Please fill in the form below to subscribe to our blog

The Week in Breach News: 10/20/21 – 10/26/21

October 27, 2021

Ransomware becomes a TV star at Sinclair Broadcast Group, cybercriminals bring tricks and no treats to candymaker Ferrara Candy Company and how cyberattack stress impacts consumers, customers and employees.


Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>



Sinclair Broadcast Group

https://thecyberwire.com/newsletters/week-that-was/5/42

Exploit: Ransomware

Sinclair Broadcast Group: Television Station Operator 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.

ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next, and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>> 


Ferrara Candy Company

https://www.forestparkreview.com/2021/10/22/candy-production-impacted-by-ransomware-attack/ 

Exploit: Ransomware

Ferrara Candy Company: Candy Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 


United States – CoinMarketCap

https://www.cryptodaily.co.uk/2021/10/CoinMarketCap-Data-Breach-Leaks-3-1-M-Email-Addresses

Exploit: Hacking

CoinMarketCap: Cryptoasset Tracker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702=Severe

Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time. So far it’s only an email address list, no other information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.

ID Agent to the Rescue:  See how to transform every employee into a security asset to become the real secret weapon that successful organizations deploy to fight cybercrime like phishing! WATCH NOW>>


us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>



United Kingdom – Tesco

https://www.bbc.com/news/business-59027423

Exploit: Hacking

Tesco: Supermarket Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.115=Extreme

Ubiquitous UK supermarket chain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend. The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday intermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.

ID Agent to the Rescue: Gamify cybersecurity and information safety to make it interesting. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>


Switzerland – MCH Group

https://portswigger.net/daily-swig/swiss-exhibitions-organizer-mch-group-hit-by-cyber-attack 

Exploit: Ransomware

MCH Group: Event Management

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.763 = Moderate

Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewelry show Baselworld.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.

ID Agent to the Rescue Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predict what will happen next in The Global Year in Breach 2021. READ IT>>


Spain – Atento

https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/

Exploit: Hacking

Atento: Customer Service Center Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Customer support giant Atento was hit by a cyberattack on its Brazil-based systems that primarily impacted its operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations have been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers and other businesses that store a large volume of data.

ID Agent to the Rescue Horrors like ransomware lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our new eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>



Thailand – Centara Hotels & Resorts

https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/ 

Exploit: Hacking

Centara Hotels & Resorts: Hotel Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen data on its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip” containing confidential data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.6808 = Severe

Researchers also noted that some employee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.

ID Agent to the Rescue See how industry trends ans stressors impact the cybercrime landscape in our annual cybercrime report The Global Year in Breach 2021. DOWNLOAD IT NOW>>


remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: NEW! Patch notes & bug fixes for October 2021 are up: SEE PATCH INFO>> 



The Web is Dark and Full of Terrors!

Use these resources to help your clients ward off danger from today’s nastiest cybersecurity nightmares!

Monsters of Cybersecurity – Learn to defeat cyberattack horrors keep your clients’ systems and data safe from harm. DOWNLOAD IT>>

The Cybersecurity Monster Hunter’s Checklist – Don’t leave an opening for evil cybercriminals to slip through! DOWNLOAD IT>>

IT Cybersecurity Certification Digital Risk Masterclass – Gain a credential that validates your expertise to clients and prospects! WATCH NOW>>


Did You Miss…?  See what’s next at ID Agent in our Quarterly Product Update! WATCH NOW>>


Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>




 Cyberattacks Stress Out Consumers & Employees 


Cyberattacks negatively impact a company’s prospects


No company ever wants to experience a cyberattack, let alone ride the roller-coaster of incident response and recovery. But an increasing number of companies are finding themselves on that path as cybercrime numbers reach new records. But when businesses consider the cost of a cyberattack, they may not be considering costs that are harder to quantify like damaged consumer sentiment, reduced new business prospects and lowered employee performance. Yet these factors could have a serious impact on a company’s future in the wake of a cyberattack. 


dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>


Damaged Consumer Sentiment & Reduced Business Prospects


Cybersecurity has been a hot topic at news organizations as cyberattacks rock major companies bringing the prospect of a cyberattack affecting them much closer to home for consumers. In just the past 12 months, incidents like the Colonial Pipeline attack and the massive US Federal government hack have brought the danger that comes from cybercrime into focus – and everyone is paying attention. 

