The Week in Breach News: 08/21/24 – 08/27/24
This week: Human error leads to two big data breaches; hackers hit an influential newspaper as U.S. election season moves into high gear; exploring industry-specific case studies and why half of employees fear reporting a cybersecurity blunder.
Get Vonahi’s exclusive report on the top findings of thousands of penetration tests. GET THE REPORT>>
Seattle-Tacoma International Airport
Exploit: Hacking
Seattle-Tacoma International Airport: Airport
Seattle-Tacoma International Airport is struggling after a cyberattack that began Saturday. So far, no mass flight delays or cancellations have been reported. The Seattle Port Authority confirmed the cyberattack at the airport, which disrupted phone systems and websites as well. The airport is investigating with the help of outside experts and is working closely with federal partners, including the Transportation Security Administration (TSA) and Customs and Border Protection (CBP).
How It Could Affect Your Customers’ Business: This attack had the potential to cause much more chaos, highlighting the importance of infrastructure security.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Halliburton
https://therecord.media/halliburton-systems-offline-cyberattack-sec
Exploit: Hacking
Halliburton: Oil Company
Halliburton, the multinational oil giant, experienced a cyberattack on Wednesday that impacted operations at its Houston headquarters. The company proactively took certain systems offline and instructed some staff not to connect to internal networks. An investigation and response efforts are ongoing, including system restoration and assessing the incident’s impact. The company said that law enforcement has been notified.
How It Could Affect Your Customers’ Business: Attacks that can disrupt the energy sector are especially dangerous for businesses and the public.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
VeriSource Services (VSI)
https://www.jdsupra.com/legalnews/verisource-services-announces-data-3309278
Exploit: Hacking
VeriSource Services (VSI): Business Services
VeriSource Services, Inc. (VSI) reported a data breach to the Texas Attorney General after discovering unauthorized access to sensitive information, including names, dates of birth and Social Security numbers, belonging to employees and dependents of companies using VSI’s services. The breach occurred around February 27, 2024. On August 21, 2024, VSI began notifying affected individuals of the breach through data breach letters.
How It Could Affect Your Customers’ Business: Cybercriminals are always hungry for personal data that can be turned for a quick profit.
Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
CannonDesign
https://www.scmagazine.com/brief/avoslocker-ransomware-attack-against-cannondesign-confirmed
Exploit: Ransomware
CannonDesign: Architecture and Engineering Firm
CannonDesign, a U.S.-based architectural and engineering firm, confirmed a data breach affecting 13,000 clients following an AvosLocker ransomware attack in January 2023. Attackers accessed the firm’s network from January 19 to 25, exfiltrating names, Social Security numbers, addresses and driver’s license numbers. While CannonDesign stated there was no evidence of data misuse, the breach also exposed project schematics, client details, IT information and other sensitive documents.
How It Could Affect Your Customers’ Business: No business is safe from cybercrime, no matter what the sector or size.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Oregon Zoo
https://kcby.com/news/local/oregon-zoo-warns-online-ticket-purchasers-after-data-breach
Exploit: Hacking
Oregon Zoo: Zoological Park
The Oregon Zoo warns visitors that payment information may have been compromised for those who bought tickets online between December 20 and June 26. An unauthorized person redirected payments from a third-party vendor, potentially accessing customer names, payment card numbers, CVV codes and expiration dates. The zoo has notified federal authorities and rebuilt a secure site for online ticket purchases.
How it Could Affect Your Customers’ Business: Payment card security needs to be as much of a priority for businesses as other cybersecurity concerns.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Microchip Technology
Exploit: Hacking
Microchip Technology: Manufacturer
Arizona-based semiconductor manufacturer Microchip Technology detected a cyberattack on August 17, disrupting some servers and business operations. The company isolated affected systems, leading to reduced manufacturing output and impacting its ability to fulfill orders. Microchip is working to restore IT systems and normal operations.
