The Week in Breach News: 11/02/22 – 11/08/22
Supply chain attacks bring trouble around the world, ransomware stops trains in Denmark and key findings about SMB security from the Kaseya Security Insights Report 2022.
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Dropbox
Exploit: Phishing
Dropbox: File Hosting Service
Risk to Business: 2.836 = Moderate
Dropbox has revealed that they have experienced a data breach. The company noted unauthorized access to some of its repositories after a successful phishing attack. That attack resulted in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials. Microsoft’s GitHub detected suspicious behavior on Dropbox’s corporate account on October 13 and informed the company. Dropbox ultimately determined the cause was a phishing attack in which bad actors impersonated the code integration and delivery platform CircleCI. Reports point out that three weeks before the attack, GitHub warned of phishing campaigns that involved the impersonation of CircleCI. Dropbox also said the intruder’s access to the GitHub repo silo was revoked on October 14, and that all developer API credentials to which the intruder had access have been rotated.
How It Could Affect Your Customers’ Business: Even the biggest, most tech-savvy companies can be taken down by phishing in a flash.
ID Agent to the Rescue: Get tips for identifying and stopping malicious insiders and mitigating accidental insider risks like human error in the Guide to Reducing Insider Risk. DOWNLOAD IT>>
Kearney & Company
https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html
Exploit: Ransomware
Kearney & Company: Financial Services Firm
Risk to Business: 2.101 = Severe
The LockBit 3.0 ransomware group has added Kearney & Company, an accounting and financial services firm that does business with the U.S. government, to its published list of victims on November 05. That group is threatening to publish the firm’s stolen data by November 26, 2022, if the company doesn’t pay the $2 million demanded ransom. A sample of the stolen data including financial documents, contracts, audit reports and billing documents has been published on the group’s dark website.
How It Could Affect Your Customers’ Business: Financial services was the most hard-hit sector in terms of ransomware in 2021 and this year isn’t looking much better.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Multi-Color Corporation (MCC)
https://www.securityweek.com/label-giant-multi-color-corporation-discloses-data-breach
Exploit: Ransomware
Multi-Color Corporation (MCC): Printer
Risk to Business: 2.764 = Moderate
Label printing company Multi-Color Corporation (MCC) has disclosed that on September 29, 2022, it discovered unauthorized access to its network. An investigation revealed that sensitive HR data might have been compromised, including personnel files and information on employees’ enrollment in benefits programs. Both current and former MCC employees are impacted. Some reports are saying that this was a ransomware attack.
Individual Risk: 2.815 = Moderate
The company’s breach announcement said that sensitive personal data of MCC employees and their spouses, partners, and/or dependents who are enrolled in the benefits programs may have been exposed. Exposed data may include a person’s name, date of birth, email address, mailing address, telephone number, Social Security number, driver’s license number, healthcare and health insurance-related data, and certain tax and financial data.
How It Could Affect Your Customers’ Business: Ransomware operators have been focusing on key points in the manufacturing supply chain for maximum gain.
ID Agent to the Rescue: Learn more about how to defend businesses from ransomware with the resources in our Deep Dive into Ransomware bundle! GET BUNDLE>>
Somnia Inc.
https://www.govinfosecurity.com/vendor-hack-tied-to-20-anesthesiology-practice-breaches-a-20414
Exploit: Hacking
Somnia Inc.: Medical Practice Management
Risk to Business: 1.382 = Extreme
Somnia Inc, a physician-owned firm that manages anesthesiology practices, has experienced a data breach that may impact an estimated 20 practices serving about 430,000 people. A company spokesperson confirmed that the firm is the management services organization behind the recent breaches affecting many anesthesiology practices. Somnia declined to disclose how many clients and individuals in total were affected. The company said that their forensic investigation into a security incident found that some information stored on the management company’s systems may have been compromised.
Individual Risk: 1.361 = Extreme
Affected information includes individuals’ name, Social Security number, and some combination of data including date of birth, driver’s license number, financial account information, health insurance policy number, medical record number, Medicaid or Medicare ID and health information such as treatment and diagnosis.
