Please fill in the form below to subscribe to our blog

The Week in Breach News: 08/21/24 – 08/27/24

August 28, 2024

This week: Human error leads to two big data breaches; hackers hit an influential newspaper as U.S. election season moves into high gear; exploring industry-specific case studies and why half of employees fear reporting a cybersecurity blunder.


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Get Vonahi’s exclusive report on the top findings of thousands of penetration tests. GET THE REPORT>>



Seattle-Tacoma International Airport

https://www.seattletimes.com/seattle-news/what-we-know-about-the-possible-cyberattack-that-hit-sea-tac-airport/

Exploit: Hacking

Seattle-Tacoma International Airport: Airport

cybersecurity news gauge indicating extreme risk

Seattle-Tacoma International Airport is struggling after a cyberattack that began Saturday.  So far, no mass flight delays or cancellations have been reported. The Seattle Port Authority confirmed the cyberattack at the airport, which disrupted phone systems and websites as well. The airport is investigating with the help of outside experts and is working closely with federal partners, including the Transportation Security Administration (TSA) and Customs and Border Protection (CBP). 

How It Could Affect Your Customers’ Business: This attack had the potential to cause much more chaos, highlighting the importance of infrastructure security.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


Halliburton

https://therecord.media/halliburton-systems-offline-cyberattack-sec

Exploit: Hacking

Halliburton: Oil Company

cybersecurity news represented by agauge showing severe risk

Halliburton, the multinational oil giant, experienced a cyberattack on Wednesday that impacted operations at its Houston headquarters. The company proactively took certain systems offline and instructed some staff not to connect to internal networks. An investigation and response efforts are ongoing, including system restoration and assessing the incident’s impact. The company said that law enforcement has been notified.

How It Could Affect Your Customers’ Business: Attacks that can disrupt the energy sector are especially dangerous for businesses and the public.

Kaseya to the Rescue:  Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>


VeriSource Services (VSI) 

https://www.jdsupra.com/legalnews/verisource-services-announces-data-3309278

Exploit: Hacking

VeriSource Services (VSI): Business Services

cybersecurity news represented by a gauge indicating moderate risk

VeriSource Services, Inc. (VSI) reported a data breach to the Texas Attorney General after discovering unauthorized access to sensitive information, including names, dates of birth and Social Security numbers, belonging to employees and dependents of companies using VSI’s services. The breach occurred around February 27, 2024. On August 21, 2024, VSI began notifying affected individuals of the breach through data breach letters. 

How It Could Affect Your Customers’ Business: Cybercriminals are always hungry for personal data that can be turned for a quick profit.

Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>


CannonDesign

https://www.scmagazine.com/brief/avoslocker-ransomware-attack-against-cannondesign-confirmed

Exploit: Ransomware

CannonDesign: Architecture and Engineering Firm

cybersecurity news represented by a gauge indicating moderate risk

CannonDesign, a U.S.-based architectural and engineering firm, confirmed a data breach affecting 13,000 clients following an AvosLocker ransomware attack in January 2023. Attackers accessed the firm’s network from January 19 to 25, exfiltrating names, Social Security numbers, addresses and driver’s license numbers. While CannonDesign stated there was no evidence of data misuse, the breach also exposed project schematics, client details, IT information and other sensitive documents. 

How It Could Affect Your Customers’ Business: No business is safe from cybercrime, no matter what the sector or size.

Kaseya to the Rescue:  Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>


Oregon Zoo 

https://kcby.com/news/local/oregon-zoo-warns-online-ticket-purchasers-after-data-breach

Exploit: Hacking

Oregon Zoo: Zoological Park

cybersecurity news represented by agauge showing severe risk

The Oregon Zoo warns visitors that payment information may have been compromised for those who bought tickets online between December 20 and June 26. An unauthorized person redirected payments from a third-party vendor, potentially accessing customer names, payment card numbers, CVV codes and expiration dates. The zoo has notified federal authorities and rebuilt a secure site for online ticket purchases.

How it Could Affect Your Customers’ Business: Payment card security needs to be as much of a priority for businesses as other cybersecurity concerns.

Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>> 


Microchip Technology

https://www.tomshardware.com/tech-industry/cyber-security/microchip-technology-suffers-cyberattack-operations-impacted-while-extent-of-attack-is-investigated

Exploit: Hacking

Microchip Technology: Manufacturer

cybersecurity news gauge indicating extreme risk

Arizona-based semiconductor manufacturer Microchip Technology detected a cyberattack on August 17, disrupting some servers and business operations. The company isolated affected systems, leading to reduced manufacturing output and impacting its ability to fulfill orders. Microchip is working to restore IT systems and normal operations. 