How it Could Affect Your Customers’ Business: With a tight world microchip market, any slowdowns in production could have a ripple effect that impacts many other businesses
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Australia – Meli
Exploit: Ransomware
Meli: Non-Profit
Meli, a community support service based in North Geelong, has confirmed it was targeted in a cyberattack, which is under investigation. The Qilin ransomware group claimed responsibility, stating they stole 419,617 files (215 GB of data) in the August 21 attack. The group posted 14 screenshots of stolen documents, including financial statements, confidentiality agreements, passports and a Medicare card, to prove their claim. Meli’s client services remain unaffected, though some internal processes are impacted. Authorities, including Victoria Police and the Australian Cyber Security Centre, have been notified.
How it Could Affect Your Customers’ Business: Unfortunately, bad actors are happy to attack non-profits too, creating the need for robust security.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Japan – Toyota
Exploit: Third Party (Misconfiguration)
Toyota: Carmaker
Toyota revealed that a misconfigured cloud bucket exposed over 2.15 million customer records to the open internet for over 10 years, from November 2013 to April 2023. The breach affects customers of Toyota’s Connected services in Japan. Additionally, the ZeroSevenGroup cybercrime gang claims to have stolen data “from a U.S. branch”, potentially a Toyota dealer, including employee and customer details, but the provenance of the data they published has not been confirmed. Toyota says that none of its internal systems were breached, pointing to an unnamed third party as the source of the data.
How it Could Affect Your Customers’ Business: A cybersecurity incident at a subsidiary or partner can lead to a huge mess for a company to clean up.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Combat business email compromise (BEC) with RocketCyber
Business email compromise (BEC) can expose sensitive information, execute fraudulent transactions, and cause substantial financial and reputational damage. However, there are steps a company can take to mitigate a company’s risk of falling victim to BEC. In this product brief, you’ll learn about RocketCyber’s Microsoft 365 Remediation feature and how it can help IT professionals tackle these challenges head-on. DOWNLOAD IT>>
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Explore the top 10 critical pentest findings of 2024
After completing over 10,000 automated network penetration tests, Vonahi has learned a thing or two about how hackers might get into a company’s network. Dive into the results of their research and learn more about staying one step ahead of the bad guys in the Top 10 Critical Pentest Findings Report 2024! DOWNLOAD IT>>
Did you miss… the 10 Tips for Successful Employee Security Awareness Training checklist? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Growing Software Supply Chain Risk Complicates Security
The software supply chain has increasingly become a target for cybercriminals, posing severe risks to businesses and organizations worldwide. A recent study by BlackBerry revealed that more than 75% of software supply chains have experienced cyberattacks in the last 12 months. As software development becomes more complex and interconnected, the supply chain becomes more vulnerable to attacks, especially those exploiting zero-day vulnerabilities. A deep exploration of the growing trouble in the software supply chain and how zero-day exploits exacerbate these risks can give IT professionals a clearer picture of this problem and how to mitigate it.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
The growing risk in software supply chains
The software supply chain encompasses the entire ecosystem of third-party software, libraries and tools that developers use to create applications. This includes everything from open-source components to proprietary software provided by vendors. As companies integrate more third-party code, the attack surface expands, giving cybercriminals more vulnerable entry points into your system. The impact of a software supply chain attack can be devastating, with a cascade of damage that hits many organizations. In such cases, attackers compromised trusted software providers, inserting malicious code that was then distributed to thousands of customers. The consequences of supply chain attacks can affect businesses in multiple ways. In BlackBerry’s survey, these were the most prominent negative outcomes:
Top consequences of a software supply chain cyberattack
- Financial loss (64%)
- Data loss (59 %)
- Reputational damage (58 %)
- Operational impact (55 %)
Source: BlackBerry
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
The role of zero days in software supply chain attacks
Zero-day vulnerabilities are previously unknown security flaws that attackers exploit before developers have a chance to patch them. These vulnerabilities are particularly dangerous because they can be weaponized in supply chain attacks to insert malicious code or gain unauthorized access to systems. In the context of the software supply chain, zero-day exploits can be used to compromise a vendor’s software, which is then distributed to end-users without anyone realizing the software is compromised. This creates a cascading effect, where one compromised component can potentially infect an entire ecosystem of applications and services.
