The Week in Breach News: 09/06/23 – 09/12/23
This week: Ransomware leads to sensitive military data exposure in the UK, a cyberattack knocks out MGM Resorts, two refreshed campaigns from Powered Services Pro and exploring how to mitigate the danger of social engineering in phishing attacks.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Johnson & Johnson
Exploit: Misconfiguration
Johnson & Johnson: Pharmaceutical Company
Risk to Business: 1.676 = Severe
Pharma and medtech conglomerate Johnson & Johnson has experienced a data breach that impacts consumers who use its CarePath platform. IBM, the developer of the platform, notified customers that their data may have been accessed by unauthorized parties after the pharma giant discovered an exploitable flaw. IBM fixed the problem and investigated the incident. That investigation showed that bad actors had snatched data from users who enrolled before July 2023. The stolen data includes a user’s full name, contact information, date of birth, health insurance information, medication information and medical condition information. IBM is offering a free year of credit monitoring to those who may be affected by the incident.
How It Could Affect Your Customers’ Business: Companies need to be prepared for a supply chain or third-party data breach.
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
Sabre
https://techcrunch.com/2023/09/06/ransomware-gang-claims-credit-for-sabre-data-breach/
Exploit: Ransomware
Sabre: Travel Booking Platform
Risk to Business: 1.832 = Severe
Major travel booking platform Sabre has experienced a data breach caused by a ransomware attack. The Dunghill Leak ransomware group claimed responsibility for the attack. The gang said on its dark web leak site that it had stolen 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data and corporate financial information. The group posted several screenshots as proof of the July 2023 hack. Some included passport images, employee records and tax forms. The incident is under investigation.
How It Could Affect Your Customers’ Business: Companies that hold a wide variety of data like personal data and financial data are very attractive targets.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
Freecycle
https://www.cshub.com/attacks/news/freecycle-data-breach-impacts-7-million-members
Exploit: Hacking
Freecycle: Consumer Goods Exchange Platform
Risk to Business: 2.873 = Moderate
Freecycle, a nonprofit organization that enables members to exchange reusable items to prevent them from ending up in landfills, has disclosed a data breach that may impact seven million people. The company said that some user data was stolen in the attack including usernames, User IDs, email addresses and passwords. Freecycle said that it became aware of the data breach on August 30, 2023, although its data has been available on the dark web since May 2023.
How It Could Affect Your Customers’ Business: It’s not a good look for organizations to not discover that their data is available on the dark web for months.
Kaseya to the Rescue: What cyberattacks are the most popular this year, and what should you be preparing for in 2024? This webinar tells you everything. WATCH WEBINAR>>
MGM Resorts
https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/
Exploit: Hacking
MGM Resorts: Hotel & Casino Operator
Risk to Business: 1.210 = Extreme
MGM Resorts, operator of hotels like the MGM Grand in Las Vegas, has announced that it is experiencing a cyberattack that drastically impedes its business. Major systems are impacted at its hotels and casinos as well as online, including its main website, online reservations, and in-casino services, like ATMs, slot machines and credit card machines. Some guests reported problems with room keys. MGM said that the attack began on September 10, and systems remained down as of September 11.
How It Could Affect Your Customers’ Business: This is a huge, expensive disaster for MGM with this cyberattack not only impacting their hotel business but their casinos too.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>>
See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>
United Kingdom – Zaun
https://www.infosecurity-magazine.com/news/sensitive-data-uk-army-potentially/
Exploit: Ransomware
Zaun: Fencing Manufacturer
Risk to Business: 1.673 = Severe
The LockBit ransomware gang is responsible for an August 2023 ransomware attack on UK fencing company Zaun that may have resulted in sensitive military data becoming exposed. The company, a contractor for The Ministry of Defense, said that the breach occurred through a Windows 7 PC that was running software for one of its manufacturing machines. Zaun says that nothing was encrypted but confirmed that LockBit has stolen some very sensitive data. Reports say that the group accessed information that could help bad actors access HMNB Clyde nuclear submarine base, Porton Down chemical weapons lab and a GCHQ listening post. Detailed drawings of other military sites and high-security prisons were also included among the stolen data. LockBit demanded payment by August 29. When that deadline passed, the gang began publishing data on its dark web leak site.
