The Week in Breach News: 10/26/22 – 11/01/22
Take a look at how supply chain risk hit the Australian Defence Force, see the 6 new training videos added to BullPhish ID and explore 6 key security takeaways from Datto’s new Global State of the MSP Report: Looking Ahead to 2023.
How good is your identity and access management? Use this checklist to see if it’s really getting the job done. GET IT>>
Bed, Bath and Beyond
Exploit: Phishing
Bed, Bath and Beyond: Home Goods Retailer
Risk to Business: 1.863 = Severe
Big-box retailer Bed, Bath and Beyond has experienced a data breach. The company disclosed that a third party had improperly accessed its data through a phishing scam. Bad actors gained access to the hard drive and certain shared drives of one of its employees earlier this month. The retailer was quick to reassure consumers that it does not believe that any sensitive or personally identifiable information was accessed.
How It Could Affect Your Customers’ Business: Phishing takes down businesses of every size and every industry, bringing sticky problems in its wake.
ID Agent to the Rescue: Get tips for identifying and stopping malicious insiders and mitigating accidental insider risks like human error in the Guide to Reducing Insider Risk. DOWNLOAD IT>>
See Tickets US
Exploit: Hacking
See Tickets US: Event Ticketing Platform
Risk to Business: 1.423 = Extreme
The U.S. division of UK company See Tickets has revealed that its platform has been hosting a credit card skimmer for an estimated two and a half years. In a data breach notification shared with the Montana Attorney General’s office, See Tickets disclosed that it discovered the breach in April 2021 and ultimately determined that the skimmer was activated on June 25, 2019. However, it wasn’t until January 8, 2022, that the malicious code was fully removed from its site. The company says that it worked with forensic experts and Visa, MasterCard, American Express and Discover in the investigation.
Individual Risk: 1.307 = Extreme
The customer information that the hackers might have stolen includes a client’s full name, physical address, ZIP code, payment card number, card expiration date and CVV number. No number of clients affected was specified.
How It Could Affect Your Customers’ Business: This is going to be an expensive, damaging nightmare thanks to it going on for so long, putting the company’s security commitment in question.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Kenosha Unified School District
Exploit: Ransomware
Kenosha Unified School District: Local Education Authority
Risk to Business: 2.687 = Moderate
Kenosha Unified School District in Wisconsin has been the victim of a successful ransomware attack by the Snatch ransomware group. The gang added the district to its dark web leak site last week. Kenosha Unified School District officials admitted that the district was forced to take systems offline to deal with the attack but they’ve since been restored. No ransom amount has been reported, nor did the district elaborate on what data had been stolen. The district serves an estimated 20,000 students.
How It Could Affect Your Customers’ Business: Schools at every level and education authorities have been getting pounded by ransomware groups and need to improve their defenses.
ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>
This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>
United Kingdom – Pendragon Group
Exploit: Ransomware
Pendragon Group: Automotive Dealerships
Risk to Business: 2.624 = Severe
The Pendragon Group, the operator of more than 200 car dealerships in the UK, has been the victim of a ransomware attack by LockBit 2.0. Pendragon owns CarStore, Evans Halshaw and Stratstone luxury car dealerships. The auto dealer says that the gang has demanded $60 million to decrypt files and not leak them, but they have no intention of paying the extortionists. The company disclosed that the attack took place about a month ago and says that only about 5% of its data was stolen. No specifics were available about the nature of that data at press time.
How it Could Affect Your Customers’ Business: Getting hit by ransomware is awful, but refusing to pay the extortionists is always the right thing to do.
ID Agent to the Rescue: Are you confident that you’re providing the right security training for your clients? The Security Awareness Training Guide for MSPs helps you make sure. DOWNLOAD IT>>
Germany – Auraubis
https://www.itnews.com.au/news/german-copper-smelter-aurubis-in-cyber-attack-587159
Exploit: Hacking
Auraubis: Copper Smelter
Risk to Business: 1.619 = Severe
Europe’s top copper smelter Aurarubis announced that it had been the victim of a cyberattack that caused the company to shut down its IT systems. The company said that production was not disrupted badly, and environmental controls were not impacted. Aurarubis also said that incoming and outgoing shipments are being handled manually. There was no timeline provided for when the company expected to have all of its systems back online. The company pointed to this attack as part of a larger pattern of cyberattacks in the metals and mining industry.
