The Week in Breach News: 09/04/24 – 09/10/24
This week: Another organization falls to the MOVEit exploit; business email compromise (BEC) snags a regional government; RocketCyber’s Microsoft 365 Remediation feature; and how MSPs can help clients navigate the ransomware resurgence.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Centers for Medicare & Medicaid Services
https://www.newsweek.com/medicare-data-breach-wisconsin-1950454
Exploit: Zero Day exploit
Centers for Medicare & Medicaid Services: Healthcare
Between May 27 and May 31, 2023, a data breach occurred when unauthorized third parties exploited a vulnerability in the MOVEit service, compromising beneficiaries’ personal information, according to the Centers for Medicare & Medicaid Services (CMS). MOVEit’s developer, Progress Software, disclosed the breach on May 31, but the Wisconsin Physicians Service Insurance, a CMS contractor, recently discovered that files containing Medicare claims data and personal information had been affected. CMS and WPS are notifying 946,801 individuals whose data may have been exposed, outlining steps to take in response.
How It Could Affect Your Customers’ Business: Zero Day exploits like MOVEit will continue to be a growing problem for organizations in every sector and can often be addressed through regular patching.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Avis
Exploit: Hacking
Avis: Travel & Tourism
New Jersey-based rental car giant Avis has reported a data breach affecting 299,006 individuals. In this breach, bad actors accessed sensitive customer information such as names, addresses, emails, phone numbers, birth dates, credit card details and driver’s license numbers. A filing with Maine’s attorney general disclosed the breach. Texas is the most affected state, accounting for 34,592 individuals. Avis also owns the Budget car rental and Zipcar car-sharing brands.
How It Could Affect Your Customers’ Business: A data breach can impact a company’s reputation and make consumers hesitant to do business with that company again.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Rite Aid
https://www.supermarketnews.com/grocery-technology/rite-aid-recovering-from-security-breach
Exploit: Credential Compromise
Rite Aid: Healthcare
Drugstore chain Rite Aid has disclosed that it experienced a data breach on June 6, 2024. Bad actors successfully compromised an employee’s credentials and gained access to sensitive business data. The breach exposed customer addresses, dates of birth and ID numbers from purchases between June 6, 2017, and July 30, 2018. Social Security numbers and healthcare information were not affected.
How It Could Affect Your Customers’ Business: Even old data that is stolen in a data breach can be used for nefarious purposes by bad actors.
Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
St. Charles Parish, LA
Exploit: Business Email Compromise
St. Charles Parish, LA: Government
Officials in St. Charles Parish, Louisiana, recently discovered a cyberattack involving a vendor whose email system was compromised. This allowed a threat actor to alter the vendor’s banking details, leading to a $1 million invoice payment being redirected to the fraudulent new account. An investigation by local and federal law enforcement is underway following the vendor’s inquiry about the payment.
How It Could Affect Your Customers’ Business: Security awareness training is an inexpensive and effective way to prevent employees from falling into cybercriminal traps like this BEC incident.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Planned Parenthood of Montana
Exploit: Ransomware
Planned Parenthood of Montana: Healthcare
Planned Parenthood of Montana confirmed a cyberattack that began on Aug. 28, 2024. The cybercrime group RansomHub has claimed responsibility. In a post on the group’s dark web leak site, the gang claimed to have stolen 93 gigabytes of data. The healthcare organization said that it was able to quickly institute its incident response plan and minimize damage.
How it Could Affect Your Customers’ Business: The exposure of sensitive medical data like this could be traumatic and harmful for the clinic’s clients.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Highline Public Schools
Exploit: Hacking
Highline Public Schools: Education
Highline Public Schools, a district south of Seattle with 17,500 students, canceled classes for Monday due to a cyberattack. The district detected unauthorized activity on its systems and is working with partners to restore them. The closure affects all school activities, athletics, and meetings. The attack has disrupted communications, transportation and attendance records, but no personal information theft has been detected.
