The Week in Breach News: 11/22/23 – 11/28/23
This week: Two water utilities are hit by ransomware, more MOVEit data breaches come to light, all about the new Graphus Personal Spam Filter feature and a look at our survey respondents’ ransomware experiences from the Kaseya Security Survey Report 2023.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Fidelity National Financial (FNF)
https://www.theregister.com/2023/11/23/blackcat_ransomware_fnf/
Exploit: Ransomware
Fidelity National Financial (FNF): Insurer
Risk to Business: 1.617 = Severe
The ALPHV/BlackCat cybercrime group says that it is responsible for a ransomware attack on Fortune 500 company Fidelity National Financial (FNF). The company confirmed the hack in a filing with the U.S. Securities and Exchange Commission (SEC), saying it had been forced to shut down a number of systems because of a cyberattack. Specifically, the company said that its title insurance, escrow and other title-related services, mortgage transaction services and technology to the real estate and mortgage industries had been impacted by the attack. FNF completed its SEC filing on November 19, and ALPHV/BlackCat claimed the attack on November 22.
How It Could Affect Your Customers’ Business: Financial services companies have been high on cybercriminal hit lists since 2020.
Kaseya to the Rescue: Learn about how Datto EDR with Ransomware Rollback helps companies recover from ransomware faster. REGISTER NOW>>
Welltok
Exploit: Hacking
Welltok: Software Service Provider
Risk to Business: 1.291 = Severe
Healthcare Software-as-a-Service (SaaS) company Welltok has disclosed that it experienced a data breach thanks to the MOVEit file transfer exploit. The company said that its MOVEit transfer server was breached on July 26, 2023, exposing the personal data of nearly 8.5 million patients in the U.S. Patient data exposed during the breach, included full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. The breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois and Massachusetts.
How It Could Affect Your Customers’ Business: The interconnection of businesses means that cybercriminals will continue to find new zero-day exploits.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
AutoZone
Exploit: Hacking
AutoZone: Automotive Parts Retailer
Risk to Business: 1.803 = Severe
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Cl0p MOVEit file transfer attacks. AutoZone has disclosed that it suffered a data breach on or about August 15, 2023, resulting in the compromise of data of 184,995 people. The company noted in a filing that after a three-month investigation, it determined that a mix of proprietary, employee and customer data had been stolen including employee names and Social Security numbers.
How It Could Affect Your Customers’ Business: Companies need to take smart precautions to protect their data from exploits like this one.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
Idaho National Laboratory (INL)
https://cyberscoop.com/idaho-national-laboratory-siegedsec/
Exploit: Hacking
Idaho National Laboratory (INL): Nuclear Research Laboratory
Risk to Business: 1.440 = Extreme
SiegedSed, a hacktivist collective that claims to be made up of “furries” says that it has stolen an assortment of data from the Idaho National Laboratory (INL). Officials at INL confirmed that it has experienced a data breach after bad actors infiltrated its Oracle HCM system. The exposed data belongs to employees of the facility and includes employees’ full names, dates of birth, email addresses, phone numbers, Social Security Numbers (SSN), physical addresses and employment information. INL has been in touch with the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate.
How It Could Affect Your Customers’ Business: Hacktivists are highly motivated attackers who will quickly find any security weaknesses.
Kaseya to the Rescue: This checklist of 10 things to look for when buying an endpoint detection and response (EDR) solution helps narrow the field. GET CHECKLIST>>
The Municipal Water Authority of Aliquippa
Exploit: Nation-State Attack
The Municipal Water Authority of Aliquippa: Regional Government Agency
Risk to Business: 1.673 = Severe
The Municipal Water Authority of Aliquippa, Pennsylvania says that an Iranian hacker group took control of one of its booster stations last weekend. The group calls itself Cyber Av3ngers and claims that it targeted the facility because it contains equipment from an Israeli company. Officials were quick to assure the public that an alarm sounded immediately, enabling them to prevent any impact on the water supply to Raccoon and Potter Townships. The incident is under investigation. The group claims to have hacked 10 water stations in Israel.
How it Could Affect Your Customers’ Business: Municipal governments and state government agencies have been prime targets for cyberattacks.
Kaseya to the Rescue: Ransomware is a major threat to all organizations, not just businesses. Learn more about ransomware and get tips to mitigate risk in Ransomware 101. DOWNLOAD IT>>
Ardent Health Services
Exploit: Ransomware
Ardent Health Services: Healthcare Provider
Risk to Business: 1.216 = Extreme
A Thanksgiving weekend ransomware incident at healthcare company Ardent Health Services has left hospitals scrambling and ambulances diverted from medical facilities in three states. Those facilities include a 263-bed hospital in downtown Albuquerque, New Mexico, a 365-bed hospital in Montclair, New Jersey, and a network of several hospitals in East Texas. Ardent said that it was forced to take its network offline to combat the attack. That knocked out user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs. Other Ardent-operated facilities have felt various impacts. News outlets are also reporting that Ardent did not discover the attack itself. Instead, the company warned of malicious cyber activity affecting its computer systems by CISA on November 22.