How it Could Affect Your Customers’ Business: Infrastructure has been under fire from ransomware gangs, with 14 of 16 critical infrastructure sectors in the U.S. hit by ransomware in 2021
ID Agent to the Rescue: Curious to see if you’re offering your clients the right dark web monitoring solution? Explore your options with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>
Give your clients this infographic to start a conversation about getting on the path to zero trust. GET INFOGRAPHIC>>
Japan – Asahi Group Holdings, Ltd.
https://securityaffairs.co/wordpress/137803/cyber-crime/blackbyte-ransomware-asahi.html
Exploit: Ransomware
Asahi Group Holdings, Ltd.: Beverage Company
Risk to Business: 1.684 = Severe
BlackByte ransomware is behind an attack on Asahi Group Holdings, Ltd. The group claims to have snatched gigabytes of documents from the beverage company, including financial and sales reports. The gang is reportedly demanding $500K to buy the stolen data back or $600K to delete the stolen data. There was no word at press time if the beverage company intended to pay. Asahi is the largest beer brewer in Japan and also distributes imported beer and soft drinks.
How it Could Affect Your Customers’ Business: Ransomware groups love hitting businesses that are time sensitive in order to raise the chance that they’ll get paid fast.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Spark profitable security training conversations with clients & prospects by giving them this list of risks. DOWNLOAD IT>>
Australia – ForceNet
https://www.gizmodo.com.au/2022/10/australian-defence-ransomware/
Exploit: Ransomware
ForceNet: Communications Platform
Risk to Business: 2.783 = Extreme
A ransomware attack has struck a communications platform used by military personnel and public servants from The Australian Department of Defence. The platform, ForceNet is run by a subcontractor. Initial reports stated that no data was stolen or at risk, but that was later updated with the news that data related to private communications between current and former Australian Defence Force members may have been compromised, with as many as 40,000 records at risk in a likely breached dataset from 2008. However, authorities are confident no personal data has been accessed. No further information about the exact nature of the exposed data or any ransom demand was available at press time.
How it Could Affect Your Customers’ Business: There could be some sensitive communications involved here, illustrating the danger of cybersecurity problems at a third-party service provider.
ID Agent to the Rescue: Sell clients on the benefits of security and compliance training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>>
Australia – Medlab Pathology
https://finance.yahoo.com/news/1-australian-clinical-labs-says-220121433.html
Exploit: Hacking
Medlab Pathology: Healthcare Provider
Risk to Business: 1.771 = Severe
The latest victim in Australia’s recent surge of cyberattacks is Medilab Pathology. The company disclosed that an unauthorized party has gained access to a huge store of data including more than 17,500 individual medical and health records, more than 28,000 credit card numbers and individuals’ names and more than 128,600 Medicare numbers. Medilab investigated a data breach in February 2022 but found that no data was taken. That changed after the Australian Cyber Security Centre (ACSC) contacted Medilabs’ parent company Australian Clinical Labs in June 2022 and informed the company that Medlab information had been posted on the dark web. No additional details about the stolen data were available at press time.
How it Could Affect Your Customers’ Business: Medical laboratories often hold sensitive health data that cybercriminals want, making them prime targets for hackers
ID Agent to the Rescue: A comprehensive security awareness training program is critical for reducing cyber risk and keeping companies safe from trouble. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- Wiper Malware: The Nastiest Cyberthreat in Town
- What Tools and Techniques Are Used in BEC Attacks?
