Please fill in the form below to subscribe to our blog

The Week in Breach News: 09/13/23 – 09/19/23

September 20, 2023

This week: Caesars loses against ransomware, an unusual vector for a cyberattack at Airbus, ransomware causes transportation trouble and a look at cyberattacks that could be made worse by ChatGPT. 

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>

Caesars Entertainment

Exploit: Ransomware

Caesars Entertainment: Hotel & Casino Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.676 = Severe

Casino titan Caesars Entertainment is the latest Las Vegas institution hit by a cyberattack, joining rival MGM Resorts International. One critical difference though: Caesar’s said that its gambling operations were not disrupted. The company told the federal Securities and Exchange Commission (SEC) that a data breach on September 7 may have exposed the driver’s license information and Social Security number of its loyalty rewards members. The company also pinned the problem on a social engineering attack on its outsourced IT support vendor. Reports vary on the name of the group responsible for the attack, but most agree that the attack was carried out by an affiliate of ALPHV/BlackCat, the same attacker that hit MGM last week. Caesars also reported that it paid the ransom. The attackers initially demanded $30 million but Caesars said it ultimately paid about half of that after negotiations. The incident remains under investigation.

How It Could Affect Your Customers’ Business: Companies need to be prepared for a supply chain or third-party cyberattack or data breach.

Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>


Exploit: Ransomware

ORBCOMM: Trucking Software Solutions Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.203 = Extreme

ORBCOMM, a major fleet management solutions provider to the trucking industry, has experienced a ransomware attack that created a service outage. The company said that since the September 6 ransomware attack, it has been unable to provide electronic services, including inventory management and Blue Tree ELD devices, used to ensure that truckers adhere to federal safety regulations about driving hours. Truckers were forced to switch to paper logs, which federal regulations only permit them to use for eight days per month. ORBCOMM said that they hope to restore services by September 29.  

How It Could Affect Your Customers’ Business: Companies like this that are linchpins in the supply chains of certain industries are the kind of targets that cybercriminals favor for ransomware attacks.

Kaseya to the Rescue:  See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>

The International Joint Commission (IJC)

Exploit: Hacking

The International Joint Commission (IJC): Treaty Organization

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.873 = Moderate

The venerable International Joint Commission (IJC), a group established by the 1909 Boundary Waters Treaty to regulate projects that impact border waterways and water quality between the U.S. and Canada, has experienced a data breach. The NoEscape ransomware group claims to have stolen 80 GB of proprietary data from IJC including contracts, geological files and conflict of interest forms. IJC confirmed that it is investigating a data security incident but offered no details. NoEscape did not publicize a ransom demand.  

How It Could Affect Your Customers’ Business: Proprietary data can be just as valuable and sought-after as flashier types of data.

Kaseya to the Rescue: What cyberattacks are the most popular this year, and what should you be preparing for in 2024? This webinar tells you everything. WATCH WEBINAR>>

EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>

Canadian Nurses Association (CNA)

Exploit: Ransomware

Canadian Nurses Association (CNA): Professional Organization

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.710 = Moderate

The Canadian Nurses Association (CNA) has disclosed that it has experienced a data breach. CNA said that the incident occurred in April 2023. Two groups, Snatch and Nokoyawa, have claimed responsibility for the attack, but Snatch bolstered its claim by posting 37GB of stolen data to its dark web leak site last week. No specifics about the stolen data types were available at press time. The incident remains under investigation.

How It Could Affect Your Customers’ Business: Professional organizations often hold a variety of data about their members, making them attractive ransomware targets.

Kaseya to the Rescue:  Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>> 

See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>

United Kingdom – Greater Manchester Police (GMP)

Exploit: Supply Chain Attack

Greater Manchester Police (GMP): Law Enforcement

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

 A ransomware attack on a third-party supplier to UK police forces has resulted in the exposure of personal data for officers in the Greater Manchester Police (GMP) force. The unnamed Manchester-area supplier is the same company responsible for the data breach a few weeks ago affecting London’s Metropolitan Police. As in that incident, details of serving officers’ warrant cards, which include names, ranks, photos and serial numbers, were obtained by bad actors. More than 12,500 Greater Manchester police (GMP) officers and staff could be impacted by this breach.  

How it Could Affect Your Customers’ Business: A successful cyberattack or data security incident impacting a government contractor can have major repercussions.

Kaseya to the Rescue:  Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>> 

France – Airbus

Exploit: Hacking

Airbus: Aerospace Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

Airbus is admitting that it has suffered a data breach after about 3200 of its suppliers appeared in a post on a dark web forum. Reports say that a threat actor using the moniker “USDoD” is behind the lea. The group’s post on BreachForums says that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. The group claims to have snatched details on thousands of Airbus vendors, including names, addresses, phone numbers and emails. The group also claimed that it was able to carry out the attack because the victim “likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path.” 