How it Could Affect Your Customers’ Business: The education sector has been a top target for ransomware gangs because schools can’t afford delays, making them likely to pay up.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
U.K. – Tewkesbury Borough Council
https://therecord.media/tewkesbury-borough-council-near-gchq-cyberattack
Exploit: Hacking
Tewkesbury Borough Council: Government
Tewkesbury Borough Council in Gloucestershire, England, has warned residents of a cyberattack and is assuming its systems have been compromised. The council has shut down its systems as part of the response, leading to service disruptions and busy phone lines. The specifics of the attack and whether personal information was affected are still unclear. Residents have been asked not to contact the council except in an emergency.
How it Could Affect Your Customers’ Business: Bad actors are a menace to governments and government agencies of every size.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Guam – Guam Seventh-Day Adventist Clinic
Exploit: Hacking
Guam Seventh-Day Adventist Clinic: Healthcare
Guam Seventh-Day Adventist Clinic has experienced a data breach. The healthcare provider said that unauthorized persons gained access to a few employee email accounts occurred between Jan. 23 and Feb. 3, 2023. An investigation revealed that personal and protected health information, including names, contact details, financial information and medical records, was exposed. Not all types of data were affected for every individual.
How it Could Affect Your Customers’ Business: a mixed bag of medical records and financial information can be a profitable haul for bad actors.
Kaseya to the Rescue: There is a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Combat BEC effectively with RocketCyber
BEC can lead to expensive nightmares like sensitive data breaches, fraud and reputational harm. In this feature sheet, you’ll learn how RocketCyber’s Microsoft 365 Remediation feature addresses these issues with:
- One-click account disabling
- Threat visibility across Microsoft 365
- Suspicious login detection
- Built-in risk detection
- Azure AD activity tracking
Download the feature sheet today to enhance your business security with RocketCyber’s advanced tools. DOWNLOAD IT>>
Get your comprehensive guide to email-based cyberattacks
What do many of today’s most damaging cyberattacks have in common? Many of them are email-based attacks, and the advent of artificial intelligence (AI) is only making them more dangerous. In The Comprehensive Guide to Email-based Cyberattacks, you’ll learn about:
- The tools and techniques cybercriminals are using for email-based cyberattacks, including AI
- Different types of email-based cyberattacks
- Strategies for defending against email-based cyberattacks
Did you miss…the 6 Confusing Cybersecurity Solutions, Explained infographic? GET IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Here’s How MSPs Can Protect Their Clients During This Ransomware Surge
One of the most devastating cyberattacks that businesses face today is enjoying a resurgence: ransomware. A complex and destructive cyberattack that can drive a business to its knees quickly, ransomware has been a top threat to businesses in the past few years. However, the rate of attack had plateaued. Not anymore. Ransomware and business email compromise (BEC) attacks made up 60% of all cyber incidents in Q2 2024, according to a report by Cisco’s Talos Incident Response (Talos IR) arm and that’s bad news for corporate IT professionals and managed service providers.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Ransomware is having a moment
BEC is still a top problem but has remained relatively stable this year, a pattern that looks set to continue. However, in Q1 2024, ransomware was on the decline. Unfortunately, that was temporary, because ransomware is back in a big way. Ransomware clawed its way back up to 30% of the Cisco team’s engagement in Q2 2024, a dramatic 22% increase over Q1 2024.
One notable surge Cisco noted was in attacks against tech industry targets, up by 30%. Researchers suggested that attackers may target tech firms as a pathway to other industries, given their critical role in supporting various sectors, including essential infrastructure. Cisco’s experts theorize that bad actors may view organizations in the technology sector as potential entry points into other industries due to their important role in supporting and servicing a wide range of industries. Retail, healthcare, pharmaceuticals and education rounded out the top five sectors impacted by ransomware in Q2 2024.
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Don’t neglect system and device patching
Cisco notes that the leading way attackers gained access in Q2 was through compromised credentials, accounting for 60% of attacks—a 25% jump from Q1. Attackers were focused on attacking weaknesses in critical systems to gain access in Q2. In 80% of ransomware attacks observed, bad actors targeted critical systems like virtual private networks (VPNs). In those cases, the VPNs were left vulnerable to attack by a lack of patching or weak authentication requirements. Additionally, 40% of these attacks used command obfuscation, such as Base64 encoding, to evade detection, showing increasing sophistication in attackers’ methods.
