Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/16/22 – 11/22/22

November 23, 2022

This week: Half a million incarcerated people had their health data exposed, a cyberattack impacted ambulance services in Canada, ransomware forced a data breach at Air Asia, the December Powered Services Pro campaign is here and a look at the health of the MSP business.


What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>



CorrectCare Integrated Health

https://www.jdsupra.com/legalnews/correctcare-integrated-health-announces-1605263/

Exploit: Misconfiguration

CorrectCare Integrated Health: Healthcare Provide

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.214 = Extreme

CorrectCare Integrated Health, a Kentucky-based company that specializes in providing healthcare to prisoners in U.S. jails, has experienced a data breach. In a filing with the California Attorney General’s Office, the company stated that two file directories on the company’s server had been accidentally exposed on the internet by an employee’s misconfiguration of a server. An estimated 600,000 patients who received medical care in a CDCR facility between January 1, 2012, and July 6, 2022, were among those whose data was potentially impacted.  

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

The breached information may include an individual’s full name, date of birth, social security number, CDCR number and protected health information. 

How It Could Affect Your Customers’ Business: This employee mistake will cost the a fortune by the time regulators get finished with it.

ID Agent to the Rescue: Security awareness training prevents employee mistakes. These 10 tips help you ensure that you and your clients are getting the most out of your training program. GET TIPS>>


Middletown Valley Bank

https://www.jdsupra.com/legalnews/middletown-valley-bank-reports-data-6177965/

Exploit: Hacking

Middletown Valley Bank: Financial Institution

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177 = Severe

Maryland-based regional financial institution Middletown Valley Bank has disclosed that it has experienced a data breach as the result of an unspecified hacking incident. Around October 1, 2022, Middletown Valley Bank learned of a potential data security incident that resulted in the bank shutting down parts of its computer network. An investigation determined that an unauthorized party had gained access to its computer network. The unauthorized party was able to access files that contained sensitive information related to bank customers.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.201 = Severe

The breached information varies depending on the individual and may include a customer’s name, financial account numbers, Social Security number, driver’s license number, passport number, and other information provided to the bank for purposes of applying for products or services.   

How It Could Affect Your Customers’ Business: The Banking and Finance sector was the top sector for ransomware attacks two years in a row, and the pace is not decreasing.

ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>> 


Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>



ESO

https://www.canadianparvasi.com/ontario-paramedics-taking-notes-by-hand-as-patient-software-hit-by-cyberattack/

Exploit: Hacking

ESO: Medical Software Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.652 = Severe

Ambulance crews across Ontario have been forced to resort to pencil and paper charting after an outage in the iMedic system. Software maker ESO stated that the system has experienced service outages after unauthorized parties gained access to a server, forcing a shutdown. Paramedics typically use iMedic to record patient information that is transmitted to hospitals for incoming patients arriving by ambulance. ESO said that its initial investigation showed no evidence indicated that data had been breached and there was no malware or ransomware installed.

How It Could Affect Your Customers’ Business: Business service providers in time-sensitive industries are high on the cybercriminal hit list because they’re likely to pay ransoms.

ID Agent to the Rescue:  Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>   




Russia – Whoosh

https://www.bleepingcomputer.com/news/security/whoosh-confirms-data-breach-after-hackers-sell-72m-user-records/

Exploit: Hacking

Whoosh: Transportation Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.782 = Moderate

Whoosh, Russia’s top scooter sharing service, has confirmed a data breach. Hackers have started shopping a database containing the details of 7.2 million customers on a hacking forum. The stolen data purportedly includes promotion codes that can be used to access the service for free, as well as partial user identification and payment card data. The company had previously confirmed the cyberattack via statements on Russian media earlier this month but claimed that it had been thwarted. In a revised statement, the company has admitted the attack took place and data was stolen, claiming that no sensitive user data was impacted, which does not appear to be the case. 

How it Could Affect Your Customers’ Business: Payment card data is a hot seller for the bad guys on the dark web and they’re always happy to swipe it.

