The Week in Breach News: 10/12/22 – 10/18/22
Nation-state threat actors hit the Mormon Church, trouble for NHS IT services provider Advanced, a look at the new October Powered Services Pro Campaign and 3 key insights from the GetApp 2022 Ransomware Impacts Survey.
Give your clients the Cybersecurity Monster Hunter’s Checklist as a fun, Halloween-themed way to help them hunt down cybersecurity weaknesses. GET CHECKLIST>>
Indianapolis Housing Agency
https://fox59.com/indiana-news/indianapolis-housing-agencys-server-hacked-by-cyber-thieves/
Exploit: Hacking
Indianapolis Housing Agency: Municipal Housing Authority
Risk to Business: 1.743 = Severe
A cyberattack has caused the shutdown of the internal information and email system of the Indianapolis Housing Agency (IHA). The outage began last Monday. Hackers may have accessed the personal information of approximately 25,000 Indianapolis residents served by IHA. Data from vendors and employees as well as the details of financial transactions shared with the Department of Housing and Urban Development (HUD) may also have been exposed. IHA admitted that it discovered the intrusion on October 3, but had not informed residents or issued a public statement until after local news broke the story on October 6. but did not issue a public statement until October 6. The incident is under investigation.
How It Could Affect Your Customers’ Business: Government agencies are appealing targets for information-hungry cybercriminals thanks to historically poor security.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
The Church of Jesus Christ of Latter-day Saints
Exploit: Nation-State Hacking
The Church of Jesus Christ of Latter-day Saints: Religious Organization
Risk to Business: 1.604 = Severe
The Church of Jesus Christ of Latter-day Saints, colloquially known as the LDS Church or Mormon Church, disclosed that it had suffered a data breach in March 2022 that officials believe was the result of a nation-state cyberattack. This breach involved the exposure of sensitive personal information of Church members, employees, contractors and other people the church kept records about. The breach did not include banking information or donation history. The church said that breach occurred on March 23, 2022, but that they’d not released any information about it at the request of federal investigators.
Individual Risk: 1.723 = Severe
Data stolen in this incident included personal information that church members or employees provided to the church, including basic contact information such as a person’s username in the system, membership record number, full name, gender, email address, birth date, mailing address, phone number and preferred language.
How It Could Affect Your Customers’ Business: This is a goldmine of personal data that will enable cybercrime like phishing and identity theft for years to come.
ID Agent to the Rescue: Are you making the right moves to keep your clients away from nation-state cybercrime trouble? This infographic has 5 tips to help guide you. DOWNLOAD IT>>
VisionWeb Holdings, LLC
https://www.jdsupra.com/legalnews/visionweb-holdings-llc-reports-recent-2308781/
Exploit: Hacking
VisionWeb Holdings, LLC: Software Company
Risk to Business: 2.107 = Severe
VisionWeb Holdings, LLC, a maker of software used in ophthalmology and eye care clinics, has disclosed that it has had a data breach. In a filing with U.S. Department of Health and Human Services (HHS) Office for Civil Rights and the Texas Attorney General, the company said that bad actors were able to access protected health information through a compromised employee email account. The data breach has impacted the confidential information of 35,900 individuals, who have been informed by letter.
Individual Risk: 2.261 = Severe
The breached information varies depending on the individual, it may include your name, Social Security number, government-issued identification number (such as driver’s license or state ID number), medical information and health insurance information.
How It Could Affect Your Customers’ Business: Every business in the healthcare industry needs to be security conscious to avoid punishing fines from regulators.
ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
UK – Advanced
https://techcrunch.com/2022/10/13/advanced-nhs-patient-data-ransomware/
Exploit: Ransomware
Advanced: IT Services Provider
Risk to Business: 1.624 = Severe
UK National Health Service (NHS) IT services provider Advanced announced that it had experienced a data breach stemming from a ransomware attack. LockBit 2.0 ransomware was at the root of the attack. The company initially experienced the ransomware incident on August 4 following widespread disruption to NHS services across the UK in a cyber incident. The Advanced attack took down a number of NHS services ices, including its Adastra patient management system and Carenotes, a system used by mental health trusts for patient information. The company revealed that it had determined that hackers gained access to its systems on August 2 using compromised third-party credentials to establish a remote desktop session to the company’s Staffplan Citrix server. After gaining entry, the attacker moved laterally and escalated privileges, enabling them to conduct reconnaissance and ultimately resulting in the deployment of encryption malware. The company says that it has no evidence that data was exposed or stolen.
How it Could Affect Your Customers’ Business: Service providers are an attractive candidate for ransomware because the bad guys know that those businesses can’t afford downtime.
ID Agent to the Rescue: Learn more about ransomware and reduce your clients’ risk of falling victim to an attack with the tips in our eBook Ransomware Exposed!