An uptick in attacks targeting network devices was also noted this quarter, making up 24% of engagements. These attacks included password spraying, vulnerability scanning and exploitation. Researchers suggested that since network devices play a crucial role in managing data flow in and out of the network, it’s essential to keep them regularly patched and closely monitored. If these devices are compromised, attackers could easily move into the organization, redirect or alter network traffic and monitor communications.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
How can MSPs keep their customers out of trouble?
For MSPs, this turbulent landscape represents both a challenge and an opportunity. Clients are increasingly looking to their MSPs for cybersecurity expertise and robust solutions that will help mitigate the risks of these devastating attacks. Here are five practical tools that MSPs can leverage to protect their clients from ransomware and BEC attacks.
1. Regular Employee Security Awareness Training
Many BEC attacks are successful because employees fall victim to phishing emails that look legitimate. By providing regular training that helps employees recognize the signs of phishing, social engineering, and other scams, MSPs can significantly reduce the risk of human error. Even better, include regular phishing simulations in the training that are customized to reflect the client’s real threats, to keep employees on their toes.
2. Dark Web Monitoring
Attackers frequently use compromised credentials found on the dark web to infiltrate systems, and they’ve got plenty to choose from. MSPs should utilize dark web monitoring services to be informed immediately if a client’s protected business and personal credentials, including domains, IP addresses and email addresses are spotted on the dark web.
3. Extended Detection and Response (XDR)
In order to quickly react to threats and minimize their impact, MSPs need 24/7 visibility into three critical areas for their clients: endpoints, cloud, and network. An XDR platform with multi-tenant cloud architecture, integrated with existing security tools, can provide continuous threat monitoring and instant visibility. This makes it easy for MSPs to stop advanced threats and enhance their clients’ security posture with expert-backed cybersecurity.
4. Enhanced Antiphishing
Both ransomware and BEC are often email-based. That makes it crucial to block phishing attempts and suspicious messages before they even reach an employee’s inbox. However, sophisticated phishing threats can slip right by the onboard security that comes with productivity suites like Microsoft 365. Adding an anti-phishing solution that leverages artificial intelligence (AI) to spot and stop eve advanced threats is the smart proactive approach to mitigating phishing risk.
5. Incident Response Planning
Cybersecurity incidents are going to happen, and preparedness is the key to minimizing damage, disruption and costs. Having a well-documented and rehearsed incident response plan (IRP) ensures that both MSPs and clients know exactly how to respond if ransomware or a BEC attack hits. A formal, tested IRP minimizes panic, ensures a quick reaction and helps everyone get on the same page fast.
As ransomware and BEC attacks continue to increase in frequency and complexity, MSPs are in a prime position to offer enhanced security services to their clients. By focusing on these key strategies, MSPs can provide their clients with comprehensive protection against these evolving cyber threats while ensuring their businesses remain resilient in the face of attacks. The stakes are high, but with the right tools and processes in place, MSPs can help their clients stay one step ahead of cybercriminals.
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
ID Agent and RocketCyber Help Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages.
RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Learn more about our security products, or better yet, take the next step and book a demo today!
Top Cyber Threats & Rising Ransomware Groups: What You Need to Know
September 12, 2024 | 1 pm ET / 10 am PT
Join us for an enlightening webinar featuring Jim Freely, Product Manager, and Austin O’Saben, Product Marketing Manager at RocketCyber. Our experts will delve into pressing cyber threats like ransomware and provide actionable strategies to strengthen your defenses. They’ll cover:
- Top cyber threats: Learn about the most significant and emerging threats.
- AI in cyberattacks: Understand how AI is evolving cyberattacks and making them harder to detect.
- The impact of cybercrime: Explore the challenges organizations face with today’s threat landscape.
- Rising ransomware groups: Discover which ransomware groups are increasing and how to prepare.
- Combating threats: Get effective strategies to enhance your security posture.
Secure your spot now and gain valuable insights from our experts! REGISTER NOW>>
September 12: Kaseya+Datto Connect Local Milton Keynes, UK REGISTER NOW>>
September 17: Kaseya+Datto Connect Local Los Angeles REGISTER NOW>>
September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>
October 17: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!