The Week in Breach News: 11/15/23 – 11/21/23
This week: A strange twist in a ransomware attack on MeridianLink, a big healthcare data breach from a service provider, 13 new phishing simulation kits and a look at our newly released Kaseya Security Survey 2023 report.
See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Stanley Steemer
https://www.cybersecuritydive.com/news/stanley-steemer-hack-67k-customers/700175/
Exploit: Hacking
Stanley Steemer: Cleaning Company
Risk to Business: 1.627 = Severe
Carpet cleaning company Stanley Steemer has filed a notice of data breach with the Maine Attorney General’s office. The company said that the attackers gained access to its systems in early February 2023, and it first noticed the intrusion in March 2023. Hackers may have obtained customer names, Social Security numbers, driver’s license numbers and financial account information, including credit and debit card information along with security codes and PIN codes. A total of 66,978 customers were impacted.
How It Could Affect Your Customers’ Business: Any company that holds data, especially customers’ financial data, needs to ensure that they’re protecting it strongly
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
MeridianLink
https://therecord.media/meridianlink-confirms-cyberattack-after-sec-threat
Exploit: Ransomware
MeridianLink: Software Company
Risk to Business: 1.632 = Severe
Financial software provider MeridianLink is the star of one of this week’s weirdest cybercrime stories. The ALPHV/Black Cat ransomware group added MeridianLink to its leak site last week, and the company subsequently confirmed the attack. However, ALPHV/Black Cat took an extraordinary step in its quest to pressure the company into paying a ransom. The group announced on its dark web leak site that it had reported MeridianLink to the U.S. Securities and Exchange Commission (SEC) as being in violation of the SEC’s new reporting rules. To prove it, ALPHV/Black Cat posted a screenshot of the form it claimed to have sent to the SEC. However, those rules are not yet in effect. No ransom amount has been publicized.
How It Could Affect Your Customers’ Business: Cybercriminals sometimes choose to do dramatic things like they did here for publicity.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Truepill
https://www.bankinfosecurity.com/truepill-mail-order-pharmacy-hack-affects-nearly-24-million-a-23590
Exploit: Hacking
Truepill: Pharmacy
Risk to Business: 1.403 = Extreme
Mail order pharmacy Truepill has disclosed that it experienced a data breach that impacted an estimated 2.4 million people. The California-based company reported the data breach to federal regulators on October 30. In a breach notice, Truepill said that it had discovered that bad actors had gained access to a subset of files used for pharmacy management and fulfillment services for three days, from August 30 to September 1, 2023. Compromised files contained patient names, medication type, demographic information and/or prescribing physician names. Social Security numbers were not affected. Six Federal class-action lawsuits have been filed against the company in the last week.
How It Could Affect Your Customers’ Business: This data breach will be an expensive proposition for Truepill because it involves PHI.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
Perry Johnson & Associates (PJ&A)
https://www.jdsupra.com/legalnews/pj-a-announces-data-breach-affecting-5757437/
Exploit: Hacking
Perry Johnson & Associates (PJ&A): Transcription Service
Risk to Business: 1.440 = Extreme
Major medical transcription service Perry Johnson & Associates (PJ&A) has experienced a data breach that has impacted an array of healthcare providers around the U.S. including massive health systems Cook County Health in Illinois and Northwell Health in New York. The unauthorized party may have obtained protected health information, including names, dates of birth, medical record numbers, hospital account numbers, admission diagnoses, addresses, and dates of service. The breach also included Social Security numbers, insurance information, and clinical information from medical transcription files, such as medication information and test results.
How It Could Affect Your Customers’ Business: Every company that handles PHI in any capacity needs to make sure it is secured to avoid big fines.
Kaseya to the Rescue: This checklist of 10 things to look for when buying an EDR solution helps narrow the field. GET CHECKLIST>>
The City of Long Beach, California
https://www.spiceworks.com/it-security/cyber-risk-management/news/long-beach-emergency-cyberattack/
Exploit: Ransomware
The City of Long Beach, California: Municipal Government
Risk to Business: 1.673 = Severe
The city government of Long Beach, California has declared a state of emergency after a ransomware attack knocked government services offline. The November 14 attack has impacted many city systems including payment processing, public services, city call centers and the central website of the city administration. These systems are expected to remain offline for several days as the investigation is being carried out. Public safety and emergency systems have remained unaffected.
How it Could Affect Your Customers’ Business: Municipal governments and state government agencies have been prime targets for cyberattacks.
