The Week in Breach News: 10/04/23 – 10/10/23
This week: A cyberattack slows Estes Express Lines, Sony gets caught up in a MOVEit-related data breach, learn more about the new Automated User Reports feature in BullPhish ID and an introduction to the advantages businesses gain from penetration testing.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Estes Express Lines
Exploit: Hacking
Estes Express Lines: Trucking Company
Risk to Business: 1.803 = Severe
Virginia-based trucking company Estes Express Lines has disclosed that it was the victim of a cyberattack. The company posted on its blog that the attack caused an outage in its core infrastructure, impacting a number of its systems. Estes was careful to say that its terminals and drivers are still effectively picking up and delivering freight. The company is still working on restoring its systems and investigating the incident.
How It Could Affect Your Customers’ Business: Bad actors have been heavily targeting important hubs in the supply chain like trucking companies.
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
District of Columbia Board of Elections (DCBOE)
Exploit: Supply Chain Attack
District of Columbia Board of Elections (DCBOE): Government Agency
Risk to Business: 1.603 = Severe
The District of Columbia Board of Elections (DCBOE) has discovered that it has experienced a data breach. The agency said that its investigation into the claims has revealed that the attackers accessed voter data through the web server of DataNet, its hosting provider. DCBOE said that it became aware of cybersecurity incident on October 5. DCBOE was quick to say that its internal databases and servers were not compromised. A threat actor known as RansomedVC has claimed responsibility for the attack.
How It Could Affect Your Customers’ Business: Supply chain attacks have been steadily rising and businesses need to have a plan in place to handle them.
Kaseya to the Rescue: See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>
23andMe
https://cyberscoop.com/23andme-user-data-theft/
Exploit: Hacking
23andMe: DNA Testing Company
Risk to Business: 1.873 = Moderate
23andMe is investigating a cybersecurity incident after a cybercrime group boasted of obtaining its data. The unidentified group said that it had snatched 20 million pieces of data from 23andMe. The company confirmed that certain 23andMe customer profile information was compiled through unauthorized access to individual 23andMe.com accounts but did not admit to a data breach.23andMe said that some user accounts that had opted in to 23andMe’s “DNA Relatives” service had potentially been scraped. The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.
How It Could Affect Your Customers’ Business: This kind of data is highly sensitive and cybercriminals could use it to spear phish or facilitate blackmail
Kaseya to the Rescue: What cyberattacks are the most popular this year, and what should you be preparing for in 2024? This webinar tells you everything. WATCH WEBINAR>>
Builders Mutual Insurance Company
https://www.cybersecuritydive.com/news/builders-mutual-data-breach/695697/
Exploit: Supply Chain Attack
Builders Mutual Insurance Company: Insurer
Risk to Business: 1.710 = Severe
Builders Mutual Insurance Company has discovered that an unauthorized party was able to access the company’s computer network. Builders Mutual said in a filing with the Maine Attorney General that in this incident bad actors had been able to access sensitive information belonging to claimants and current and former employees including their names, Social Security numbers, medical information, health insurance information and workers’ compensation information. The company said that the attack occurred in December 2022, but it had not determined exactly whose data had been impacted until August 2023 and it sent out data breach notification letters to those affected on September 29, 2023.
How It Could Affect Your Customers’ Business: Insurers may hold a wide variety of potentially valuable information about insureds that cybercriminals would love to get their hands on.
Kaseya to the Rescue: Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats like employee errors in this infographic. DOWNLOAD IT>>
Flagstar Bank
Exploit: Supply Chain Attack
Flagstar Bank: Financial Institution
Risk to Business: 1.673 = Severe
Flagstar Bank has informed an estimated 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. The bank said that the information had been compromised as a result of a MOVEit-related attack on one of its service providers Fiserv, a provider of payment processing and mobile banking services used by many financial institutions. Flagstaff Bank was quick to reassure customers that this incident didn’t involve any of Flagstar Bank’s systems and did not impact its ability to service the customers.
How it Could Affect Your Customers’ Business: Ransomware risk has been steadily rising for companies in the financial sector, and all companies should be working to mitigate it.