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
India – Tata Power
https://techcrunch.com/2022/10/14/india-power-company-tata-power-cyber-attack/
Exploit: Hacking
Tata Power: Utility Company
Risk to Business: 2.363 = Severe
Tata Power, a leading power generation company in India, has confirmed that it was hit by a successful cyberattack that impacted some of its IT systems last Friday. The company was quick to reassure customers and investors that its critical systems were unaffected. In a filing with stock exchanges, Tata Power says that it has taken steps to retrieve and restore the systems. The company also said that it has restricted access and put in place preventive checks for employee and customer-facing portals and touchpoints. No further information was available at press time.
How it Could Affect Your Customers’ Business: Infrastructure is in danger – Bad actors conducted successful cyberattacks against 14 of 16 critical infrastructure sectors in the US in 2021.
ID Agent to the Rescue: Curious to see if you’re offering your clients the right dark web monitoring solution? Explore your options with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>
Give your clients this infographic to start a conversation about getting on the path to zero trust. GET INFOGRAPHIC>>
Australia – Medibank Private
Exploit: Ransomware
Medibank Private: Health Insurer
Risk to Business: 1.731 = Severe
Australia’s largest private health insurer Medibank Private has confirmed that it fell victim to a ransomware attack last week. The health insurer said that the cause of the attack was compromised credentials. Bad actors used those credentials to access Medibank’s systems on Wednesday and deploy ransomware. The company says that its investigation has determined that no customer data was accessed or stolen. Medibank temporarily closed some systems while the activity was investigated but resumed normal business last Friday.
How it Could Affect Your Customers’ Business: Ransomware attacks on healthcare-related sect targets have been a constantly growing problem since 2020.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Australia – MyDeal
https://powerretail.com.au/news/mydeal-latest-hit-with-data-breach-hack/
Exploit: Credential Compromise
MyDeal: Online Retailer
Risk to Business: 1.816 = Severe
MyDeal, an online shopping site operated by Woolworths Group, has disclosed that it has experienced a data breach as a result of a successful cyberattack. The company points to a compromised credential that gave the hackers access to its customer relationship management system as the cause of the incident. Approximately 2.2 million customers were affected, and those customers were sent emails informing them of the incident.
Individual Risk: 1.837 = Severe
Compromised data for MyDeal users may include email addresses, phone numbers, delivery addresses and dates of birth. The company stated that 1.2 million customers involved in the breach had only had their email addresses exposed.
How it Could Affect Your Customers’ Business: Online retailers are excellent sources of data for enterprising cybercriminals.
ID Agent to the Rescue: Sell clients on the benefits of security and compliance training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- 3 Growing Dark Web Dangers Businesses Face Right Now
- 4 Devious Phishing Scams to Watch Out For
- Don’t Miss Our New Integration with IT Glue & Fresh Resources
- Why You Should Be Worried About This Devastating (& Growing) Cyber Threat
- The Week in Breach News: 10/05/22 – 10/11/22
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
October’s Powered Services Pro Campaign is Cybersecurity Awareness
We’re celebrating National Cybersecurity Awareness Month this October with an awesome Powered Services Pro campaign centered on cybersecurity awareness. This campaign is packed with resources that will help you pique your clients’ interest in starting or upgrading their security training program. Get everything you need to juice up your security training sales!
Offer your clients an exclusive activity book themed around security awareness to educate them in a fun and interactive way. DOWNLOAD ACTIVITY BOOK>>
Help your clients understand the necessity and urgency of security awareness training with our complete campaign kit. This value-packed marketing campaign helps you share the latest cybersecurity best practices to help your customers stay one step ahead of emerging ransomware schemes, educate your customers on what’s out there and why training helps reduce risk and offer tips on how to protect their businesses. ACCESS CAMPAIGN KIT>>
Looking for ideas on how to utilize the October Cybersecurity Awareness Campaign? Check out Dan’s Pro Campaign Overview. WATCH VIDEO>>
Not signed up for Powered Services Pro? You’re missing out on an arsenal of sales and marketing tools to help you make more money. What are you waiting for? SIGN UP NOW>>
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
It’s Time for a Cybersecurity Awareness Month Checkup
This is the perfect time to review the security measures that keep your clients safe to make sure that all of the bases are covered.
The Characteristics of a Successful Security Solution checklist – Use this checklist to determine if the email security solution you’re offering your clients is really getting the job done or if it’s time to upgrade. GET CHECKLIST>>
The Complete IAM Checklist – Go over this checklist with your clients to educate them about what IAM can do for their organizations as you guide them toward a safer zero-trust future. GET CHECKLIST>>
Are Your Clients Protected from These Risks? – This checklist can help you review the risks that your clients are facing and determine if you’ve got the right solutions in place to help them stay out of trouble. GET CHECKLIST>>
Did you miss…? The Comprehensive Guide to Business Email Compromise DOWNLOAD IT NOW>>
See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>
3 Key Insights About the Impact of Ransomware
See the damage today’s scariest cyber threat does
This is the month for thrills and chills. It’s also Cybersecurity Awareness Month. So, what is the scariest cyberattack that your clients face? The one that keeps them (and you) up at night? Ransomware was likely the first thing that came to mind. For good reason too. In a recent survey, 91% of the organizations polled said that the cyber threat that they fear the most is ransomware. Your clients need your help to assuage that fear and keep their systems and data (as well as their bottom lines) far away from ransomware trouble. The GetApp 2022 Ransomware Impacts Survey offers a look inside the experiences and consequences for organizations that have had to deal with a ransomware disaster. These three key takeaways can help you educate your clients about the danger that they’re facing and the need to put strong protection against ransomware attacks in place immediately.