How it Could Affect Your Customers’ Business: A successful cyberattack or data security incident impacting a government contractor can have major repercussions.
Kaseya to the Rescue: Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>>
Holland – NXP Semiconductors
Exploit: Hacking
NXP Semiconductors: Technology Manufacturer
Risk to Business: 2.612 = Moderate
Dutch semiconductor company NXP has informed customers that they may have had their personal information exposed in a data breach. The affected customers appear to have an online NXP account, which provides access to technical content and community support. The exposed data includes customers’ full names, email addresses, postal addresses, business phone numbers, mobile phone numbers, company names, job titles and descriptions and communication preferences. The hack occurred on July 11, 2023, and was discovered by NXP a few days later on July 14. It remains under investigation.
How it Could Affect Your Customers’ Business: Specialized information like job titles can help bad actors conduct more effective spear phishing operations.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
Australia – Dymocks
Exploit: Hacking
Dymocks: Bookseller
Risk to Business: 1.802 = Severe
Dymocks, a venerable bookstore chain, has announced that it experienced a data breach that may impact 836k customers. The company discovered the hack after researchers informed it that its customer data had appeared on the dark web on September 6, 2023. The company said that it sees no intrusion of its own systems and contends that the data may have come from a third-party service provider. The exposed data includes a customer’s full name, date of birth, email address, postal address, gender and specialty membership details (gold expiry date, account status, account creation date, card ranking). The company says the incident has been reported to the relevant authorities and it remains under investigation.
How it Could Affect Your Customers’ Business: Companies can still be in for a world of trouble if their data is stolen from one of their service providers.
Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>
Australia – TissuPath
Exploit: Supply Chain Attack
TissuPath: Pathology Laboratory Chain
Risk to Business: 2.382 = Severe
TissuPath is investigating a data security incident that led to the exposure of sensitive health data going back a decade. The company says that the data was exposed due to one of its storage drives being illegally accessed by compromised user accounts at one of its service providers. TissuPath stressed that its main database and reporting system that stores patient diagnoses was not compromised. Stolen data includes scanned pathology request forms with information such as patient names, dates of birth, contact details, Medicare numbers and private health insurance details. The BlackCat/ALPHV group has claimed responsibility, claiming that it stole 446GB of data which has been published on the dark web.
How it Could Affect Your Customers’ Business: Supply chain risk has been steadily increasing for organizations, and they need take action now to mitigate it.
Kaseya to the Rescue: What are the biggest risks that organizations face right now? Find the answer in our Mid-Year Cyber Risk Report 2023! DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Two refreshed campaigns from Powered Services Pro
MSPs, use these two refreshed campaigns from Powered Services Pro to start profitable conversations with your customers.
Compliance Essentials
Businesses can’t ignore the need for compliance. A corporate compliance program is crucial for businesses to meet legal obligations, mitigate risks, uphold ethical standards, protect their reputation and build trust with stakeholders. This campaign helps MSPs educate clients about compliance.
Graphus: Simple, Automated & Affordable Email Security
This campaign helps you raise awareness of Graphus to boost your sales. Show clients why Graphus is the ideal choice for AI-driven, automated email security.
Learn more at Powered Services Pro!
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The 2023 edition of Phishing 101 is here!
Did you know that 9 in 10 cyberattacks start with phishing? We’ve gathered data about the biggest phishing risks that businesses face today in the new 2023 edition of Phishing 101. This eBook is perfect for sharing with clients. We’ll explore:
- The anatomy of a phishing attack
- Detailed profiles of common types of phishing attacks
- What to do to protect businesses from phishing
Did you miss… our Top Cyberattack Trends of 2023 webinar? WATCH NOW>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Social Engineering is the X Factor That Helps Cyberattacks Succeed
The vast majority of cyberattacks are caused by one factor: human beings. In its 2023 Data Breach Investigations Report, Verizon found that the human element is a factor in 74% of total breaches. Human beings are gullible, and bad actors take advantage of that every day. That’s one reason why social engineering is a favored technique of cybercriminals, especially when conducting phishing operations. It’s a huge problem for businesses as well as the IT professionals that keep them safe. The advent of AI in cyberattacks, especially in phishing attacks where it can be incredibly effective, makes mitigating social engineering risk vital. By taking a look at social engineering in cyberattacks and some red flags that indicate its presence, it’s easy to see that every business can quickly take action to reduce its risk of a cybersecurity disaster caused by social engineering.
