The Week in Breach News: 11/13/24 – 11/19/24
This week: The MOVEit vulnerability is back, with a threat actor claiming to have stolen data from two dozen more major companies, including Amazon; China-aligned threat actors hack T-Mobile as part of a massive operation; a deep dive into mitigating holiday cyberattack risk; and eight new big brand-themed phishing simulations are now available in French, Spanish and Portuguese.
Read this week’s new featured blog: Are You Prepared for the Holiday Cyber-risk Surge?
Curious about what has happened in cybersecurity in 2024 including the rise of AI? READ OUR REPORT>>
Amazon
https://www.aol.com/massive-data-breach-exposes-800-130049819.html
Exploit: Zero Day Exploit
Industry: Retail
Another round of victims of 2023’s epic MOVEit hack has come to light, and some of them are very big fish. A hacker going by the name “Nam3L3ss” claimed in a post on a dark web leak site that they had exploited the MOVEit zero-day vulnerability, also known as CVE-2023–34362. The threat actor claims to have snatched data from 25 major organizations. Topping the list is Amazon, with the hacker boasting of obtaining 2,861,111 records largely containing employee data. Amazon was quick to reassure the public that Amazon and AWS are secure, claiming that the breach occurred at a third-party property-management vendor. The hacker also released datasets containing hundreds of thousands of records from major companies that purportedly contain data labeled as belonging to MetLife Cardinal Health, HSBC, Fidelity, US Bank, Delta and HP.
How It Could Affect Your Customers’ Business: The MOVEit zero-day exploit is an example of just how far the damage can spread from one vulnerability.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
American Associated Pharmacies
https://www.hipaajournal.com/embargo-ransomware-american-associated-pharmacies
Exploit: Ransomware
Industry: Healthcare
The Embargo ransomware group has claimed responsibility for a cyberattack on American Associated Pharmacies (AAP), stealing nearly 1.5 TB of data before encrypting files. The group reportedly received a $1.3 million ransom but is demanding an additional $1.3 million to prevent the release of the stolen data. AAP has not confirmed the attack, but its website states that limited ordering capabilities have been restored and all passwords for accounts at APIRx.com and RxAAP.com have been reset.
How It Could Affect Your Customers’ Business: Hospitals aren’t the only healthcare targets cybercriminals hit, pharmacies and related healthcare outlets are also at risk for ransomware.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Hot Topic
Exploit: Third-Party Breach
Industry: Retail
Fast fashion retailer Hot Topic and its sister store chains Torrid and Box Lunch have disclosed that they have experienced a data breach. A threat actor calling themselves “Satanic” has claimed responsibility for the hack. Satanic claimed to have stolen 350 million user records from Hot Topic, Box Lunch and Torrid. The data breach occurred in October 2024 and exposed 57 million unique email addresses, but also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit card data containing card type, expiration and the last four digits of payment cards.
How It Could Affect Your Customers’ Business: Companies are also at risk for cyberthreats or a data breach caused by cybersecurity trouble with a supplier or service provider.
Kaseya to the Rescue: See how an antiphishing solution that leverages AI and automation can help businesses stop phishing economically. DOWNLOAD EBOOK>>
T-Mobile
Exploit: Hacking (Nation-State)
Industry: Telecommunications
A Chinese state-aligned threat actor dubbed Salt Typhoon, also known as UNC2286 has breached T-Mobile’s network as part of a widespread cyber-espionage campaign targeting U.S. and international telecommunications companies. The operation, which lasted over eight months, accessed sensitive systems, potentially compromising national security by intercepting call logs, unencrypted texts, and audio from high-value targets, including senior U.S. government officials and politicians. According to The Wall Street Journal, the group employed advanced tactics, including infiltrating Cisco Systems routers and leveraging AI and machine learning for their espionage. The U.S. Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that they expect their understanding of the extent of the compromises to grow as the investigation continues. This is a developing story.
How It Could Affect Your Customers’ Business: This is a strategic, dangerous hacking operation that could have serious repercussions for U.S. national security.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
BBS Financial Services
Exploit: Ransomware
Industry: Financial Services
BBS Financial Services (BBS) recently experienced a ransomware attack that impacted sensitive data. The breach affected over 70,000 individuals, involving medical billing information such as contact details, appointment dates, billing codes, and health insurance data. The company first identified unusual activity on January 29, 2024, and quickly launched an investigation with the help of cybersecurity experts and law enforcement, who confirmed the severity of the threat. BBS said that after negotiating with the attackers and paying the ransom, the company obtained confirmation that the stolen data was destroyed.