- 3 Growing Dark Web Dangers Businesses Face Right Now
- Why You Should Be Worried About This Devastating (& Growing) Cyber Threat
- The Week in Breach News: 10/19/22 – 10/25/22
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
6 New Training Videos Are Available Now in BullPhish ID!
6 New Training Videos Are Available Now in BullPhish ID!
These new security training videos cover some of today’s hottest topics! Available now:
- Ransomware for Healthcare
- Introduction to Business Email Compromise
- Business Email Compromise (BEC) – Gift Card Scams
- Business Email Compromise (BEC) – Invoice/ Urgent Payment Required
- BEC Credential & Data Theft Scams
- BEC Techniques
Learn more about updates and new training courses added to BullPhish ID in the Release Notes
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Datto’s Global State of the MSP Report: Looking Ahead to 2023
Datto surveyed 1,800+ managed service providers (MSPs) worldwide to learn about who they are and what they care about. In this report, you’ll learn about those results including:
- The hybrid workforce (remote + office) and how it is here to stay
- The re-emergence of break-fix as co-managed services, which enables MSPs to get a foot in the door with larger businesses
- The strength and continued growth of security needs and the sales opportunities available for MSPs in that area
Did you miss…? The Complete IAM Checklist DOWNLOAD IT>>
See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>
6 Key Security-Focused Takeaways from Datto’s Global State of the MSP Report 2023
Learn about how MSPs Are Handling the Security Market
The MSP business is bustling, and that’s good news for MSPs everywhere. Datto’s just-released Global State of the MSP Report: Looking Ahead to 2023 dives into what MSPs around the world are thinking about both right now and as they look forward to 2023. Datto surveyed more than 1,800 managed service providers (MSPs) worldwide to find out what they’re experiencing, how they run their businesses, what keeps them up at night and where they think their biggest growth opportunities may be moving forward. This is the first in a series giving you an inside look at the state of the MSP offering a look inside business security and the MSP business today and tomorrow.
Available now: Datto Global State of the MSP Report: Looking Ahead to 2023 DOWNLOAD IT>>
6 Key Security Takeaways
1. MSPs are facing a wide variety of security challenges themselves
MSPs face cybersecurity challenges just like any other business. Only those challenges are compounded by the fact that cracking open an MSP is a great way for the bad guys to take a fast path into the systems and data of that MSPs clients. In the ransomware era, it’s no surprise that computer viruses are the top security concern for MSPs. Even as the pandemic winds down, COVID-19-related scams remain top-of-mind for MSPs, with ever-evolving phishing threats and endpoint threats rounding out the list. Interestingly, there’s not too much space between these worries, a great example of just how many security concerns IT professionals have to juggle at the same time these days.
What security challenges are MSPs facing in their own businesses?
| Concern | % of respondents |
| Viruses/malware | 38% |
| COVID-19 relates scams & threats | 34% |
| Phishing | 33% |
| Endpoint threats | 31% |
Source: Datto
2. Adding tools is the name of the game
Many MSPs have some work to do to put themselves in a position to defend themselves and their clients from today’s rising tide of risk. Shockingly, only two in three MSPs said that they have antivirus protection tools in place currently. Looking forward, the defensive tools poised for the highest growth in the next year are those addressing security risks and cyberattacks that are experiencing strong growth. MSPs are prioritizing addressing wiper malware, spyware, hackers, identity theft and phishing.
Which tools are poised for the highest growth?
| Tool | % of respondents adding it |
| Antivirus | 67% |
| Endpoint Threat Detection | 55% |
| Anti-phishing solution | 54% |
| Password protection | 52% |
| Remote threat monitoring | 51% |
| Ransomware protection | 49% |
| COVID-19 scam threat detection | 48% |
| Identity management | 47% |
Source: Datto
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
3. Security offers solid business opportunities
MSPs do agree on something: the security business offers an array of business growth opportunities. A third of respondents in all markets believe security solutions present new business opportunities and will continue to do so moving forward. Taking a look at the managed cybersecurity services and solutions that MSPs are already offering to their clients, email security tops the chart for more than three-quarters of MSPs. That’s not surprising with such massive growth in phishing and phishing-related cybercrime over the last two years. Password policy management and security and compliance frameworks round out the top three.