How it Could Affect Your Customers’ Business: Specialized information like this can help bad actors conduct more effective spear phishing and business email compromise operations.

Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>> 

young brunette caucasian woman sits at a com[uter mo

See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>

Australia – BG Group

Exploit: Supply Chain Attack

BG Group: Fuel Supplier

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

BG Group, a company owned by Shell, is the latest company to admit that it suffered a data breach thanks to the MOVE-it transfer protocol exploit. Shell said that the stolen employee data was very old, dating from 2013, but that the personal details could still put people at risk of phishing attacks. The company began informing affected staff members in early July. More than 600 businesses have been impacted by the MOVEit exploit.

How it Could Affect Your Customers’ Business: Zero-day vulnerabilities are popping up with greater frequency than ever.

Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>

New Zealand – Auckland Transport (AT)

Exploit: Ransomware

Auckland Transport (AT): Transportation Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe

 Auckland, New Zealand’s transportation authority has reported that some of its systems were taken offline following a ransomware attack. The government-owned regional transportation authority in the Auckland region is responsible for public transportation, roads and other infrastructure. AT said that it is experiencing issues with its integrated ticketing and fares system HOP, impacting the ways that customers can top up fare cards. AT has assured the public that they are rebuilding the damaged system as quickly as possible.  

How it Could Affect Your Customers’ Business: Cybercriminals don’t spare government agencies, no matter how small or local.

Kaseya to the Rescue: What are the biggest risks that organizations face right now? Find the answer in our Mid-Year Cyber Risk Report 2023! DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

New Super Pro Campaign: Cybersecurity Awareness available now!

Powered Services Pro has just dropped a new Super Pro campaign, Cybersecurity Awareness: Staying Safe Online. This campaign aims to help MSPs make the most of Cybersecurity Awareness Month this October by reinforcing the importance of cybersecurity as a daily, continuous effort requiring constant vigilance, ongoing awareness, and a proactive approach to protect against the latest cyber threats. This campaign includes three mini “kits” with bonus assets. GET IT NOW>>

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Don’t miss this must-see new on-demand webinar

To actively combat the ever-advancing threat landscape of 2023 and beyond, you must consistently reimagine cybersecurity. Watch the on-demand webinar and discover how Graphus, Dark Web ID, BullPhish ID and Managed SOC, the market’s most robust security solutions, can help you take your cyber defenses to the next level. WATCH NOW>> 

Did you miss…the “What Phishing Tricks Do Employees Fall for?” infographic? DOWNLOAD IT>>

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

Are You Ready to Defend Against AI-enabled Phishing?

AI has revolutionized cybersecurity, making it easier for cybersecurity teams to work efficiently and effectively. Unfortunately, the other side of the coin is that AI has also revolutionized cybercrime. Bad actors are leveraging the power of tools like ChatGPT to launch sophisticated and dangerous phishing attacks that are difficult for even the savviest employee to catch. However, there are measures that companies can take to mitigate their risk of trouble from an AI-enabled phishing attack. 

Excerpted in part from the eBook Phishing 101 DOWNLOAD IT>>

How has AI helped bad actors with phishing?  

Generative AI has been a game changer for cybercriminals. It allows them to bypass some of their biggest challenges as well as deploy more effective attacks more quickly. Researchers have noted a steep increase in cyberattacks using novel social engineering methods, up over 130% in 2023 and they attribute that growth to cyberattacks that abuse AI tools like ChatGPT.   

Large Language Models (LLM) like ChatGPT are incredible gifts for cybercriminals. They can quickly and easily solve problems that lead to their messages being easily detectable, like bad grammar and spelling. LLMs quickly and thoroughly understand spelling, sentence structure, colloquialisms and usage, making it a breeze for bad actors to construct phishing messages with few red flags. Researchers have discovered that underground hacking teams frequently utilize OpenAI for its quick code generation and email writing capabilities.   

an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>

2 types of phishing that could be powered up with ChatGPT 

Bad actors are using tools like ChatGPT to launch hard-to-detect phishing attacks that enable an array of dangerous cyberattacks that rely on social engineering to succeed. In fact, researchers have noted an uptick in malicious messages purporting to be from a company’s internal IT team, quite a feat of phishing engineering. A surge in specialized attacks like that demonstrates just how precisely cybercriminals can craft a malicious message using technology like ChatGPT. AI tools can be used to conduct any type of phishing attack, like the two attacks included below that may be made easier and more effective through the use of AI technology. 

Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>

Conversation Hijacking

THE THEME Conversation hijacking is a targeted email attack that begins with a phishing message designed to lure victims into disclosing their email credentials. If successful, it allows cybercriminals to use the victim’s login credentials, insert themselves into the conversation undetected and monitor communications with peers, management and external business contacts to learn about the company’s operations and practices.