Kaseya to the Rescue: Learn more about ransomware risk and the ways that IT professionals can keep companies out of trouble in our eBook Ransomware 101 DOWNLOAD IT>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
United Kingdom – Lyca Mobile
https://www.hackread.com/lyca-mobile-cyber-attack-investigate-ransomware/
Exploit: Ransomware
Lyca Mobile: Mobile Virtual Network Operator
Risk to Business: 1.612 = Severe
Lyca Mobile said that it had fallen victim a cyberattack that caused widespread disruption for millions of its customers. The company said that it detected the incident on September 30 and took action to contain it. However, bad actors were able to steal some data. Lyca Mobile said that it holds customer information including names, dates of birth, addresses, copies of identity documents such as copies of passports or identity cards as well as records of customer service interactions and some payment card information, including the last four digits of customers’ credit card numbers. Lyca Mobile says that it notified the U.K.’s Information Commissioner’s Office of the incident.
How it Could Affect Your Customers’ Business: Customer service records can contain a treasure trove of data for bad actors.
Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>>
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
Australia – Royal Women’s Hospital
https://thecyberexpress.com/royal-womens-hospital-data-breach/
Exploit: Credential Compromise
Royal Women’s Hospital: Medical Center
Risk to Business: 2.802 = Moderate
The Royal Women’s Hospital in Melbourne has fallen victim to a data breach. The hospital said that cybercriminals had gained unauthorized access to a staff member’s private email account, which had been used to review and coordinate patient appointments and care strategies. An investigation uncovered that personal information belonging to 192 patients may have been exposed. Officials were quick to emphasize that there was no breach of the hospital’s official email or IT systems and that the electronic medical records of patients remain secure.
How it Could Affect Your Customers’ Business: Security awareness training helps prevent employees from falling victim to social engineering and giving up their credentials.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Japan – Sony
Exploit: Ransomware
Sony: Electronics and Entertainment Conglomerate
Risk to Business: 1.716 = Severe
Sony revealed that it has suffered a data breach related to the MOVEit vulnerability. The company said that 6,800 current and former employees had data exposed in this indent. The Cl0p ransomware group, the gang behind the hack, added Sony to its leak site in July, but Sony just confirmed the hack. The company said that the incident occurred on May 28, just two days before the vulnerability was made public.
How it Could Affect Your Customers’ Business: Zero-day vulnerabilities are becoming more frequent and that’s big problem that businesses have to face today.
Kaseya to the Rescue: What are the biggest risks that organizations face right now? Find the answer in our Mid-Year Cyber Risk Report 2023! DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
BullPhish ID makes security training even easier with Automated User Reports
The BullPhish ID team is excited to announce Automated User Reports — a highly requested new feature that enhances product reporting capabilities and user experience.
This feature automates the generation and delivery of end-user reports for phishing and training campaigns within a specified date range. You can schedule these reports for regular distribution, allowing for better tracking and management of campaign progress at the individual user level.
The new automated reporting enables you to save a substantial amount of time that would otherwise be spent on manual report management tasks. On average, our MSP partners invest 4-6 hours per month in the labor-intensive process of manually downloading detailed campaign reports and then compiling and delivering these reports to their clients. With this feature, that time-consuming and repetitive work is eliminated, allowing you to redirect your efforts toward more valuable activities, such as sales and client engagement.
For detailed instructions on accessing this feature with screenshots, please refer to this KB article.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Now available: The Comprehensive Guide to Third-party and Supply Chain Risk
Over half (52%) of global organizations know a partner that has been affected by ransomware, illustrating the danger that businesses face. A heightened risk for a supply chain attack must be a major concern for IT professionals.
The 2023 edition of The Comprehensive Guide to Third-party and Supply Chain Risk contains essential information about how a company incurs supply chain risk and what IT professionals can do to mitigate it.
Did you miss…The Evolution of Endpoint Detection and Response (EDR): Datto EDR Buyers Guide? DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
How Penetration Testing Gives IT Professionals Big Advantages
In today’s fast-paced cybersecurity world, with zero-day exploits and novel cyberattacks lurking around every corner, companies need to ensure that they haven’t left any gaps in their defenses. Cybercriminals are constantly evolving their tools and techniques, and companies need to stay a step ahead to keep them out of their systems and data. One essential method for companies to do that is to do penetration testing. This security tool gives companies insight into the resilience of their defenses to help the company locate security flaws before those flaws are exploited in a cyberattack.
