The Week in Breach News: 11/06/24 – 11/12/24
This week: Cybercriminals try to get that bread from Schneider Electric one way or another; a cyberattack knocks out systems at major U.S. grocers; we share what IT professionals told us they really think about the impact of AI in cybersecurity in our Kaseya Cybersecurity Survey Report 2024; and two new GDPR phishing training kits are here.
Read this week’s feature story: Is AI The New Frontline in Cybersecurity or Just Hype?
See the cybersecurity challenges that IT professionals faced in 2024, including the rise of AI and what’s next. DOWNLOAD IT>>
Newpark Resources
Exploit: Ransomware
Industry: Energy
Newpark Resources, a Texas-based oil services provider, reported to the SEC that it faced a ransomware attack earlier this week, disrupting access to key information and reporting systems. However, by switching to downtime procedures, the company continued manufacturing and maintained uninterrupted field operations. The incident remains under investigation and no ransom demand was disclosed.
How It Could Affect Your Customers’ Business: A cyberattack on the supply chain of a critical infrastructure component like oil suppliers can be very dangerous.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Van Wagner
https://cybernews.com/news/super-bowl-producer-van-wagner-breached
Exploit: Malware
Industry: Business Services
Van Wagner, an ad agency specializing in sports event advertising, disclosed a data breach affecting around 5,000 individuals due to a cyberattack. The breach, discovered on August 27, 2024, was traced back to a malware attack on August 3. Exposed data includes names, addresses, dates of birth, email addresses and social security numbers. The agency has launched an investigation and strengthened its IT infrastructure to prevent future incidents. Van Wagner is offering those affected 12 months of free identity theft protection through Equifax Credit Watch.
How It Could Affect Your Customers’ Business: A data breach can damage a company’s reputation and that can impact its business relationships.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
UK – Microlise
https://www.theregister.com/2024/11/06/microlise_cyberattack
Exploit: Hacking
Industry: Technology
On October 31, UK-based Microlise reported to the London Stock Exchange that unauthorized network activity had disrupted a significant portion of its services. The incident involved limited employee data exposure. Affected clients include DHL Supply Chain UK, grocery giant Asda and Serco, a supplier of tracking devices and panic alarms for police prisoner transport vans. The AIM-listed company’s share price dropped 16% as soon as the incident was made public and has still not fully recovered.
How It Could Affect Your Customers’ Business: An attack on a key service provider can be devastating to the businesses that rely on it.
Kaseya to the Rescue: See how an antiphishing solution that leverages AI and automation can help businesses stop phishing economically. DOWNLOAD EBOOK>>
France – Schneider Electric
Exploit: Ransomware
Industry: Energy
This week’s oddest story is the third cyberattack of 2024 targeting Schneider Electric, carried out by the emerging HellCat ransomware group. On its dark web leak site, the group demanded a $125,000 ransom, taunting the French company by saying it could possibly be paid in baguettes (the group ultimately prefers Monero). HellCat claims to have obtained over 40 GB of data from Schneider’s JIRA platform, including projects, issues, plugins, and over 400,000 rows of user data.
How It Could Affect Your Customers’ Business: This is the third time that Schneider Electric has experienced a successful cyberattack this year, and that’s very bad for their reputation
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Finland – Nokia
Exploit: Hacking
Industry: Technology
Nokia confirmed it is investigating a third-party security breach after threat actor IntelBroker listed allegedly stolen Nokia source code for sale on the dark web forum BreachForums. The data was reportedly taken from a third-party developer’s server used by Nokia for internal tool development. IntelBroker claims the stolen information includes SSH keys, source code files, RSA keys, BitBucket logins, SMTP accounts, webhooks and hardcoded credentials, as well as Python, JavaScript, JSO and PHP files. The attacker noted that the Nokia source code is not up for public auction but is reserved for trusted individuals on the forum, emphasizing the breach’s severity. IntelBroker is demanding $20,000 for the data.