THE GOAL Gather information to create and send highly personalized messages that mimic the victim’s persona to convince and scam recipients for financial gain.

THE SCAM Conversation hijacking can result in attackers launching deceiving phishing messages that raise zero suspicion. Targets may trust these messages and click on any links in them, blindly download attachments or even share financial data. As conversation hijacking is highly personalized, bad actors can:

  • Obtain personally identifiable information of their targets.
  • Collect business-critical data.
  • Misuse credit card details and other financial information.
  • Make use of a victim’s business contact information to disrupt customer relationships.
  • Access the target’s devices to launch ransomware.
  • Procure sensitive information about the company to tarnish its reputation.

THE DAMAGE Perpetrators can carry out financial fraud easily by targeting people in an organization’s finance department. They can also trick third-party vendors or business partners into obtaining information that can be sold to competitors or buyers on the dark web. This is a cyberattack that can be greatly powered up by ChatGPT. LLMs have no problem learning communication patterns and writing styles, making it a cinch for bad actors to hop into a conversation with highly believable emails.

Learn to defend against devastating cyber threats with A Comprehensive Guide to Email-based Cyberattacks. GET IT>>

Spear Phishing

THE THEME Spear phishing is a type of phishing attack featuring personalized details in the lure that add believability to increase the likelihood that the recipient will take the bait. Spear phishing emails are utilized by an estimated 65% of cybercrime groups when they carry out targeted cyberattacks.

THE GOAL To lure unwary recipients into taking an action that compromises their credentials, divulges sensitive information or deploys malware (including ransomware).

THE SCAM Cybercriminals use personalized information about their targets to craft emails that seem legitimate, often powered by information obtained from dark web markets and data dumps. These lures can include:

  • Emails from the recipient’s alma mater asking for updated address information.
  • A message advising the victim to reset their password at a social media site.
  • Free downloads from organizations to which the recipient belongs.
  • Requests for donations from charities that are in the recipient’s sphere.
  • Fake political emails from candidates or parties.
  • Attachments like brochures or notices from trusted sources like a government agency.
  • Spoofed messages from the recipient’s regular service providers, suppliers or other vendors.

THE DAMAGE Spear phishing is growing increasingly more dangerous as the amount of data available to cybercriminals allows them to create better bait. It is commonly used to capture credentials, steal information, cause a data breach or deploy malware and ransomware. AI-enabled tools like ChatGPT lend themselves well to spear phishing. It’s easy to put in a very specifically targeted prompt and receive a highly personalized message to send.

This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>

Kaseya’s Security Suite arms IT professionals with the tools they need to succeed

Get powerful protection and must-have tools for keeping businesses out of cybersecurity trouble with Kaseya’s Security Suite. 

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.  

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses. 

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.   

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.   

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).   

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams. 

See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>

ID Agent & Graphus Q4 Product Innovation

October 10 | 10 AM EDT | 7 AM PDT | 2 PM GMT

Join us to learn about the latest product innovations for BullPhish ID, Dark Web ID, Passly and Graphus. You will learn about new time-saving product integrations and the latest features and enhancements, including mini-demos of the most exciting features and get a look at what’s on the Security products’ roadmaps for Q4 and beyond! REGISTER NOW>>

September 21: Kaseya + Datto Connect Local Nashville REGISTER NOW>>

September 26: Kaseya + Datto Connect Local Katy (Houston Area) REGISTER NOW>>

September 28: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>

October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>

October 10: Kaseya + Datto Connect Local Minneapolis REGISTER NOW>>

October 12: Kaseya + Datto Connect Local Chicago REGISTER NOW>>

October 17: Kaseya + Datto Connect Local Columbus REGISTER NOW>>

October 18: Kaseya + Datto Connect Local South Africa REGISTER NOW>>

October 19: Kaseya + Datto Connect Local Vancouver REGISTER NOW>>

October 24: Kaseya + Datto Connect Local Seattle REGISTER NOW>>

October 26: Kaseya + Datto Connect Local San Francisco REGISTER NOW>>

November 2: Kaseya + Datto Connect Local New York REGISTER NOW>>

November 7: Kaseya + Datto Connect Local New York REGISTER NOW>>

November 7: Kaseya + Datto Connect Local London REGISTER NOW>>

November 9: Kaseya + Datto Connect Local Manchester REGISTER NOW>>

November 14: Kaseya + Datto Connect Local Montreal REGISTER NOW>>

November 14 – 16: Kaseya DattoCon APAC REGISTER NOW>>

November 16: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>

November 30: Kaseya + Datto Connect Local Long Beach REGISTER NOW>>

December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>

December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>

December 12: Kaseya + Datto Connect Local Arlington TX (Dallas Area) REGISTER NOW>>

December 14: Kaseya + Datto Connect Local New Orleans REGISTER NOW>>

December 19: Kaseya + Datto Connect Local St. Petersburg, FL REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!