ID Agent to the Rescue:  See what the hottest topics are in business security and explore the challenges SMBs face today in The Kaseya Security Insights Report 2022. DOWNLOAD IT>>


France – The Department of Seine-et-Marne

https://globeecho.com/news/europe/france/cyberattack-a-ransom-of-10-million-dollars-demanded-from-the-department-of-seine-et-marne/

Exploit: Ransomware

The Department of Seine-et-Marne: Regional Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.482 = Extreme

The government of the department of Seine-et-Marne in northern France has been struck by a ransomware attack that has crippled government systems. Officials were quick to note that social benefits and salaries of departmental agents were unaffected, but outages and service disruptions were likely for other government functions, with no timeline given for restoration. The government’s website is also down. The unnamed hackers have demanded a ransom of $10 million, but the president (Les Républicains) of the departmental council of Seine-et-Marne says that he sees no reason to pay it. 

How it Could Affect Your Customers’ Business: Government agencies and bodies have been under siege by bad actors looking for a quick payout to avoid a disruption to public services.

ID Agent to the Rescue: Security awareness training helps employees avoid ransomware traps. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>> 


Finland – Uponor Corporation

https://www.yahoo.com/now/evidence-data-breach-resulting-ransomware-073000533.html

Exploit: Ransomware

Uponor Corporation: Industrial Plastic Pipe Maker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733 = Severe

A ransomware attack against plastic pipe and water system component company Uponor Corporation (Uponor Oyj) on November 5, 2022, led to a shutdown of production systems for a week and a data breach. The Finnish company reported that there is also evidence that current and former employee personal data has been exposed for employees in some countries where Uponor operates. Production has since been restored to capacity. No further information was available at press time about any ransom demand or claim of responsibility. 

How it Could Affect Your Customers’ Business: Ransomware has been a menace for manufacturers at critical points in the infrastructure supply chain and it’s getting worse.

ID Agent to the Rescue: Learn more about how to defend businesses from ransomware with the resources in our Deep Dive into Ransomware bundle! GET BUNDLE>> 


Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>



Malaysia – Air Asia

https://thehackernews.com/2022/11/daixin-ransomware-gang-steals-5-million.html

Exploit: Ransomware

Air Asia: Airline

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.283 = Severe

Budget air carrier Air Asia has fallen victim to a ransomware attack that has created a data breach impacting more than 5 million people. The attack took place on November 11-12, 2022. The cybercrime group Daixin Team has claimed responsibility. The group leaked sample data belonging to AirAsia on its dark web data leak portal. The samples show that the gang appears to have grabbed passenger information and the booking IDs as well as personal data related to the company’s staff. In an interesting twist, Hacker News reports that A spokesperson for the threat actor said that further attacks were not pursued because of “the chaotic organization of the network.” No information about any ransom demand was available at press time.

How it Could Affect Your Customers’ Business: Airlines are a popular target for ransomware gangs, and that threat will grow throughout the winter holiday season.

ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture ChecklistDOWNLOAD IT>> 



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>



See how today’s biggest threats may impact your MSP and your customers in our security blogs.




Special News Bulletin

December’s Powered Services Pro Campaign is Here!


The December campaign about Backup from Powered Services Pro will help you boost your sales and ensure that your clients are ready for cybersecurity challenges in 2023!  Backup is a must-have for every business today, and digital transformation includes moving to cloud-based backup. Use the tools provided to demonstrate the value of cloud backup to your clients and why they need to invest in it now.

MSP Value Prop: 

Cloud-based data needs backup too. But what if that data gets stolen or deleted? Most cloud platforms acknowledge backup shortcomings and recommend having a backup and recovery solution for cloud-based data, whether it be in O365, Google Workspace, Salesforce, etc. 

End Buyer Value Proposition: 

Ensure your cloud-based data is fully recoverable. Many small businesses realize too late that their cloud-based platforms don’t offer sufficient data restoration capabilities. Prevent data loss with backup and recovery as a service. 