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
What is penetration testing?
A penetration test, often called a pen test, is a security tool that launches mock cyberattacks to find vulnerabilities in a computer system. This testing enables IT professionals to find security gaps and identify how bad actors could circumvent the security features of an application, system or network. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability. Penetration tests play a crucial role in helping organizations proactively identify and mitigate security threats before malicious actors can exploit them, thereby enhancing their overall security resilience.
The process of a penetration test typically follows a structured methodology to ensure a thorough evaluation of an organization’s cybersecurity defenses. Pen tests simulate real-world attacks on an organization’s IT infrastructure, applications and network. While the exact steps and techniques may vary depending on the scope and objectives of the test, here is a general overview of the pen testing process:
Pre-engagement Phase:
- Define Scope: Clearly define the scope of the penetration test, including what systems, networks, and applications will be tested.
- Set Objectives: Establish specific goals and objectives for the test, such as identifying vulnerabilities, assessing the effectiveness of security controls, or testing incident response procedures.
- Obtain Authorization: Obtain written authorization from the organization’s management to conduct the test to avoid any legal issues.
Information Gathering:
- Reconnaissance: Gather information about the target environment, such as IP addresses, domain names, network architecture, and potential entry points.
- Open-Source Intelligence (OSINT): Collect publicly available information about the organization, its employees, and infrastructure.
Vulnerability Analysis:
- Scan and Enumeration: Conduct scans and network enumeration to identify active hosts, services, and potential vulnerabilities.
- Vulnerability Assessment: Use automated tools and manual techniques to discover and assess vulnerabilities in systems and applications.
Exploitation:
- Attempt Exploits: Ethical hackers attempt to exploit identified vulnerabilities, gaining unauthorized access to systems or applications.
- Escalation: If initial access is achieved, testers may attempt to escalate privileges and gain deeper access within the environment.
Post-Exploitation:
- Maintain Access: Testers may try to maintain access to the compromised system for further exploration.
- Pivoting: Move laterally within the network to explore other systems and assess the extent of a potential breach.
Documentation:
- Record Findings: Document all findings, including successful exploits, vulnerabilities, their severity, and the steps taken during the test.
- Screenshots and Logs: Capture screenshots and logs to provide evidence of successful compromises.
Reporting:
- Generate a Detailed Report: Compile a comprehensive report summarizing the test’s findings, including a risk assessment, recommendations for mitigation, and potential impact of successful attacks.
- Executive Summary: Provide an executive-level summary of the findings for non-technical stakeholders.
Debriefing:
- Meet with the organization’s stakeholders to discuss the results of the test, answer questions, and provide guidance on remediation steps.
Remediation and Follow-Up:
- Work with the organization to prioritize and address identified vulnerabilities and weaknesses.
- Re-test: Conduct follow-up tests to verify that vulnerabilities have been remediated effectively.
Final Reporting:
- Provide a final report confirming the successful remediation of identified issues and a summary of the security improvements made.
Post-Test Evaluation:
- Conduct a post-test evaluation to assess the effectiveness of the penetration test process and identify areas for improvement.
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
vPenTest is a game-changer
Welcome to a new era of network penetration testing powered by vPenTest, an award-winning solution from Vonahi. This solution is powered by years of pen testing expertise, combining comprehensive methodologies and essential tools into a single cloud-based platform. vPenTest, is backed by consultants with over 10 years of experience holding certifications including CISSP, eCPPT, OSCP, OSCE, CEH and more. The developers of vPenTest have conducted hundreds of security assessments for hundreds of clients within various industries.
vPenTest can perform pre- and post-breach simulations at any time within both the internal and external network environments. With its automation, accessibility and comprehensive capabilities, vPenTest empowers organizations of all sizes to proactively manage risks, strengthen security and protect against emerging threats affordably. Over 6000 organizations, including managed service providers, managed security service providers, financial institutions, compliance companies and internal IT teams, rely on vPenTest to safeguard their networks.
Many organizations only test yearly because of the expense and complexity of hiring a specialist firm. But vPenTest eliminates that problem with automated features and an easy-to-use platform at an unbeatable price, significantly less than the cost of a traditional or manual network penetration test. This enables organizations to bring pen testing in-house, making it easy to run monthly pen tests to find security flaws before the bad guys do.