How it Could Affect Your Customers’ Business: With a tight world microchip market, any slowdowns in production could have a ripple effect that impacts many other businesses

Kaseya to the Rescue:  Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



Australia – Meli

https://www.cyberdaily.au/security/11005-exclusive-aussie-not-for-profit-community-support-service-meli-confirms-cyber-attack

Exploit: Ransomware

Meli: Non-Profit

cybersecurity news represented by a gauge indicating moderate risk

Meli, a community support service based in North Geelong, has confirmed it was targeted in a cyberattack, which is under investigation. The Qilin ransomware group claimed responsibility, stating they stole 419,617 files (215 GB of data) in the August 21 attack. The group posted 14 screenshots of stolen documents, including financial statements, confidentiality agreements, passports and a Medicare card, to prove their claim. Meli’s client services remain unaffected, though some internal processes are impacted. Authorities, including Victoria Police and the Australian Cyber Security Centre, have been notified. 

How it Could Affect Your Customers’ Business: Unfortunately, bad actors are happy to attack non-profits too, creating the need for robust security.

Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>



Japan – Toyota

https://www.darkreading.com/cloud-security/toyota-discloses-decade-long-data-leak-exposing-2-15m-customers-data

Exploit: Third Party (Misconfiguration)

Toyota: Carmaker

cybersecurity news represented by a gauge indicating moderate risk

Toyota revealed that a misconfigured cloud bucket exposed over 2.15 million customer records to the open internet for over 10 years, from November 2013 to April 2023. The breach affects customers of Toyota’s Connected services in Japan. Additionally, the ZeroSevenGroup cybercrime gang claims to have stolen data “from a U.S. branch”, potentially a Toyota dealer, including employee and customer details, but the provenance of the data they published has not been confirmed. Toyota says that none of its internal systems were breached, pointing to an unnamed third party as the source of the data.  

How it Could Affect Your Customers’ Business: A cybersecurity incident at a subsidiary or partner can lead to a huge mess for a company to clean up.

Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>> 


Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



 Combat business email compromise (BEC) with RocketCyber


Business email compromise (BEC) can expose sensitive information, execute fraudulent transactions, and cause substantial financial and reputational damage. However, there are steps a company can take to mitigate a company’s risk of falling victim to BEC. In this product brief, you’ll learn about RocketCyber’s Microsoft 365 Remediation feature and how it can help IT professionals tackle these challenges head-on. DOWNLOAD IT>> 


Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>



Explore the top 10 critical pentest findings of 2024


After completing over 10,000 automated network penetration tests, Vonahi has learned a thing or two about how hackers might get into a company’s network. Dive into the results of their research and learn more about staying one step ahead of the bad guys in the Top 10 Critical Pentest Findings Report 2024DOWNLOAD IT>>

Did you miss… the 10 Tips for Successful Employee Security Awareness Training checklist? DOWNLOAD IT>>


AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>




The software supply chain has increasingly become a target for cybercriminals, posing severe risks to businesses and organizations worldwide. A recent study by BlackBerry revealed that more than 75% of software supply chains have experienced cyberattacks in the last 12 months. As software development becomes more complex and interconnected, the supply chain becomes more vulnerable to attacks, especially those exploiting zero-day vulnerabilities. A deep exploration of the growing trouble in the software supply chain and how zero-day exploits exacerbate these risks can give IT professionals a clearer picture of this problem and how to mitigate it. 


In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>



The software supply chain encompasses the entire ecosystem of third-party software, libraries and tools that developers use to create applications. This includes everything from open-source components to proprietary software provided by vendors. As companies integrate more third-party code, the attack surface expands, giving cybercriminals more vulnerable entry points into your system. The impact of a software supply chain attack can be devastating, with a cascade of damage that hits many organizations. In such cases, attackers compromised trusted software providers, inserting malicious code that was then distributed to thousands of customers. The consequences of supply chain attacks can affect businesses in multiple ways. In BlackBerry’s survey, these were the most prominent negative outcomes: 

Top consequences of a software supply chain cyberattack 

  1. Financial loss (64%) 
  2. Data loss (59 %) 
  3. Reputational damage (58 %) 
  4. Operational impact (55 %) 

Source: BlackBerry


Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>



        Zero-day vulnerabilities are previously unknown security flaws that attackers exploit before developers have a chance to patch them. These vulnerabilities are particularly dangerous because they can be weaponized in supply chain attacks to insert malicious code or gain unauthorized access to systems. In the context of the software supply chain, zero-day exploits can be used to compromise a vendor’s software, which is then distributed to end-users without anyone realizing the software is compromised. This creates a cascading effect, where one compromised component can potentially infect an entire ecosystem of applications and services. 