Learn more 


Save Big on Tickets for Connect IT Global for a Limited Time 


It’s that time of the year when we thank you for your unwavering support of Kaseya’s solutions and your contribution to the success of Kaseya. As a token of our gratitude, we are running a special Thanksgiving promo offer on early bird tickets for Connect IT Global 2023. 

Buy a ticket before November 28, 2022, and get another at 50% off on our discounted early bird pricing*.  
Don’t miss this chance to attend the IT service industry’s best event and learn how to build systems, evolve your business and lead the industry toward a stronger tomorrow. 

BUY TICKETS>> 

*Discount applicable to same ticket type as the first one purchased. This discount does not apply to 3 Night or 4 Night Hotel Bundle Tickets. Additional Tickets can be added at the end of the first ticket registration process.


Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>



2 Resources to Promote Security Awareness Training

These two new resources offer important information about why security awareness training is a must-have for every organization.
Security Awareness Training – How it Prevents the Biggest Threats
You know the value of security awareness training, but do your clients? This infographic helps demonstrate the value of training by walking readers through how it helps them strengthen their defenses against today’s nastiest risks. DOWNLOAD IT>>

Are You & Your Clients Getting the Most Out of BullPhish ID?
This checklist helps make sure that you and your clients are taking advantage of all of the features and benefits that you get when you choose BullPhish ID as your security training and phishing simulation solution. DOWNLOAD IT>>

Did you miss… The Kaseya Security Insights Report 2022? DOWNLOAD IT>>


It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>



How Healthy is the MSP Business?

Datto’s State of the MSP Report 2023 Gives You a Diagnosis 


As we head into the last part of 2022, MSPs’ minds are turning to planning for next year. Looking back at the state of the industry in 2022 is an important part of that process. The Datto Global State of the MSP Report: Looking Ahead to 2023 offers a look at the opinions, challenges, experiences and future plans of a cross-section of 1800 MSPs from around the world to take the temperature of the MSP business. Researchers asked MSPs about what’s working and what isn’t working and took a deep dive into the revenue drivers MSPs see today and tomorrow. The results can help you gain insight into factors that you may want to consider in your 2023 plan. 


managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>


Is this a good time to be an MSP? 


The MSP market sentiment continues to remain strong, and nearly all respondents still believe it is a great time to be an MSP.  An overwhelming majority of respondents (95%) said that they believe that now is a good time to be in the industry and that it will continue to grow – 82% expect revenue will increase over the next three years. Just over half of respondents said they have been in business between six and 11 years. However, nearly a quarter reported that they’ve been in business for less than five years, indicating the industry is still attracting newcomers.  

Source: Datto


Watch this webinar to learn how to make Dark Web ID your prospecting secret weapon! WATCH NOW>>


The outlook for annual revenue is rosy 


Good news: Revenue is climbing steadily for MSPs, and that upward trajectory is expected to continue. Even in today’s turbulent economy, three out of five MSPs said that they’d experienced an increase in revenue in the past 12 months. Diving deeper, just over one-third (36%) of respondents reported annual revenues between $1 million and $5 million, and another third (32%) said they had average annual revenue of less than $1M. Some MSPs are seeing very high revenue, with 8% of respondents saying that their annual revenue topped $10 million and 5%  reporting annual revenue of over $20 million.  

Source: Datto


This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>


Break-fix is back 


Nearly all MSPs now offer some flavor of managed security services, and they too see an evolution toward solutions that help mitigate and monitor for attacks as well as recover from them. Revenue associated with managed security services seems to be shifting to break-fix across regions – this year’s survey saw an 11% increase in break-fix revenue. The reasons for that increase vary, but one thing is clear: this isn’t the same as the break-fix the industry dealt with 20 years ago. Traditionally, break-fix reflected MSPs having flexibility built into their contracts to charge extra for projects that fall outside of their normal responsibilities. But break-fix has conceptually changed now to more of a co-managed service offered by MSPs to help over-burdened IT departments in larger companies stay afloat. Some MSPs report using it for legacy clients that have not been converted over to managed services. This increase in break-fix is likely attributable to a shift in new business opportunities.  

