?

in % of total attacks analyzed

Source: Palo Alto Networks


Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>


Give Your Clients an Edge Against BEC & Ransomware Attacks


Reducing your clients’ risk of a cyberattack is an ongoing battle, but these solutions can help ensure that you’re using the best weapons to fight back against cybercrime and putting safeguards in place that are ready to handle the next generation of cyber threats. 

Security awareness and compliance training plus phishing simulation     

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.      

  • An extensive library of security and compliance training videos in eight languages   
  • Plug-and-play or customizable phishing training campaign kits   
  • New videos arrive 4x per month and new phishing kits are added regularly      
  • Easy, automated training delivery through a personalized user portal       

Dark web monitoring       

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.      

  • 24/7/365 monitoring using real-time, machine and analyst-validated data        
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses      
  • Live dark web searches find compromised credentials in seconds   
  • Create clear and visually engaging risk reports      

Automated, AI-powered antiphishing email security  

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.   

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.     
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.    
  • 3 layers of powerful protection at half the cost of competing solutions    
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.       

Click here to watch a video demo of Graphus now.  

NEW INTEGRATION! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>   


Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>



August 25: A 15-Minute Demo: Graphus AI-Driven Email Security REGISTER NOW>>

August 30: Robin Robins Roadshow Philadelphia REGISTER NOW>>

September 11-12: DattoCon REGISTER NOW>>

September 16: Cybersecurity Summitt in Charlotte REGISTER NOW>>

September 28-20: SpiceWorld 2022 REGISTER NOW>>

October 6-7: ASCII MSP Success Summit 2022 – Dallas REGISTER NOW>>

October 13: Cybersecurity Summit in Scottsdale REGISTER NOW>>

October 25-26: Southwest US Summit REGISTER NOW>>

November 2-3: ChannelPro SMB Forum 2022: Los Angeles REGISTER NOW>>

December 6: Connect IT Local – Atlanta REGISTER NOW>>

December 8: Connect IT Local – Miami REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!