Excerpted in part from Phishing 101, available now. DOWNLOAD IT>>
Social engineering primer
At the core of a phishing attack, the most expensive digital scam, the cybercriminal’s goal is to gain the trust of their victims to trick them into taking an action that will facilitate the bad actor’s desired result. Social engineering is the X-factor that makes phishing so effective. Savvy cybercriminals will put time and effort into social engineering in order to perpetrate believable frauds that lure targets into a false sense of security.
Examples include:
- Preying on the target’s emotions by stoking fear or anxiety.
- Exploiting natural disasters, wars or emergencies.
- Evoking a false sense of security through nostalgia or brand reputation.
- Creating boring, routine emails that don’t raise suspicion, like a password reset request.
- Simulating messages employees deal with every day, like system notifications.
- Mimicking internally facing corporate emails that staffers will feel compelled to read.
- Raising excitement or greed by promising the target a reward for following directions.
- Imitating a business partner to persuade the victim to disclose proprietary information.
- Posing as tech support to gain access to passwords.
- Sending believable fake invoices and demanding payment from the target.
Phishing practitioners have scammed 92% of organizations across the globe using sophisticated techniques like social engineering, AI, spoofing and fraudulent websites.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
2 cyberattacks made possible by social engineering
Most phishing-based cyberattacks include at least some elements of social engineering. These two varieties serve as good examples of attacks that rely heavily on social engineering to succeed.
Business Email Compromise (BEC)
The theme
Business email compromise (BEC) is a type of phishing attack that uses fake emails to request payment from a business. Sometimes, BEC and executive phishing or whaling (detailed below) go hand in hand. Businesses can lose huge sums fast in BEC attacks, which are the second most expensive type of cyber fraud. In fact, there has been a 38% rise in BEC over the last four years.
The goal
Getting businesses to transfer money or provide sensitive financial information under false pretenses.
The scam
The tricky part of spotting BEC attacks is that they’re carefully crafted to be so believable that they fly right under the radar. They are primarily targeted to ensnare people within an organization who handle matters of payment or can access funds quickly, such as:
- Administrative assistants who routinely process payments for small expenses.
- Clerks who make vendor payments.
- Budget controllers who pay for recurring services.
- Accounting personnel who regularly renew licenses or pay government fees.
- Associates who regularly wire money to other companies.
- Any employee who has access to spend or transfer funds.
How is social engineering a factor?
Social engineering is one of the most important and influential factors in BEC. Many BEC schemes feed on giving the victim a sense of urgency that they’d better fulfill the fraudulent request or something bad will happen and they’ll be in trouble. For example, a clerk may receive a fake email purporting to be from an angry vendor, that says the company owes the vendor money and that the vendor will withhold further shipments until the company’s outstanding balance is paid. The clerk would then feel stressed to take care of the problem quickly (send the money) before a shipment is delayed and they’re on the hot seat for it.
The damage
BEC enables cybercriminals to get paid directly and capture financial information, like bank accounts and executive credit card numbers, to facilitate fraud and other financial damage.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Whaling/CEO Fraud
The theme
Whaling, sometimes called CEO fraud, is a highly specialized spear phishing attack that is crafted to perfectly imitate a company executive, or alternately, to fool a company executive into thinking that the message is from a trusted source. Whaling is often a precursor to BEC.
The goal
To lure an employee into performing an action like giving out a privileged credential, supplying sensitive information or transferring money without asking questions out of a desire to please the boss. Alternately, cybercriminals use this technique to convince executives that they are a trustworthy business associate who is owed money or is privy to proprietary data.
The scam
Highly specific lures are crafted using personalized information about the target gathered from publicly available sources, harvested from social media sites and obtained from dark web markets and data dumps. Sometimes the cybercriminals will spoof legitimate messages or leverage a legitimate email account gained through BEC. These lures can include:
- Emails from the recipient’s bank, credit card company or a similar source.
- Invoices from contractors or freelancers.
- Requests for information by colleagues in other branches of the company
- Updates from a software vendor.
- Charitable donation requests.