What managed security services do MSPs offer?
| Service | % of respondents who offer this service |
| Email security | 76% |
| Password policy management | 71% |
| Security framework & compliance auditing | 69% |
| Two-factor authentication (2FA) | 67% |
| Firewall (basic) | 65% |
| Remote access technology (e.g. VPN) | 62% |
| Advanced endpoint security (EDR, etc.) | 62% |
| Identity & access management (IAM /single sign-on (SSO) | 57% |
Source: Datto
4. There’s plenty of room to expand your security business
The security business doesn’t slow down, with new threats and new complications arising constantly. MSPs are also looking forward with an eye to growth. Many MSPs say that they plan to expand the managed security services that they offer within the next year, and they’re planning to do that by increasing their investment in offering tools that help companies monitor their networks and mitigate their risk. However, these days it’s less of an “if” a company gets attacked, it’s a “when” and almost one-third of MSPs are preparing for that eventuality by offering their clients managed detection and response services.
What managed security services will MSPs be offering in the next 12 months?
| Service | % of respondents |
| Managed detection & response | 30% |
| Dark web monitoring | 30% |
| Privileged access management | 29% |
| Web content filtering | 29% |
| Compliance monitoring | 29% |
| Patch management | 28% |
| Incident response (IR) & forensics | 28% |
Source: Datto
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
5. The talent shortage may be a damper on security growth
The talent shortage in IT is a perennial problem, but it is especially onerous in security. CyberSeek says there are more than 714,000 cybersecurity job openings, and that may be a conservative estimate. In the U.S. the demand for cybersecurity workers expanded 2.4 times faster than the average demand for other types of workers. That leaves MSPs struggling to hire enough of the right specialists to take care of the security business that they have right now, let alone plan for the future. Almost half of respondents (42%) reported that talent was their biggest barrier to offering their clients the security solutions that they need. One-third went further, saying that the staff that they currently have isn’t trained properly to handle security needs.
What are the top barriers to offering security solutions?
| Barrier | % of respondents |
| Hiring skilled cybersecurity professionals | 42% |
| Complexity of cybersecurity products | 41% |
| Managing too many different cybersecurity products | 38% |
| Insufficient training of existing staff | 33% |
Source: Datto
6. Compliance and security education are expanding markets
As information security policies tighten around the world, there’s an additional call on MSPs to help their clients achieve or maintain compliance with an assortment of new geographic or industry regulations. Many MSPs already offer major compliance-related services and assessments, but there’s still more space to expand that business. Four in five MSPs currently provide security audits and education training for clients, with nearly as many creating internal security policies for them, a category that is expected to see the most growth in 2023.
What services around education & compliance do you offer now or are you planning to offer in 2023?
| Service | We offer this now | We will add this in 2023 |
| Security audits | 78% | 18% |
| Security education | 77% | 19% |
| Creation of internal security policies | 63% | 33% |
Source: Datto
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
We Can Help You Mitigate Your Clients’ Risk of a Cybersecurity Nightmare
Our suite of powerful security solutions can help you keep your clients safe from today’s nastiest cyberattacks at a price you’ll both love.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
You’ll love our latest integration between BullPhish ID and Graphus! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Identity and Access Management (IAM)
Passly is the perfect multi-tool for IAM packing four essentials into one affordable package
- Get two-factor authentication (2FA), single sign-on, secure password vaults with one solution
- Simple, intuitive remote management
- Roll it out in a snap with easy deployment and seamless integration with common business applications
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
November 2-3: ChannelPro SMB Forum 2022: Los Angeles REGISTER NOW>>
November 3: Connect IT Local Sales & Marketing Seminar – Charlotte REGISTER NOW>>
November 10: 5 Ways Your SEG is Failing You Webinar REGISTER NOW>>
November 24: Connect IT Local – Scotland REGISTER NOW>>
December 6: Connect IT Local – Atlanta REGISTER NOW>>
December 8: Connect IT Local – Miami REGISTER NOW>>
December 8: Datto & Kaseya Connect IT Local – Reading, UKREGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!