How it Could Affect Your Customers’ Business: The financial services sector is a top target for cyber crime, and entities in the sector need to be prepared for that.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Mexico – gob.mx
https://cybernews.com/news/mexico-government-official-website-ransomware-attack-ransomhub
Exploit: Ransomware
Industry: Government
The cybercrime group RansomHub has taken responsibility for a cyberattack on Mexico’s official website, gob.mx, claiming to have stolen 313 GB of data. The group alleges the stolen files include contracts, insurance records, financial documents, and confidential information. Samples posted online reportedly reveal names, emails, roles, and headshots of CJEF staff, along with scanned contracts, including one addressed to Mario Gavina Morales, Mexico’s director of IT and communications. RansomHub has given the government ten days to pay an undisclosed ransom or face the public release of the data.
How it Could Affect Your Customers’ Business: A successful cyberattack that enables bad actors to snatch sensitive data and take control of that government’s official website is very concerning.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Alberta Innovates
https://globalnews.ca/news/10868151/alberta-innovates-cyberattack/
Exploit: Hacking
Industry: Non-profit
Alberta Innovates has confirmed it was recently targeted in a cyberattack that caused network disruptions. According to the organization, the incident involved unauthorized access to its network by a third party. The provincially funded agency, which provides grants and programs to support entrepreneurs, researchers, and industry in advancing technological innovation, has not disclosed whether any personal or proprietary information was exposed or compromised in the incident.
How it Could Affect Your Customers’ Business: Even a non-profit or community service-focused organization can fall victim to cybercrime.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Hungary – Defence Procurement Agency (DPA)
https://dailynewshungary.com/security-hungary-cyberattack/
Exploit: Ransomware
Industry: Government
The Defence Procurement Agency (DPA) in Hungary has suffered a major cyberattack by the hacking group Inc. Ransomware. The attackers encrypted sensitive files and demanded a $5 million ransom, some of which have already been leaked online. Leaked data reportedly includes military procurement details, financial records, and documents indicating a freeze on procurement for next year. The breach, which occurred in October with leaks beginning on November 6, poses serious national security risks for Hungary. Authorities are investigating the incident.
How it Could Affect Your Customers’ Business: Hackers accessing sensitive government, military or defense industry information could be a national security disaster.
Kaseya to the Rescue: A bewildering array of acronyms are used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Read this week’s feature story: Are You Prepared for the Holiday Cyber-risk Surge?
This week we take a deep dive into the truth about elevated holiday cyber-risk with an overview of smart companies’ methods and tools to mitigate cyberthreats. We also provide actionable insights to help you take proactive steps to ensure you’ll enjoy a peaceful holiday season. READ THE BLOG>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
New big-brand-themed phishing simulations in 3 languages are here!
Cybercriminals are quick to impersonate big brands to make their email phishing messages enticing. These eight new phishing simulation kits in French, Spanish and Portuguese are available now for your next round of employee education.
LinkedIn – Password Reset
- LinkedIn – Redefinição de Senha do LinkedIn (Portuguese)
- LinkedIn – Réinitialisation de Mot de Passe LinkedIn (French)
- LinkedIn – Restablecimiento de Contraseña de LinkedIn (Spanish)
View UPS – Package Delivered
- UPS – Colis Livré (French)
- UPS – Paquete Entregado (Spanish)
H&R Block – Verify Email
- H&R Block – Verificar correo electrónico (Spanish)
- H&R Block – Verificar e-mail (Portuguese)
- H&R Block – Vérifier l’email (French)
Learn more about these new phishing simulations and other developments for BullPhish ID in the Release Notes. READ NOW>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Learn 5 Reasons Why Businesses Need AI-Driven Automated Phishing Defense in an infographic
Phishing surges in November and December, with cybercriminals ready to take advantage of the holiday hustle and bustle to slip more phishing messages past employee defenses. Learn more about how to quickly and affordably mitigate phishing risk with a smart AI-driven antiphishing solution in this infographic. DOWNLOAD IT>>
Did you miss… the 5 Ways to Squeeze More From a Tight Security Budget infographic? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Watch this space – Our 2025 webinar and event schedule is coming soon!
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!