        A recent example of a zero-day software supply chain exploit is the 3CX supply chain attack, which was discovered in March 2023.

        • Exploit: The attackers managed to compromise the company’s software build infrastructure, embedding malicious code in the 3CXDesktopApp, a widely-used softphone application.
        • Impact: The compromised application was then distributed to 3CX’s customers through regular update channels. When users installed or updated the 3CXDesktopApp, the malicious code allowed attackers to execute remote code on infected systems, potentially leading to data theft, lateral movement within networks, and further exploitation.
        • Outcomes: Thousands of organizations using the 3CXDesktopApp were potentially compromised, with attackers able to execute commands on affected systems, leading to data theft and further intrusions. 3CX quickly acknowledged the breach, released a clean version of the app, and advised customers to update their software and check for indicators of compromise.

        What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>



        Securing the software supply chain is a multifaceted challenge, but there are several strategies that organizations can implement to mitigate risks: 

        • Implement a Zero Trust architecture: Zero Trust principles are essential in securing the software supply chain. By assuming that every component, even internal ones, could be compromised, organizations can enforce strict access controls, continuous monitoring and verification processes. This reduces the likelihood of unauthorized access and lateral movement within your systems. 
        • Continuous monitoring and threat intelligence: Implement real-time monitoring of your software supply chain to detect suspicious activities and anomalies. Incorporating threat intelligence feeds can help you stay informed about emerging zero-day threats and vulnerabilities in the software you depend on. 
        • Don’t neglect security audits: Regularly audit your software supply chain to identify and patch vulnerabilities. This doesn’t need to be a tedious manual process. Choose an automated tool to ensure that audits are done on time without adding to your IT team’s burdens. 
        • Frequent penetration testing: Penetration testing can help you understand how an attacker might exploit a zero-day vulnerability in your environment and provide insights into improving your defenses. 
        • Use Software Bill of Materials (SBOMs): An SBOM is a detailed inventory of all components in a piece of software, including third-party and open-source libraries. Having an SBOM allows organizations to quickly identify and remediate vulnerabilities in specific components if a zero-day exploit is discovered. 
        • Secure your development environment: Ensure that your development environment is secure, as attackers often target the build process to inject malicious code. Use code-signing certificates, enforce strict access controls, and monitor for unauthorized changes to source code. 
        • Vendor risk management: Establish strong vendor risk management practices by thoroughly vetting your software suppliers. Require them to adhere to stringent security standards and provide transparency about their security practices. Regularly review and update these practices as the threat landscape evolves. 
        • Patch management: Develop a robust patch management strategy that prioritizes critical updates and security patches. Automate the deployment of patches wherever possible to minimize the window of exposure to zero-day vulnerabilities. 

        The software supply chain is a critical yet vulnerable component of modern software development. As the threat landscape evolves, particularly with the rise of zero-day exploits, organizations must adopt proactive measures to secure their supply chains. By implementing strategies like Zero Trust and implementing continuous monitoring, penetration testing and regular security audits, businesses can reduce the risk of supply chain attacks and safeguard their software ecosystems. Staying vigilant and prepared is essential in a world where the software supply chain is increasingly under siege. Taking these steps now will protect your organization and build resilience against future threats. 


        Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>



        Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.    

        BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.     

        Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.    

        Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages. 

        RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

        Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).      

        Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero-days and ransomware, with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average. 

        Learn more about our security products, or better yet, take the next step and book a demo today! 


        See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>



        September 12: Kaseya+Datto Connect Local Milton Keynes, UK REGISTER NOW>>

        September 17: Kaseya+Datto Connect Local Los Angeles  REGISTER NOW>>

        September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>

        October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

        November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>


        dark web threats

        Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


        Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

        Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!


        let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

        Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

        LEARN MORE>>


        Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

        See Graphus in action in an on-demand video demo WATCH NOW>>


        Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

        SCHEDULE IT NOW>>