How it Could Affect Your Customers’ Business: Cybercriminals are perfectly happy to snatch proprietary data like source code, memos and project plans.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Ireland – South East Technological University (SETU)
https://thecyberexpress.com/setu-cyberattack-it-system-down
Exploit: Hacking
Industry: Education
South East Technological University (SETU) has disclosed a cybersecurity incident affecting its Waterford campus, temporarily halting classes and disrupting IT services. The university’s internal IT team and external cybersecurity experts are working to resolve issues related to the SETU cyberattack and minimize disruptions. In a statement released on SETU’s website, students were advised that classes on the Waterford campuses would be postponed on Monday, November 4, to allow faculty to adjust their plans amid the outage. Classes were set to resume on Tuesday, November 5, but the university warned students and staff that they may continue to experience limited access to certain services. Staff and students have been left without access to campus internet, email, file-sharing services and other digital resources necessary for teaching and administration.
How it Could Affect Your Customers’ Business: The education sector has been a prime target for cybercriminals hoping for a quick payment from a time-sensitive organization.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
The Netherlands – Ahold Delhaize
https://www.cybersecuritydive.com/news/grocery-ahold-delhaize-cyberattack/732562
Exploit: Hacking
Industry: Retail
Grocery conglomerate Ahold Delhaize said late last week that it had detected a cybersecurity issue within its U.S. network. The unnamed issue has led to payment processing and information systems issues at its five U.S. grocery chains: Hannaford, Giant Food, Stop & Shop, The Giant Company and Food Lion. The company said it took some systems down and notified authorities about the incident. Ahold Delhaize said all of its U.S. stores were open but that the IT problems had affected electronic payment systems, some pharmacies and e-commerce functions. The company did not specify what, if any, data was stolen.
How it Could Affect Your Customers’ Business: This cyberattack will impact access to food and medication for people across the U.S. which is a potential public health risk.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
South Africa – Standard Bank
https://mybroadband.co.za/news/security/569213-standard-bank-hit-by-data-leak.html
Exploit: Hacking
Industry: Retail
Standard Bank confirmed a data breach involving limited personal and financial information of a small number of clients in South Africa. An employee with authorized access copied certain client data onto an unprotected personal device. Standard Bank stated that the ongoing investigation will determine actions against the employee, following internal disciplinary processes and regulatory requirements, including the Labour Relations Act and the Protection of Personal Information Act.
How it Could Affect Your Customers’ Business: Wether it’s a simple mistake or a malicious action, the actions that employees take around security can be catastrophic.
Kaseya to the Rescue: A bewildering array of acronyms are used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Read this week’s feature story: Is AI The New Frontline in Cybersecurity or Just Hype?
Should you believe the hype? Dive into IT professionals’ perspectives on AI and its anticipated impact on cybersecurity in the Kaseya Cybersecurity Survey Report 2024 plus explore six trending AI-powered cyberattacks. READ THE BLOG>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
2 new essential GDPR training modules are ready
This is the perfect time to plan the new training initiatives you’ll be kicking off in 2025. To support your efforts, we’ve added two new training modules with memorable animated video lessons.
- EU GDPR for data processors
- UK GDPR vs. EU GDPR
Learn more about these new modules in the BullPhish ID Release Notes. LEARN MORE>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
New Infographic: 5 Ways to Squeeze More From a Tight Security Budget
Every company is looking for ways to save money in today’s turbulent economy. IT teams are constantly being asked to do more with less, and cybersecurity is no exception. How can you maximize your security and your budget? In our new infographic, you’ll discover five tips for boosting your cyber resilience and securing your data affordably.
DOWNLOAD IT>>
Did you miss…the Kaseya Cybersecurity Survey Report 2024? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Maximize Security and Savings With Kaseya 365 User
November 19 | 2:00 pm ET
Is your IT team balancing tight budgets and rising cybersecurity threats? Join our webinar to explore Kaseya 365 User, designed for small and midsize businesses. What you’ll learn:
- Save money: Discover cost savings with an affordable, all-in-one subscription.
- Boost productivity: Streamline IT with an integrated, automated platform.
- Protect data: Gain tools to prevent and respond to cyberthreats on data and identities.
- As cyberthreats grow more complex, fragmented security falls short. Learn how Kaseya 365 User strengthens defenses and optimizes resources.
Secure your spot today!
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!