 In an online survey of 2,500 adults in the US and Canada conducted in July 2021 by research firm Opinion Matters, it was clear that news of cyberattacks is having a negative impact on consumers and how they feel about businesses who fall victim to them. Researchers found that when asked about how cybersecurity events impacted them, seven in ten respondents said news of data breaches caused them stress. Digging deeper, the researchers found that 64% of respondents said that reading or seeing coverage of ransomware attacks in the news has left them feeling stressed.  

The potential that they may be impacted when a company that they do business with experiences a cybersecurity incident like a data breach was ranked as one of life’s top stressors for many respondents. Almost 40% of respondents indicated that that having their bank account compromised in a cyberattack would be more stressful than losing their employment. The amount of exposure that consumers have to cybersecurity incidents that impact their lives at businesses, non-profits, government agencies and other targets has nearly doubled as well as data breach numbers continue to escalate. Cybersecurity incidents had been experienced by nearly half of all respondents within the past two years, compared to 28% in 2019.   


Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>


The results of a recent poll by The Pearson Institute and the Associated Press-NORC Center for Public Affairs Research. Make it clear that consumers are also paying attention to how companies are handling and protecting their personal information. That study’s research shows that 9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities, and an estimated two-thirds say they are very or extremely concerned about their personal and financial information being compromised a data breach.  

Consumers also believe that businesses don’t really care about protecting their data or client records and they’re not happy about it. A study by Arcserve shows that 70% of consumers believe businesses aren’t doing enough to ensure cyber security including protecting their personal information and building a strong defense against cyberattacks. That lack of consumer confidence is reflected in the fact that consumers clearly do not want to do business with companies that fall victim to a cyberattack. Nearly 2 out of every 3 consumers would likely avoid doing business with an organization that had experienced a cyberattack in the past year. 


Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>


Reduced Employee Performance & Elevated Burnout 


While it may seem obvious that security challenges or cyberattacks would add stress to an organization’s workforce, it may not be as obvious just how bad that stress and burnout can really be. Burnout is a real medical issue, recognized by authorities worldwide as a big problem. The World Health Organization delineates some of the symptoms of burnout as symptoms as “feelings of energy depletion or exhaustion,” “increased mental distance from one’s job”, or “feelings of negativism or cynicism related to one’s job,” and “reduced professional efficacy.” Sound familiar? It does for far too many IT workers.

Cybersecurity-related stress reaches deep into organizations, squeezing the life out of teams that are essential to a company’s success and preventing progress. That stress isn’t limited to security teams either. Everyone in IT is liable to be feeling the pinch of stress and employees don’t feel confident that their employers are interested in doing anything to help them. Almost 70% of professionals said their employers were not doing enough to prevent or alleviate burnout according to Deloitte’s Workplace Burnout Survey, with almost 80% saying that they’ve experienced burnout at their current job.  


security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>


That’s because IT teams are stressed about cybersecurity all the time, not just when an incident happens. The stress of cybersecurity problems is causing burnout to hit IT teams hard. VMware’s 2021 Global Incident Response Threat Report found that 51% of surveyed security professionals experienced extreme stress or burnout over the past 12 months. The additional pressures on IT teams to rapidly rollout work from home capability for every employee in their organization during the global pandemic has only made that problem worse. In the same VMware report, 65% of cybersecurity professionals said they have considered leaving their job because of this added stress.   

The ongoing chronic cybersecurity skills shortage is also not helping the cause. In an August 2021 White House summit for technology leaders, cybersecurity was the focus, and the skills shortage was front and center. Administration officials pointed to the estimated 500,000 open cybersecurity positions in the US as a major contributor to elevated risk for everyone.  An estimated 63% of organizations are experiencing a shortage of IT staff dedicated to cybersecurity. That’s feeding the vicious cycle of stress that is impacting security teams. According to (ISC)2, nearly 60% of global organizations said their companies are at moderate or extreme risk of cyberattacks due to this skills shortage.   

One major resource most companies cannot afford to lose in the midst of a cybersecurity skills shortage is any personnel maintaining their Security Operations Center (SOC). Unfortunately, that’s a place that has been walloped by stress from escalating threats like an explosion in business email compromise and soaring ransomware risk that have created a huge amount of work with very few hands to help carry the load. In a Ponemon Institute survey, almost two thirds of SOC professionals say that they’ve thought about quitting their jobs in the last year due to unrelenting stress. Stress and burnout are impacting security operations at every level. Over 90% of CISOs also say they suffer from moderate or high stress and for almost a quarter of them their stress impacts their ability to do their job.  


Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>


How to Reduce Burnout 


These tips can help you and your clients educe burnout and improve performance for IT personnel.  

  • Allow flexible work hours – Being flexible about hours can alleviate stress from employees who are also juggling their responsibilities as caregivers, parents and students with less help tha the pre-pandemic era.
  • Offer hybrid work arrangements -Many employees are grappling with pandemic-induced shortages in childcare availability or changes in medical treatment scedules for chronic illnesses, ratcheting up pressure
  • Encourage people to use their leave – Making it hard for employees on overstretched teams to take days off only makes the problem worse. Well-rested employees do better work.
  • Listen to employee concerns – Don’t just dismiss employee complaints as whining. You may discover that some of your staff’s biggest issues have quick fixes that alleviate stress and increase employee satisfaction. 
  • Don’t cut corners on tools – Budgets are tight, but forcing your IT team to work with outmoded solutions only increases their stress and your cyberattack danger 
  • Increase investment in automation – Adding automated security tools not only reduces your staff’s stress it also immediately boosts your security. 

Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>


Increase Security & Reduce Burnout with Security Automation 


Security automation is the way of the future for several reasons, but one of the biggest is that it keeps systems and data safer. Security automation improves the performance of your SOC, increasing caseload capacity by 300% or more while reducing trouble tickets by about 80% according to experts at IBM. 

So how can you and your customers start benefitting from security automation? Make use of the automation capabilities available now in each of our digital risk protection solutions.

  • Dark Web ID – Enjoy automated deployment in minutes, with no additional hardware or software to install. Painless integrations with multiple PSA systems including Kaseya’s own BMS ensures automated data sharing for a fast, frictionless alerting and mitigation process, so you never miss a security event. Plus, Dark Web ID seamlessly integrates with other tools across Kaseya’s portfolio, making it easy for MSP technicians to manage them together.
  • BullPhish ID – Automate training to make it even easier to manage. Deploy campaigns fast with plug-and-play kits and have content delivered automatically through brandable portals on a pre-determined schedule. Then have all of the reports that you need to demonstrate the value of training to your clients automatically generated.
  • Passly – This is the process automation that will make every security team happy. Wave goodbye to trouble tickets for password resets because they’ll be automated. An average MSP that serves 1300 users wastes around $9350 each year just managing password reset tickets and you have better things to do with that money.

90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>



Oct 27: Modern Cyber Risk Management REGISTER NOW>>

Oct 27-28: ASCII Success Summit: Orlando REGISTER NOW>>

Oct 28: Trick or Treat Virtual Event REGISTER NOW>>

Oct 28-29: Robin Robins Road Show: Chicago REGISTER NOW>>

Nov 02-03:Robin Robins Road Show: Las Vegas REGISTER NOW>>

Nov 02-03: ASCII Success Summit: Washington DC REGISTER NOW>>

Nov 4: Cyber Risks and Threats in 2021 REGISTER NOW>>

Nov 06 – 10: 20th Annual TAG Convention REGISTER NOW>>

Dec 07: Connect IT Local: Atlanta REGISTER NOW>>

Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>

Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>


password reuse danger can sink unwary businesses with poor security awareness. A cartoon image on black shows a blue shield with a lock

See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>



Is Stress Impacting Your Business Security?


We’ve all been through some tough times in the last year, and that’s ratcheted up stress at home and at work. Unfortunately, that’s not just a factor that impacts your company’s efficiency and performance, Stress and burnout also play a big role in the state of your company’s cybersecurity. 

For the last few years, the cybersecurity sector has been grappling with the problem of an increasing cybersecurity skills shortage. Just last month, federal officials disclosed that there are an estimated 500,000 unfilled existing cybersecurity jobs. That means every team is trying to more work with fewer hands to carry the load. 

So how can businesses reduce stress on their cybersecurity teams while increasing their overall security? By increasing their investment in security automation. In an IBM report, researchers noted that automation reduces stress on security teams by decreasing trouble tickets and increasing efficiency while improving a company’s cyber resilience, an important measure of your company’s ability to resist cyberattack damage. 

Today’s leading security solutions include automated elements that will give your business an edge over stress as well as cybercrime. Why file password reset tickets when a solution like Passly handles it automatically? Set it and forget it when you automate your security awareness training program with a solution like BullPhish ID. Make it a priority to see how security automation can benefit your business and your employees.   


ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!




We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.