How it Could Affect Your Customers’ Business: This incident is still snowballing, but however it plays out this will cost Somnia a fortune in regulatory penalties on top of other damages.
ID Agent to the Rescue: Are you confident that you’re providing the right security training for your clients? The Security Awareness Training Guide for MSPs helps you make sure. DOWNLOAD IT>>
This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>
Italy – Vodafone
Exploit: Supply Chain Attack
Vodafone Italia: Telecommunications
Risk to Business: 1.619 = Severe
Vodafone Italia is sending customers notices of a data breach after one of its partners, FourB S.p.A., a reseller of telecommunications services, suffered a cyberattack. The incident took place in the first week of September and likely resulted in the compromise of sensitive subscriber details. A cybercrime group, KelvinSecurity, claimed that they’d successfully attacked Vodafone in early September, but the company denied an intrusion at that time. KelvinSecurity put a collection of 295,000 files totaling 310 GB of data up for sale. There has not been confirmation that the two incidents are connected but it seems highly likely.
How it Could Affect Your Customers’ Business: Supply chain attacks against smaller companies can send out ripples of risk that impact major corporations too.
ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>
Denmark – DSB
https://www.securityweek.com/cyberattack-causes-trains-stop-denmark
Exploit: Supply Chain Attack
DSB: Railway
Risk to Business: 1.684 = Severe
Danish train operator DSB experienced a service outage that shut down all of its trains on Saturday morning after a ransomware attack at one of its service providers. That service provider, software firm Supeo, was forced to shut down its servers after a suspected ransomware attack, resulting in the loss of access to a critical piece of software used by train drivers and halting trains around the country. Supeo provides a mobile application that train drivers use to access critical operational information including speed limits and information on work being done to the railroad. DSB, the largest railway operator in Denmark, was able to resume service later on Saturday after significant delays.
How it Could Affect Your Customers’ Business: Ransomware groups love hitting businesses that are time sensitive in order to raise the chance that they’ll get paid fast.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Spark profitable security training conversations with clients & prospects by giving them this list of risks. DOWNLOAD IT>>
Australia – Harcourts
Exploit: Supply Chain Attack
Harcourts: Real Estate Company
Risk to Business: 2.283 = Severe
Customers of the Melbourne City branch of real estate company Harcourts were informed that the company was hit by a cyberattack last month that may have exposed the personal information of tenants, landlords and service providers. The company disclosed that an unknown party had accessed its rental property database on October 24 after an incident at one of its service providers, Stafflink, a company that provides franchisee administrative support. The account of a Stafflink employee was allegedly compromised and accessed by an unknown third party, giving bad actors access to the data. Interestingly, Stafflink said in a statement “We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.”
How it Could Affect Your Customers’ Business: This kind of data is a goldmine for cybercriminals, and they’re keen to snatch it from business service providers
ID Agent to the Rescue: Gain insight into the problem and get tips for protecting clients from supply chain risk in our eBook Breaking Up with Third Party and Supply Chain Risk. DOWNLOAD IT>>
Australia – PNORS Technology Group
https://www.abc.net.au/news/2022-11-05/pnors-technology-group-data-security-incident/101620900
Exploit: Ransomware
PNORS Technology Group: Business Services
Risk to Business: 1.936 = Severe
PNORS Technology Group, an IT services provider for six departments of the Australian government, announced that two of its units, Datatime Services and Netway Networks, were hit in a cyber attack on November 3. The company confirmed that it had experienced encryption and data theft, as well as the fact that an unnamed cybercrime group has provided a sample of the stolen data as proof of the attack. No information was available at press time on ransom demands or timelines. Data snatched in this incident may include sensitive information about families in the Victorian school system collected as part of school entrance records. The company says that it has informed impacted entities as well as the Office of the Australian Information Commissioner, and an investigation is ongoing.
How it Could Affect Your Customers’ Business: This isn’t going to bode well for the future of this company’s relationship with agencies that handle sensitive data.
ID Agent to the Rescue: Sell clients on the benefits of security awareness training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- Top Ransomware Attack Vectors and How to Stop Them Before They Stop You
- How Do Malicious Insiders Damage Companies?