See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>
7 big benefits of pen testing with vPenTest
vPenTest from Vonahi is an award-winning solution that makes regular penetration testing easy. These seven big benefits are among the many reasons why vPenTest is a must-have:
- Continuous risk assessment: vPenTest offers an ideal choice for organizations of all sizes to continuously evaluate cybersecurity risks in real-time. In a world of ever-evolving threats, this continuous assessment helps companies stay ahead and adapt proactively.
- Staying ahead of emerging threats: The solution equips organizations to stay ahead of emerging threats. With real-time updates and testing, vulnerabilities can be identified and patched before they are exploited by malicious actors.
- Strengthening security posture: vPenTest helps companies find improvement areas, tackle vulnerabilities and exploits, and ultimately strengthens their security posture while reducing potential risks. It’s a proactive approach to securing networks.
- Empowering IT teams: In a world where uncertainty and fear of hacks can be paralyzing, vPenTest empowers IT teams to proactively manage risks. By simulating real-world attacks and identifying vulnerabilities, it provides the confidence to take action.
- Reducing exposure to breaches: vPenTest helps IT professionals reduce a company’s exposure to potential breaches, protect its reputation, and avoid the financial and reputational damage associated with cyberattacks or data breaches.
- Streamlining resources: Resource constraints are a common challenge for IT teams. vPenTest addresses this by automating pen testing, enabling IT teams to achieve more with limited resources.
- Efficient cybersecurity management: The platform helps IT teams efficiently manage cybersecurity responsibilities, stay ahead of potential threats and meet business demands without compromising security.
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
Why choose vPenTest?
vPenTest has a variety of outstanding features that make it a leader in the space including:
- Extensive pen testing expertise and tools: vPenTest brings together the collective wisdom of experienced penetration testers, their methodologies and a curated set of essential tools. This combination ensures comprehensive and efficient testing of internal and external network vulnerabilities.
- A cutting-edge SaaS platform: vPenTest is a Software-as-a-Service (SaaS) platform that automates the process of internal and external network penetration testing. It faithfully replicates the actions of a manual pen test, reducing the need for human intervention.
- Easy accessibility and affordability: This platform makes penetration testing accessible and affordable for organizations of all sizes. IT professionals don’t have to settle for just a yearly vulnerability assessment. vPenTest allows even small IT teams to conduct regular pen tests to bolster their defenses.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Get started with vPenTest
vPenTest is the ideal penetration testing solution for businesses and managed services providers (MSPs). Over 6000 organizations, including MSPs, managed security service providers (MSSPs), financial institutions, compliance companies and internal IT teams, rely on vPenTest to safeguard their networks. Let us show you how you can benefit from penetration testing with vPenTest..
Learn more: https://www.vonahi.io/
Schedule a demo: https://www.vonahi.io/vpentest/schedule-a-demo
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
October 12: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
October 17: Kaseya + Datto Connect Local Columbus REGISTER NOW>>
October 18: Kaseya + Datto Connect Local South Africa REGISTER NOW>>
October 19: Kaseya + Datto Connect Local Vancouver REGISTER NOW>>
October 24: Kaseya + Datto Connect Local Seattle REGISTER NOW>>
October 26: Kaseya + Datto Connect Local San Francisco REGISTER NOW>>
November 2: Kaseya + Datto Connect Local New York REGISTER NOW>>
November 7: Kaseya + Datto Connect Local New York REGISTER NOW>>
November 7: Kaseya + Datto Connect Local London REGISTER NOW>>
November 9: Kaseya + Datto Connect Local Manchester REGISTER NOW>>
November 14: Kaseya + Datto Connect Local Montreal REGISTER NOW>>
November 14 – 16: Kaseya DattoCon APAC REGISTER NOW>>
November 16: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
November 30: Kaseya + Datto Connect Local Long Beach REGISTER NOW>>
December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>
December 12: Kaseya + Datto Connect Local Arlington TX (Dallas Area) REGISTER NOW>>
December 14: Kaseya + Datto Connect Local New Orleans REGISTER NOW>>
December 19: Kaseya + Datto Connect Local St. Petersburg, FL REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!