A recent example of a zero-day software supply chain exploit is the 3CX supply chain attack, which was discovered in March 2023.
- Exploit: The attackers managed to compromise the company’s software build infrastructure, embedding malicious code in the 3CXDesktopApp, a widely-used softphone application.
- Impact: The compromised application was then distributed to 3CX’s customers through regular update channels. When users installed or updated the 3CXDesktopApp, the malicious code allowed attackers to execute remote code on infected systems, potentially leading to data theft, lateral movement within networks, and further exploitation.
- Outcomes: Thousands of organizations using the 3CXDesktopApp were potentially compromised, with attackers able to execute commands on affected systems, leading to data theft and further intrusions. 3CX quickly acknowledged the breach, released a clean version of the app, and advised customers to update their software and check for indicators of compromise.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Tips for securing your software supply chain
Securing the software supply chain is a multifaceted challenge, but there are several strategies that organizations can implement to mitigate risks:
- Implement a Zero Trust architecture: Zero Trust principles are essential in securing the software supply chain. By assuming that every component, even internal ones, could be compromised, organizations can enforce strict access controls, continuous monitoring and verification processes. This reduces the likelihood of unauthorized access and lateral movement within your systems.
- Continuous monitoring and threat intelligence: Implement real-time monitoring of your software supply chain to detect suspicious activities and anomalies. Incorporating threat intelligence feeds can help you stay informed about emerging zero-day threats and vulnerabilities in the software you depend on.
- Don’t neglect security audits: Regularly audit your software supply chain to identify and patch vulnerabilities. This doesn’t need to be a tedious manual process. Choose an automated tool to ensure that audits are done on time without adding to your IT team’s burdens.
- Frequent penetration testing: Penetration testing can help you understand how an attacker might exploit a zero-day vulnerability in your environment and provide insights into improving your defenses.
- Use Software Bill of Materials (SBOMs): An SBOM is a detailed inventory of all components in a piece of software, including third-party and open-source libraries. Having an SBOM allows organizations to quickly identify and remediate vulnerabilities in specific components if a zero-day exploit is discovered.
- Secure your development environment: Ensure that your development environment is secure, as attackers often target the build process to inject malicious code. Use code-signing certificates, enforce strict access controls, and monitor for unauthorized changes to source code.
- Vendor risk management: Establish strong vendor risk management practices by thoroughly vetting your software suppliers. Require them to adhere to stringent security standards and provide transparency about their security practices. Regularly review and update these practices as the threat landscape evolves.
- Patch management: Develop a robust patch management strategy that prioritizes critical updates and security patches. Automate the deployment of patches wherever possible to minimize the window of exposure to zero-day vulnerabilities.
The software supply chain is a critical yet vulnerable component of modern software development. As the threat landscape evolves, particularly with the rise of zero-day exploits, organizations must adopt proactive measures to secure their supply chains. By implementing strategies like Zero Trust and implementing continuous monitoring, penetration testing and regular security audits, businesses can reduce the risk of supply chain attacks and safeguard their software ecosystems. Staying vigilant and prepared is essential in a world where the software supply chain is increasingly under siege. Taking these steps now will protect your organization and build resilience against future threats.
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Kaseya’s Security Suite Helps Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages.
RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero-days and ransomware, with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.
Learn more about our security products, or better yet, take the next step and book a demo today!
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
September 12: Kaseya+Datto Connect Local Milton Keynes, UK REGISTER NOW>>
September 17: Kaseya+Datto Connect Local Los Angeles REGISTER NOW>>
September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!