Source: Datto


Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>


The client base is shifting for MSPs


Most MSPs live and die by the revenue from small business clients, and those clients are engaged in a constant struggle to stay out of cybersecurity trouble. Almost three-quarters of MSPs (71%) indicated that their clients have between 20 and 200 employees, down from 84% in 2021. More specifically, the 50 to 100 employee range was most common (20%), followed closely by 25 to 50 (17%) and then 100 to 150 (13%). Outside of the 20 to 200 employee range, there was a sharp drop-off at either end. Very few respondents serve clients with fewer than 10 employees (0) or more than 300 employees (3%).  

There have been a few shifts in the industries that MSPs are serving. High Tech (47%), and Healthcare (44%) were the top industries MSPs report serving. Telecom, which was at top of the list in 2021, dropped from 46% to 41%. In general, MSPs across the globe continue to target a very wide variety of verticals. Many respondents have clients in Travel/Transportation, Manufacturing, Professional Services, Education, Energy, Media/Entertainment and Financial Services.


See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>


What is the top challenge for MSPs? 


For the second year in a row, respondents said that competition is their top challenge (29%). This isn’t particularly surprising as the MSP space continues to grow, and the landscape becomes more competitive. It is interesting that MSPs remain quite bullish about revenue growth even though it also ranks highly as a challenge year over year. When considering the challenges that may limit growth, MSPs consistently point to the challenges associated with sales and marketing as a major limitation. Specifically, MSPS have trouble finding the optimal tools, time and strategy to deliver high-quality leads.  

That’s especially problematic in today’s market. Competition is growing among MSPs for a variety of reasons. More SMBs are seeking out technology services from MSPs as the world continues its digital transformation. That has been especially true throughout the pandemic as many SMBs sought help with remote work enablement. Also, SMBs varying security needs mean that they may be looking for more specialized MSPs or MSSPs who can provide them with certain security services. Marketing challenges could make it hard for prospects to find the right MSP and MSPs to find the right leads.   

Source: Datto


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>


Get the right security solutions to help your MSP & your clients’ business grow 


The right security solutions and the right partner make all the difference in your MSPs’ success. Kaseya is ready to help you grow in 2023 with award-winning security solutions. 

Security awareness and compliance training plus phishing simulation        

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations.  

  • An extensive library of security and compliance training videos in eight languages      
  • Plug-and-play or customizable phishing training campaign kits      
  • New videos arrive 4x per month and new phishing kits are added regularly         

Dark web monitoring          

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.         

  • 24/7/365 monitoring using real-time, machine and analyst-validated data           
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses         
  • Live dark web searches find compromised credentials in seconds      
  • Create clear and visually engaging risk reports         
  • Automated, AI-powered antiphishing email security     

Email security

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.      

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast        
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.       
  • 3 layers of powerful protection at half the cost of competing solutions       
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance   

Managed SOC 

Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered 

  • Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud 
  • Patent-pending cloud-based technology eliminates the need for on-prem hardware 
  • Discover adversaries that evade traditional cyber defenses such as Firewalls and AV 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>



Schnizzfest is back this January 23 to 25, 2023 in Phoenix, Arizona. Rub shoulders with industry peers, thought leaders, and enjoy the pure Schnizzfest awesomeness with fun games and drinks at the Hyatt Regency Phoenix. Take advantage of early bird pricing and secure your seat today! REGISTER NOW>>

November 24: Connect IT Local – Scotland REGISTER NOW>>

November 24: Connect IT Local –  Adelaide, AUS REGISTER NOW>>

December 6: Connect IT Local – Atlanta REGISTER NOW>>

December 6: Connect IT Local –  Auckland, NZ REGISTER NOW>>

December 8: Connect IT Local –  Miami REGISTER NOW>>

December 8: Datto & Kaseya Connect IT Local – Reading, UK REGISTER NOW>>

December 13: Connect IT Local – Ft. Lauderdale REGISTER NOW>>

December 13: Executive Roadshow REGISTER NOW>>

December 15: Connect IT Local – Washington DC REGISTER NOW>>

January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>

April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!