Kaseya to the Rescue: Ransomware is a major threat to all organizations, not just businesses. Learn more about ransomware and get tips to mitigate risk in Ransomware 101. DOWNLOAD IT>>
United Kingdom – The British Library
https://www.infosecurity-magazine.com/news/british-library-ransomware/
Exploit: Ransomware
The British Library – Library
Risk to Business: 1.891 = Severe
The British Library is struggling to recover from an October 28 ransomware attack. The attack knocked out phone lines and on-site services at its main building in London and a separate facility in Yorkshire, as well as access to digital collections, its website and digital catalog. The library informed the public that most of its services remain down, and it is only able to issue temporary reader passes and support “very limited, manual collection item ordering” via paper forms and a printed catalog. There’s no timeline available for the restoration of the impacted services. The Rhysida ransomware group has claimed responsibility.
How it Could Affect Your Customers’ Business: A successful ransomware attack can have a far-reaching effect on an organization’s services and operations.
Kaseya to the Rescue: Learn about how Datto EDR with Ransomware Rollback helps companies recover from ransomware faster. REGISTER NOW>>
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
South Korea – Samsung
https://www.bleepingcomputer.com/news/security/new-samsung-data-breach-impacts-uk-store-customers/
Exploit: Hacking
Samsung: Electronics Company
Risk to Business: 2.802 = Moderate
Samsung has announced a data breach that mainly impacts customers in the UK. The company admitted this week that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung UK’s store between July 1, 2019, and June 30, 2020. hackers may have accessed their names, phone numbers, postal addresses and email addresses. No financial data, such as bank or credit card details or customer passwords, were impacted.
How it Could Affect Your Customers’ Business: Customers can lose trust in a company that can’t protect their personal data.
Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>
Japan – Toyota Motor Corporation
https://www.cshub.com/attacks/news/cyber-attack-forces-toyota-financial-services-systems-offline
Exploit: Ransomware
Toyota Motor Corporation: Automaker
Risk to Business: 2.716 = Moderate
The Medusa ransomware group is claiming responsibility for a ransomware attack on Toyota. The world’s largest automaker confirmed that its Toyota Financial Services (TFS) arm in Europe and Africa was hit, saying that it had discovered unauthorized activity on its network last week. Medusa claims to have snatched a variety of data including leasing contracts, email addresses, usernames and passwords, passport details and other sensitive data. The group is demanding an $8 million ransom.
How it Could Affect Your Customers’ Business: Bad actors are hungry for data like this that includes details that make identity theft easier.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
BullPhish ID brings you 13 more new & updated phishing simulation kits
It’s time to get employees ready for the onslaught of phishing that they’ll face during the winter holiday season with the 13 new and updated phishing kits available now in BullPhish ID! Links and images for these new kits are available in the Release Notes.
These kits are now available:
- Chase Bank – Account Closed
- iCloud – Storage Full
- McAfee – Antivirus Disabled
- H&R Block – Verify Email
- Office 365 Password Notification
- Office 365 – Suspicious Login
- Office 365 – Exchange Service Outage
- Office 365 – Suspension Notice
- Office 365 Re-Authentication Detection
- Netflix – Update Account
- HSBC – Security Improvement v1
- NEW! HSBC – Security Improvement v2
- OneDrive – Changes to OneDrive
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The Kaseya Security Survey 2023 report is here!
Every year, we poll thousands of IT professionals about the challenges they face and how they plan to overcome them today and in the future. The results of this year’s survey are available now! In this report, we explore:
- IT professionals’ experiences with cyberattacks on their organizations and their impact
- What cybersecurity investments businesses are making
- Major security flaws that businesses need to fix
Did you miss… The Datto Global State of the MSP Report: Trends and Forecasts for 2024 report? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
How Are Businesses Handling Their Cybersecurity Management?
As organizations leverage technology to enhance efficiency and connectivity, the corresponding surge in cyber risk combined with strained budgets has brought IT professionals an array of cybersecurity challenges. Our Kaseya Security Survey Report 2023 polled 3,066 IT professionals from around the world to find out what their biggest cybersecurity challenges are right now. This year’s report delves into the multifaceted challenges faced by businesses in safeguarding their digital assets, navigating the dynamic nature of cyber threats and fortifying their organizational defenses. We also explored the moves they’re making to ensure that their organizations are prepared for tomorrow’s challenges.
Find more exclusive data about how companies are approaching cybersecurity in the Kaseya Security Survey Report 2023 DOWNLOAD IT>>
A company’s cybersecurity framework points to the company’s cybersecurity focus
The cybersecurity framework a company chooses is an important indicator of its security focus and security concerns. In this year’s survey, the top framework was ISO 27001, with more than one-quarter of respondents (28%) indicating that their organization uses it. CMMC wasn’t far behind, with 27% of respondents indicating it as their company’s top choice. MITRE ATT&CK and NIST tied for third place (24%).