- 6 Key Insights into Security and Cloud Migration for MSPs
- Wiper Malware: The Nastiest Cyberthreat in Town
- The Week in Breach News: 10/26/22 – 11/01/22
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Fresh Training Courses from BullPhish ID
Fresh Training Courses from BullPhish ID
Help your clients train employees to withstand threats with these new videos covering hot topics!
- Insider Risk: Spotting Malicious Insiders
- CMMC Level 1: Compliance
Don’t forget about these recently added training videos:
- PIPEDA: 10 Principles
- UK GDPR vs. EU GDPR
- Social Media Phishing (Angler Phishing)
- Executive Impersonation/Whaling
- CMMC: Understanding the 5 Maturity Levels
See more newly added training courses, integrations and updates for BullPhish ID in the Release Notes
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
The Kaseya Security Insights Report 2022
What are the real security concerns of SMBs? Find out in the new Kaseya Security Insights Report 2022. Gain a clear picture of the world of SMB security with this report on business leaders’ fears, experiences and priorities. You’ll learn:
- Which cyberattacks SMBs are most concerned about
- What tools they’re using for security and what they need
- SMB attitudes toward security training, compliance and other hot topics
Did you miss…? Datto’s Global State of the MSP Report: Looking Ahead to 2023? DOWNLOAD IT>>
See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>
6 Key Takeaways from the New Kaseya Security Insights Report
See What SMBs Are Really Worried About
MSPs have faced myriad challenges in keeping businesses safe from cybercrime in an increasingly dangerous and volatile threat landscape. The pace of threats businesses face has escalated as well, creating new stress for IT teams at a time when they’re shorthanded. We recently surveyed 675 SMB security professionals from around the world about their IT needs and perspectives. For the Kaseya Security Insights Report 2022, we analyzed that data to determine their top concerns, their biggest security pitfalls and what they’re doing to keep their organizations secure in an uncertain world.
Download the Kaseya Security Insights Report 2022 now. GET YOUR REPORT>>
9 Key Findings from the Kaseya Security Insights Report 2022
- 52% of survey respondents identified phishing as their primary security concern
Phishing is the top concern on the SMB cybersecurity problem list, named by over half of the survey respondents. That’s not surprising in the current threat landscape where the nastiest cyberattacks like ransomware and business email compromise tend to be phishing based. Security awareness training that includes phishing simulations is extremely effective in reducing the chance that an employee falls for phishing.
- 63% of companies said they believe they would incur downtime and data loss if they fell victim to a ransomware attack
Most IT professionals are well aware of the kind of nightmare they would be facing if their company fell victim to a ransomware attack. They also understand the consequences to their organizations, such as downtime and data loss, but haven’t yet done anything to cut off the threats or reduce their impact. That means there’s room for MSPs to help clients reduce their potential downtime if they fall victim to a cyberattack with BCDR and incident response planning.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
- 49% of organizations have experienced a successful cyberattack or security breach
Many of the organizations that we surveyed have experienced at least one successful cyberattack or data disaster. Almost half have had to handle a security disaster like that. This adds weight to the argument that it’s no longer a question of “how” or “if” but “when” a company will fall victim to a cyberattack. As threats evolve and security challenges mount, strengthening a company’s cyber defenses must be a top priority. This is a great statistic to share with clients to remind them that they’d benefit from regular security reviews.
- 19% of respondents say their companies have fallen prey to a cyberattack or data breach within the past year
Even with security professionals on the job working to keep organizations out of trouble, the steadily increasing pace of cyberattacks has been a major contributor to the fact that almost one-fifth of the businesses that we surveyed have experienced a cyberattack, data breach or another cybersecurity disaster in the prior 12 months. MSPs can find opportunities here to help their clients improve cyber resilience with tools like identity and access management (IAM)
Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>
- 21% of companies do not do any security awareness training
There’s definitely room for improvement here. Far too many companies aren’t utilizing one of the most effective and affordable methods to improve their security by failing to conduct even a modest amount of security awareness training. Aside from the massive security weakness, failure to conduct security awareness training opens an organization up to an array of unpleasant consequences, including regulatory trouble and difficulty in getting cyber insurance. Help your clients take the first step to implementing a training program by creating a security training policy.