- Fake political emails from candidates or parties.
- Attachments like brochures or notices from trusted sources like a government agency.
- Spoofed messages from the recipient’s regular service providers, suppliers or other vendors.
How is social engineering a factor in whaling or CEO fraud?
Social engineering works in a whaling or CEO fraud scenario much the same way that it works in BEC with a few differences. Here, the person being targeted isn’t a clerk but someone with power. Often, executives are able to circumvent safeguards that may prevent others from paying an invoice or providing information. Executives are also less likely to have received regular security awareness training, making them more likely to fall for cybercriminal lures.
The damage
Whaling and CEO fraud aren’t the most frequently conducted types of phishing because each operation requires extensive research and a high level of skill in crafting and delivery. Bad actors will frequently use brand impersonation in these attacks and usually favor posing as Zoom, Amazon and DHL.
What helps reduce the chance that social engineering works?
Cybersecurity awareness training is critical for avoiding trouble with social engineering. Employees who receive regular security awareness training are 70% less likely to cause a security incident. That wisdom applies to a company’s executives as well. An executive falling for a social engineering trick can do major damage quickly. Everyone should receive regular security awareness training to keep them vigilant and informed about the cyberattacks that they may encounter, including phishing attacks that include social engineering elements.
Of course, the best way of ensuring that an employee doesn’t fall for a social engineering trick in a phishing message is to ensure that they don’t recieve the phishing message at all. Plus, it can be a challenge for even savvy employees to sniff out phishing when bad actors use technology like Chat GPT to write highly believable messages without the usual phishing red flags. AI-driven email security can make smart choices about the legitimacy of messages by reviewing their content, not just checking safe sender lists.
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
Kaseya’s Security Suite Offers IT Professionals the Tools for Security Success
Get powerful protection and must-have tools for keeping businesses out of cybersecurity trouble with Kaseya’s Security Suite.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
TODAY! Must-have Security Tools For 2023 And Beyond
Rapid-fire Demos of the Kaseya Security Suite
Wednesday, September 13th |1 pm ET / 10 am PT
To actively combat the ever-evolving threat landscape of 2023 and beyond, you must consistently reimagine cybersecurity. Join our cybersecurity experts on September 13 at 1 PM ET / 10 AM PT to learn how our innovative cybersecurity products — Graphus, Dark Web ID, BullPhish ID and Kaseya Managed SOC powered by RocketCyber — take your security to the next level. Register today and discover how you can significantly bolster your IT security. REGISTER NOW>>
September 13: Must-have Security Tools For 2023 And Beyond REGISTER NOW>>
September 14: Kaseya + Datto Connect Local San Antonio REGISTER NOW>>
September 21: Kaseya + Datto Connect Local Nashville REGISTER NOW>>
September 26: Kaseya + Datto Connect Local Katy (Houston Area) REGISTER NOW>>
September 28: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>
October 10: Kaseya + Datto Connect Local Minneapolis REGISTER NOW>>
October 12: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
October 17: Kaseya + Datto Connect Local Columbus REGISTER NOW>>
October 18: Kaseya + Datto Connect Local South Africa REGISTER NOW>>
October 19: Kaseya + Datto Connect Local Vancouver REGISTER NOW>>
October 24: Kaseya + Datto Connect Local Seattle REGISTER NOW>>
October 26: Kaseya + Datto Connect Local San Francisco REGISTER NOW>>
November 2: Kaseya + Datto Connect Local New York REGISTER NOW>>
November 7: Kaseya + Datto Connect Local New York REGISTER NOW>>
November 7: Kaseya + Datto Connect Local London REGISTER NOW>>
November 9: Kaseya + Datto Connect Local Manchester REGISTER NOW>>
November 14: Kaseya + Datto Connect Local Montreal REGISTER NOW>>
November 14 – 16: Kaseya DattoCon APAC REGISTER NOW>>
November 16: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
November 30: Kaseya + Datto Connect Local Long Beach REGISTER NOW>>
December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>
December 12: Kaseya + Datto Connect Local Arlington TX (Dallas Area) REGISTER NOW>>
December 14: Kaseya + Datto Connect Local New Orleans REGISTER NOW>>
December 19: Kaseya + Datto Connect Local St. Petersburg, FL REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!