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
3 Key Insights About the Impact of Ransomware
These important points offer a look into the struggles of organizations that have fallen victim to a successful ransomware attack.
Today’s ransomware attacks aren’t a one-size-fits-all proposition
A ransomware attack seems like it would go down the same way every time, but that’s far from the truth. Ransomware attacks have many variations. Cybercriminal groups choose combinations of threats and tools to use against companies in a ransomware attack that they think will be effective based on many factors like the purpose of the attack, the group’s operating style, available avenues of attack and myriad other considerations. Of course, one of the most influential factors in the bad guys’ plans is figuring out which approach has a high chance of success for them. That’s a big reason why many of the victimized companies in this survey faced a multifaceted attack. Three in five (60%) victim companies suffered a multifaceted extortion attack.
In a typical multifaceted extortion attack, the victim’s files are encrypted, and a separate attack is launched simultaneously, usually in the form of data theft and/or a distributed denial of service (DDoS) attack. About two-thirds (64%) of the multifaceted extortion victims surveyed said that their experience included a combination of a ransomware attack and a DDoS attack. Data theft was also a common scenario in a multifaceted extortion attack, impacting just over one-half (51%) of respondents. About one-quarter (23%) of victimized organizations faced a triple extortion event. That nasty variation includes a ransomware attack, a DDoS attack and data theft.
Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>
Paying the ransom doesn’t mean avoiding a massive financial hit
Of course, the bad guys’ goal in mounting a multifaceted extortion attack is the same as it is for any ransomware attack: getting paid fast. One advantage that they enjoy with this type of attack is that they gain leverage to ratchet up the pressure on organizations. That pressure often forces companies into ransom negotiations and frequently results in payment of the extortionists’ demands. It’s a very successful approach, making it very appealing to cybercriminals. More than half of companies that fall victim to a multifaceted extortion scheme pay the ransom, whereas only an estimated one-third of standard ransomware attack victims pay up.
Any company that falls victim to a ransomware attack can look forward to shelling out a big chunk of change whether they intend to pay the ransom or not. In this survey, just under half of the respondents said that they’d chosen to pay the bad actors’ extortion demands. Those companies took a serious financial hit, reporting impacts of more than $50,000. Although it is the practice that experts recommend, refusing to pay doesn’t make dealing with a ransomware attack much cheaper. An estimated one in three (34%) companies that did not pay a ransom still said that their total costs were above $50,000 and nearly one in 10 (9%) incurred impacts totaling more than a quarter million dollars.
Learn why ransomware is today’s nastiest threat and how to defend against it in Ransomware 101. READ IT>>
A successful ransomware attack results in a cascade of losses
But extortion payments aren’t the whole story of loss for companies that endure a successful ransomware attack. More than one-third (37%) of survey respondents felt that productivity losses were the single most consequential impact of a ransomware attack. This is a key pressure point for the bad guys. Among companies that paid the ransom, seven in ten (70%) said the ransomware attack had been a major blow to the company’s productivity, compared to only 40% of companies that did not pay the ransom.
The next highest impact results of a ransomware attack were data recovery efforts, cited by just over half (51%) of respondents, and reputational harm, a major problem for four in ten companies (43%). The reality is that even when a company comes out on the other side of a ransomware attack, it will have suffered harm that’s not as easily repaired as lost data. An estimated 80% of companies that dealt with a ransomware disaster lost revenue due to circumstances created by the attack. Even worse, more than half of the survey respondents (62%) said that they’d lost clients as a result of the incident, with more than one-third reporting that they’d lost multiple clients. Consequences like these put a damper on a company’s ability to bounce back from, or even just survive a successful ransomware attack.
We Can Help You Mitigate Your Clients’ Risk of Ransomware Trouble
Our suite of powerful security solutions can help you keep your clients safe from today’s nastiest cyberattacks at a price you’ll both love.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
You’ll love our latest integration between BullPhish ID and Graphus! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
Do You Have What it Takes to be a Cybersecurity Jeopardy Champion?
It’s time to match wits with other IT professionals and our special guests on October 26 at 2 pm ET to see who will be crowned our Cybersecurity Jeopardy champion! Plus, every attendee has the opportunity to win one of the many fun prizes we’ll be awarding throughout the event! Reserve your seat today! REGISTER NOW>>
October 19: 15-Minute Demo: Graphus AI-Driven Email Security REGISTER NOW>>
October 25: Security Suite Product Update Webinar REGISTER NOW>>
October 25-26: Southwest US Summit REGISTER NOW>>
November 2-3: ChannelPro SMB Forum 2022: Los Angeles REGISTER NOW>>
December 6: Connect IT Local – Atlanta REGISTER NOW>>
December 8: Connect IT Local – Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!