Please fill in the form below to subscribe to our blog

The Week in Breach News: 09/04/24 – 09/10/24

September 11, 2024

This week: Another organization falls to the MOVEit exploit; business email compromise (BEC) snags a regional government; RocketCyber’s Microsoft 365 Remediation feature; and how MSPs can help clients navigate the ransomware resurgence.


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



Centers for Medicare & Medicaid Services

https://www.newsweek.com/medicare-data-breach-wisconsin-1950454

Exploit: Zero Day exploit

Centers for Medicare & Medicaid Services: Healthcare

cybersecurity news represented by agauge showing severe risk

Between May 27 and May 31, 2023, a data breach occurred when unauthorized third parties exploited a vulnerability in the MOVEit service, compromising beneficiaries’ personal information, according to the Centers for Medicare & Medicaid Services (CMS). MOVEit’s developer, Progress Software, disclosed the breach on May 31, but the Wisconsin Physicians Service Insurance, a CMS contractor, recently discovered that files containing Medicare claims data and personal information had been affected. CMS and WPS are notifying 946,801 individuals whose data may have been exposed, outlining steps to take in response.

How It Could Affect Your Customers’ Business: Zero Day exploits like MOVEit will continue to be a growing problem for organizations in every sector and can often be addressed through regular patching.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


Avis 

https://izoologic.com/region/north-america/car-rental-avis-confirms-data-breach-exposing-customer-data

Exploit: Hacking

Avis: Travel & Tourism

cybersecurity news represented by agauge showing severe risk

New Jersey-based rental car giant Avis has reported a data breach affecting 299,006 individuals. In this breach, bad actors accessed sensitive customer information such as names, addresses, emails, phone numbers, birth dates, credit card details and driver’s license numbers. A filing with Maine’s attorney general disclosed the breach. Texas is the most affected state, accounting for 34,592 individuals. Avis also owns the Budget car rental and Zipcar car-sharing brands. 

How It Could Affect Your Customers’ Business: A data breach can impact a company’s reputation and make consumers hesitant to do business with that company again.

Kaseya to the Rescue:  Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>


Rite Aid

https://www.supermarketnews.com/grocery-technology/rite-aid-recovering-from-security-breach

Exploit: Credential Compromise

Rite Aid: Healthcare

cybersecurity news represented by a gauge indicating moderate risk

Drugstore chain Rite Aid has disclosed that it experienced a data breach on June 6, 2024. Bad actors successfully compromised an employee’s credentials and gained access to sensitive business data. The breach exposed customer addresses, dates of birth and ID numbers from purchases between June 6, 2017, and July 30, 2018. Social Security numbers and healthcare information were not affected.

How It Could Affect Your Customers’ Business: Even old data that is stolen in a data breach can be used for nefarious purposes by bad actors.

Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>


St. Charles Parish, LA

https://www.nola.com/news/crime_police/cyber-scheme-hacker-st-charles-government-fbi/article_6563c322-6cb2-11ef-808e-0f3a6ad0054e.html

Exploit: Business Email Compromise

St. Charles Parish, LA: Government

cybersecurity news represented by agauge showing severe risk

Officials in St. Charles Parish, Louisiana, recently discovered a cyberattack involving a vendor whose email system was compromised. This allowed a threat actor to alter the vendor’s banking details, leading to a $1 million invoice payment being redirected to the fraudulent new account. An investigation by local and federal law enforcement is underway following the vendor’s inquiry about the payment.

How It Could Affect Your Customers’ Business: Security awareness training is an inexpensive and effective way to prevent employees from falling into cybercriminal traps like this BEC incident.

Kaseya to the Rescue:  Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>> 


Planned Parenthood of Montana

https://www.techtarget.com/healthtechsecurity/news/366609974/RansomHub-claims-Planned-Parenthood-cyberattack

Exploit: Ransomware

Planned Parenthood of Montana: Healthcare

cybersecurity news represented by agauge showing severe risk

Planned Parenthood of Montana confirmed a cyberattack that began on Aug. 28, 2024. The cybercrime group RansomHub has claimed responsibility. In a post on the group’s dark web leak site, the gang claimed to have stolen 93 gigabytes of data. The healthcare organization said that it was able to quickly institute its incident response plan and minimize damage.

How it Could Affect Your Customers’ Business: The exposure of sensitive medical data like this could be traumatic and harmful for the clinic’s clients.

Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>


Highline Public Schools

https://www.geekwire.com/2024/school-district-south-of-seattle-cancels-classes-monday-due-to-cyberattack

Exploit: Hacking

Highline Public Schools: Education

cybersecurity news gauge indicating extreme risk

Highline Public Schools, a district south of Seattle with 17,500 students, canceled classes for Monday due to a cyberattack. The district detected unauthorized activity on its systems and is working with partners to restore them. The closure affects all school activities, athletics, and meetings. The attack has disrupted communications, transportation and attendance records, but no personal information theft has been detected.

How it Could Affect Your Customers’ Business: The education sector has been a top target for ransomware gangs because schools can’t afford delays, making them likely to pay up.

Kaseya to the Rescue:  Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>



U.K. – Tewkesbury Borough Council

https://therecord.media/tewkesbury-borough-council-near-gchq-cyberattack

Exploit: Hacking

Tewkesbury Borough Council: Government

cybersecurity news represented by a gauge indicating moderate risk

Tewkesbury Borough Council in Gloucestershire, England, has warned residents of a cyberattack and is assuming its systems have been compromised. The council has shut down its systems as part of the response, leading to service disruptions and busy phone lines. The specifics of the attack and whether personal information was affected are still unclear. Residents have been asked not to contact the council except in an emergency.

How it Could Affect Your Customers’ Business: Bad actors are a menace to governments and government agencies of every size.

Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>



Guam – Guam Seventh-Day Adventist Clinic

https://www.guampdn.com/news/guam-seventh-day-adventist-clinic-reports-data-security-breach/article_8332937a-6d97-11ef-9694-1729f6ff8fb9.html

Exploit: Hacking

Guam Seventh-Day Adventist Clinic: Healthcare

cybersecurity news represented by a gauge indicating moderate risk

Guam Seventh-Day Adventist Clinic has experienced a data breach. The healthcare provider said that unauthorized persons gained access to a few employee email accounts occurred between Jan. 23 and Feb. 3, 2023. An investigation revealed that personal and protected health information, including names, contact details, financial information and medical records, was exposed. Not all types of data were affected for every individual.

How it Could Affect Your Customers’ Business: a mixed bag of medical records and financial information can be a profitable haul for bad actors.

Kaseya to the Rescue: There is a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>> 


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



 Combat BEC effectively with RocketCyber


BEC can lead to expensive nightmares like sensitive data breaches, fraud and reputational harm. In this feature sheet, you’ll learn how RocketCyber’s Microsoft 365 Remediation feature addresses these issues with:

  • One-click account disabling
  • Threat visibility across Microsoft 365
  • Suspicious login detection
  • Built-in risk detection
  • Azure AD activity tracking

Download the feature sheet today to enhance your business security with RocketCyber’s advanced tools. DOWNLOAD IT>>



Get your comprehensive guide to email-based cyberattacks


What do many of today’s most damaging cyberattacks have in common? Many of them are email-based attacks, and the advent of artificial intelligence (AI) is only making them more dangerous. In The Comprehensive Guide to Email-based Cyberattacks, you’ll learn about:

  • The tools and techniques cybercriminals are using for email-based cyberattacks, including AI
  • Different types of email-based cyberattacks
  • Strategies for defending against email-based cyberattacks

DOWNLOAD IT>>

Did you miss…the 6 Confusing Cybersecurity Solutions, Explained infographic? GET IT>>


AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>




One of the most devastating cyberattacks that businesses face today is enjoying a resurgence: ransomware. A complex and destructive cyberattack that can drive a business to its knees quickly, ransomware has been a top threat to businesses in the past few years. However, the rate of attack had plateaued.  Not anymore. Ransomware and business email compromise (BEC) attacks made up 60% of all cyber incidents in Q2 2024, according to a report by Cisco’s Talos Incident Response (Talos IR) arm and that’s bad news for corporate IT professionals and managed service providers. 


In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>



BEC is still a top problem but has remained relatively stable this year, a pattern that looks set to continue. However, in Q1 2024, ransomware was on the decline. Unfortunately, that was temporary, because ransomware is back in a big way. Ransomware clawed its way back up to 30% of the Cisco team’s engagement in Q2 2024, a dramatic 22% increase over Q1 2024.  

One notable surge Cisco noted was in attacks against tech industry targets, up by 30%. Researchers suggested that attackers may target tech firms as a pathway to other industries, given their critical role in supporting various sectors, including essential infrastructure. Cisco’s experts theorize that bad actors may view organizations in the technology sector as potential entry points into other industries due to their important role in supporting and servicing a wide range of industries. Retail, healthcare, pharmaceuticals and education rounded out the top five sectors impacted by ransomware in Q2 2024.  


Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>



Cisco notes that the leading way attackers gained access in Q2 was through compromised credentials, accounting for 60% of attacks—a 25% jump from Q1. Attackers were focused on attacking weaknesses in critical systems to gain access in Q2. In 80% of ransomware attacks observed, bad actors targeted critical systems like virtual private networks (VPNs). In those cases, the VPNs were left vulnerable to attack by a lack of patching or weak authentication requirements. Additionally, 40% of these attacks used command obfuscation, such as Base64 encoding, to evade detection, showing increasing sophistication in attackers’ methods. 

An uptick in attacks targeting network devices was also noted this quarter, making up 24% of engagements. These attacks included password spraying, vulnerability scanning and exploitation. Researchers suggested that since network devices play a crucial role in managing data flow in and out of the network, it’s essential to keep them regularly patched and closely monitored. If these devices are compromised, attackers could easily move into the organization, redirect or alter network traffic and monitor communications.   


a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>



For MSPs, this turbulent landscape represents both a challenge and an opportunity. Clients are increasingly looking to their MSPs for cybersecurity expertise and robust solutions that will help mitigate the risks of these devastating attacks. Here are five practical tools that MSPs can leverage to protect their clients from ransomware and BEC attacks. 

1. Regular Employee Security Awareness Training 

Many BEC attacks are successful because employees fall victim to phishing emails that look legitimate. By providing regular training that helps employees recognize the signs of phishing, social engineering, and other scams, MSPs can significantly reduce the risk of human error. Even better, include regular phishing simulations in the training that are customized to reflect the client’s real threats, to keep employees on their toes.

2. Dark Web Monitoring 

Attackers frequently use compromised credentials found on the dark web to infiltrate systems, and they’ve got plenty to choose from. MSPs should utilize dark web monitoring services to be informed immediately if a client’s protected business and personal credentials, including domains, IP addresses and email addresses are spotted on the dark web.

3. Extended Detection and Response (XDR) 

In order to quickly react to threats and minimize their impact, MSPs need 24/7 visibility into three critical areas for their clients: endpoints, cloud, and network. An XDR platform with multi-tenant cloud architecture, integrated with existing security tools, can provide continuous threat monitoring and instant visibility. This makes it easy for MSPs to stop advanced threats and enhance their clients’ security posture with expert-backed cybersecurity. 


4. Enhanced Antiphishing  

Both ransomware and BEC are often email-based. That makes it crucial to block phishing attempts and suspicious messages before they even reach an employee’s inbox. However, sophisticated phishing threats can slip right by the onboard security that comes with productivity suites like Microsoft 365.  Adding an anti-phishing solution that leverages artificial intelligence (AI) to spot and stop eve advanced threats is the smart proactive approach to mitigating phishing risk.  

5. Incident Response Planning 

Cybersecurity incidents are going to happen, and preparedness is the key to minimizing damage, disruption and costs. Having a well-documented and rehearsed incident response plan (IRP) ensures that both MSPs and clients know exactly how to respond if ransomware or a BEC attack hits. A formal, tested IRP minimizes panic, ensures a quick reaction and helps everyone get on the same page fast.  

As ransomware and BEC attacks continue to increase in frequency and complexity, MSPs are in a prime position to offer enhanced security services to their clients. By focusing on these key strategies, MSPs can provide their clients with comprehensive protection against these evolving cyber threats while ensuring their businesses remain resilient in the face of attacks. The stakes are high, but with the right tools and processes in place, MSPs can help their clients stay one step ahead of cybercriminals. 


Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>



Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.    

BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.     

Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.    

Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages. 

RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.    

Learn more about our security products, or better yet, take the next step and book a demo today! 



Top Cyber Threats & Rising Ransomware Groups: What You Need to Know

September 12, 2024 | 1 pm ET / 10 am PT

Join us for an enlightening webinar featuring Jim Freely, Product Manager, and Austin O’Saben, Product Marketing Manager at RocketCyber. Our experts will delve into pressing cyber threats like ransomware and provide actionable strategies to strengthen your defenses. They’ll cover:

  • Top cyber threats: Learn about the most significant and emerging threats.
  • AI in cyberattacks: Understand how AI is evolving cyberattacks and making them harder to detect.
  • The impact of cybercrime: Explore the challenges organizations face with today’s threat landscape.
  • Rising ransomware groups: Discover which ransomware groups are increasing and how to prepare.
  • Combating threats: Get effective strategies to enhance your security posture.

Secure your spot now and gain valuable insights from our experts! REGISTER NOW>>

September 12: Kaseya+Datto Connect Local Milton Keynes, UK REGISTER NOW>>

September 17: Kaseya+Datto Connect Local Los Angeles  REGISTER NOW>>

September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>

October 17: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!