- 35% of survey respondents said phishing awareness is their company’s top training priority
Phishing is the cyberattack that businesses and their employees see the most. That keeps it top of mind for many IT professionals and their organizations. It’s also likely a big reason why phishing awareness is the No. 1 training priority for one-third of survey respondents. Employees are notoriously bad at spotting sophisticated phishing threats. But studies show that regular training significantly improves an employee’s ability to identify and handle security threats like phishing and showing data like that to your clients could help them understand the benefits of security awareness training.
- 69% of organizations are using 2FA/MFA
A solid majority of organizations have listened to the message that experts have been sending about securing their access points and adopted two-factor authentication (2FA) or multifactor authentication (MFA) for secure identity and access management. The foundation of zero-trust security, this has become a best practice, as it not only keeps organizations and individuals safe from password-based cyberattacks, but also ensures that organizations remain compliant to many industry-based data and security regulations. However, that still leaves almost a third of businesses without IAM, offering MSPs a business opportunity.
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
- 52% of organizations rely on built-in email security in Microsoft 365 or Google Workspace
Most companies aren’t investing in email security, which could be a big mistake. Over half of the IT professionals we surveyed said that their companies rely solely on the built-in security that comes standard with Microsoft 365 or Google Workspace for all of their email security needs. In a time of escalating email security threats, many companies could stand to gain by upgrading their email security. Automated, AI-powered email security catches more threats than built-in security or a SEG and can be added to their current setup effortlessly.
- 23% of respondents said their companies use a combination of built-in Microsoft 365 and AI email security
Companies are not adopting new technologies as quickly as they should, leaving easily cured security weaknesses unattended. Even though AI-based API email security solutions offer major advantages and cost savings over other types of email security, most businesses are still using last-gen technologies like secure email gateways (SEGs) or built-in platform security. With the volume of email security threats that companies face every day increasing, that’s not a smart move. Old technology can’t handle today’s threats. But your clients may think that adding new, high-tech email security will be expensive. Reassure them that it’s actually not, and show them how they’ll be getting a big security boost for a small price by upgrading to automated security.
How good is your identity and access management? Use this checklist to see if it’s really getting the job done. GET IT>>
We Can Help You Mitigate Your Clients’ Risk in a Dangerous World
Our suite of powerful security solutions can help you keep your clients safe from today’s nastiest cyberattacks at a price you’ll both love.
Security awareness and training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
You’ll love our latest integration between BullPhish ID and Graphus! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.
Get a demo of BullPhish ID or Dark Web ID
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
TOMORROW! 5 Ways Your SEG is Failing You Webinar (November 10) – SEGs just can’t stand up to today’s email threats. We’ll show you why in an insightful session featuring Vishal Dixit, Graphus Co-Founder & CTO and Jay Kumar, Email Security Consultant. REGISTER NOW>>
November 9: Connect IT Local – Melbourne, AUS – REGISTER NOW>>
November 10: Connect IT Local – Sydney, AUS REGISTER NOW>>
November 15: Security Insights Report 2022 REGISTER NOW>>
November 15: Connect IT Local – San Jose REGISTER NOW>>
November 17: Is Your Email Security Up to the Test? REGISTER NOW>>
November 22: Connect IT Local – Brisbane AUS – REGISTER NOW>>
November 22: MSP Cybersecurity Roundtable: Holiday Ransomware Readiness REGISTER NOW>>
November 24: Connect IT Local – Scotland REGISTER NOW>>
November 24: Connect IT Local – Adelaide, AUS REGISTER NOW>>
December 6: Connect IT Local – Atlanta REGISTER NOW>>
December 6: Connect IT Local – Auckland, NZ REGISTER NOW>>
December 8: Connect IT Local – Miami REGISTER NOW>>
December 8: Datto & Kaseya Connect IT Local – Reading, UK REGISTER NOW>>
December 13: Connect IT Local – Ft. Lauderdale REGISTER NOW>>
December 13: Executive Roadshow REGISTER NOW>>
December 15: Connect IT Local – Washington DC REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!