Which of the following cybersecurity frameworks (CSFs) do you currently utilize?
CSF | Response |
ISO 27001 | 28% |
CMMC | 27% |
MITRE ATT&CK | 24% |
NIST | 24% |
CIS | 23% |
COBIT | 21% |
SOC II | 19% |
ASD Essential 8 | 17% |
NCSC CAF | 17% |
Zero Trust | 17% |
I don’t know | 5% |
None | 3.27% |
Source: Kaseya Security Survey Report 2023
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Which cybersecurity technologies are companies investing in?
In response to the current fast-paced security threat landscape, most companies have deployed a wide array of security solutions to mitigate those threats. However, some significant gaps remain. Email continues to be a top threat vector, but only a little under half of our respondents have deployed an email security solution to secure it (43%), instead choosing to rely on native security in cloud email platforms like Microsoft 365. Antivirus software and security awareness training tied for the second most implemented solution (39%).
That’s especially surprising in terms of cybersecurity training, a low upfront cost security measure that yields high returns. Only about one-third of respondents (38%) said that their organization has implemented automated software patching or a business continuity and disaster recovery (BCDR) solution. The survey respondents indicated that penetration testing (17%), forensics (15%) and threat hunting (11%) were the least adopted technologies.
Which of the following security solutions has your organization implemented?
Security solution | Response |
Email/spam protection | 43% |
Antivirus software | 39% |
Security awareness training | 39% |
Business continuity and disaster recovery (BCDR) | 38% |
Automated software patching | 38% |
Endpoint detection and response (EDR) | 34% |
File backup | 33% |
Managed firewall | 28% |
Identity and access management | 26% |
Incident response | 21% |
Security operations center | 20% |
Penetration testing | 17% |
Forensics | 15% |
Threat hunting | 11% |
Source: Kaseya Security Survey Report 2023
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Too many companies are neglecting incident response
Experiencing a cybersecurity incident is no longer a matter of “if” but rather a matter of “when.” Just under half (46%) of our respondents follow best practices when it comes to preparing for an incident response by having a formal, tested incident response plan in place. More than one-fifth of respondents have a formal incident response plan but have not tested it. A shocking 23% don’t have a plan in place at all.
Which of the following best describes your organization when it comes to having a cybersecurity incident response plan?
Cybersecurity Incident Response Plan Status | % of responses |
We have a formal IR plan in place, and we perform periodic drills and tabletop exercises to test it | 46% |
We have some security solutions to protect us but we do not have a formal IR plan in place | 23% |
We have a formal IR plan in place but we haven’t tested it | 22% |
I believe our IT service provider has a plan in place for us | 5% |
I don’t know | 3% |
Source: Kaseya Security Survey Report 2023
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Most companies prefer to handle IT in-house but not security
Our results indicate that by and large, companies prefer to handle their IT management internally, with more than half of respondents saying that their organization has chosen that route. About 41% partially or fully entrust their IT management to a managed service provider (MSP). However, companies choose to handle their IT security a little bit differently. More than half of our respondents said that they manage their security with the help of an IT service provider (55%).
How are your organization’s IT needs managed?
Response | % of respondents |
We have a dedicated internal IT team | 59% |
We have a co-managed relationship with an IT service provider | 36% |
We outsource everything to an IT service provider | 5% |
Source: Kaseya Security Survey Report 2023
How are your organization’s IT security needs managed?
Response | % of respondents |
We have a dedicated internal IT team | 43% |
We have a co-managed relationship with an IT service provider | 39% |
We outsource everything to an IT service provider | 11% |
We outsource everything to a managed security service provider (MSSP) | 5% |
I don’t know | 1% |
Source: Kaseya Security Survey Report 2023
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Are You Ready for the 12 Days of Phishmas?
Phishing risk is greatly elevated during the winter holiday season. Join us on December 12, 2023, at 1 pm ET / 10 am PT for our exclusive webinar, The 12 Days of Phishmas, where we’ll unwrap 12 cybersecurity disasters and provide insights on how to avoid the same fate. REGISTER NOW>>
November 23: Kaseya + Datto Connect Local Antwerp, Belgium REGISTER NOW>>
November 28: Kaseya + Datto Connect Local El Segundo REGISTER NOW>>
December 5: RocketCyber and Datto EDR Q4 Product Innovation Update REGISTER NOW>>
December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!