How it Could Affect Your Customers’ Business: Holiday weekends are prime time for bad actors to get to work mounting ransomware attacks.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Brookfield Global Relocation Services (BGRS)
Exploit: Hacking
Brookfield Global Relocation Services (BGRS): Moving Company
Risk to Business: 1.891 = Severe
Canada’s federal government is warning current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police that their personal and financial information may have been exposed in a data breach. Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, companies that hold government contracts to provide relocation support, informed the Government of Canada that they’d both been hacked in October 2023. The data breach may include any personal and financial information that employees provided to the companies as early as 1999. The Government of Canada acted quickly, saying in a statement that services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to individuals impacted by this data breach.
How it Could Affect Your Customers’ Business: These two hacks resulted in a wealth of very profitable data for the bad actors and a headache for the Canadian government
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
France – Service public de l’assainissement francilien (SIAAP)
https://therecord.media/paris-wastewater-agency-hit-cyberattack
Exploit: Ransomware
Service public de l’assainissement francilien (SIAAP): Utility
Risk to Business: 1.802 = Severe
The organization that manages wastewater for nine million people in and around Paris was hit with a cyberattack last week. Service public de l’assainissement francilien (SIAAP) said that it worked since Wednesday to secure industrial systems and close off all external connections in order to prevent the suspected ransomware attack from spreading. An emergency order has been issued authorizing officials at the organization to hire outside cybersecurity firms and purchase any equipment necessary to recover or restore systems. The incident remains under investigation.
How it Could Affect Your Customers’ Business: Cyberattacks against utilities can be very alarming and can lead to serious infrastructure problems.
Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Introducing the Graphus Personal Spam Filter
We are excited to announce a brand-new feature that further expands Graphus’s capabilities and value – the Personal Spam Filter. Now, in addition to providing powerful phishing protection, Graphus gives end users the ability to block unwanted messages they deem to be spam with a single click on the interactive EmployeeShield banner. This new capability is available now at no additional cost to all Graphus customers!
Graphus works in tandem with the MS 365 and Google Workspace filters by allowing end users to block “graymail” missed by those filters. Users can mark unwanted emails as junk with a single click, prompting Graphus to block the sender solely for that individual. Other recipients within the organization who may want to continue receiving communications from that sender won’t be affected.
The new Graphus Personal Spam Filter:
- Refines protection for each individual mailbox based on each user’s unique preferences
- Gives users control over unwanted emails
- Reduces distractions and wasted time, making employees more productive
Read all the details about what makes this new feature a game-changer in the Graphus blog. See how to enable the Graphus Personal Spam Filter in this guide.
Learn how to manage the Graphus Personal Spam Filter in this guide.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Download the Kaseya Security Survey Report 2023
Have you downloaded your copy of the Kaseya Security Survey Report 2023 yet? You won’t want to miss this insightful report about the biggest cybersecurity challenges that businesses face, the security measures they’re implementing and their experiences with cybercrime in the last year. DOWNLOAD IT>>
Did you miss… our Preventing Email-based Cyberattacks checklist? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Over Half of IT Pros Say Their Organization Will Fall Victim to Ransomware Next Year
In an era dominated by digital landscapes and interconnected networks, the ominous shadow of ransomware looms larger than ever over businesses of all sizes. As the threat landscape continues to evolve, ransomware continues to morph into new forms while remaining a formidable and pervasive menace. Businesses face a complex web of risks in the wake of escalating ransomware attacks. From crippling financial implications to the potential compromise of sensitive data, the stakes are higher than ever. In the Kaseya Security Survey Report 2023, we polled 3,066 IT professionals from around the world to find out about their experiences with ransomware over the past year and what they anticipate they’ll see in 2024.
Find more exclusive data about how companies are approaching cybersecurity in the Kaseya Security Survey Report 2023 DOWNLOAD IT>>
70% of respondents expect a ransomware attack would have a significant or fatal impact on their company.
With the number and frequency of ransomware attacks growing constantly, it’s no surprise that most IT professionals expect their employers to fall victim to one. Over three-fifths of our survey respondents (64%) said that their company is likely to experience a successful ransomware attack in the next 12 months. More than half (53%) of our respondents indicated that a successful ransomware attack would have a significant impact on their organization. An unfortunate 17% said they believe their company is unlikely to survive a successful ransomware attack.
Businesses must take every precaution to put themselves in the best possible position to recover from a ransomware attack. Having a business continuity and disaster recovery (BCDR) solution, a ransomware-specific incident response plan and endpoint detection and response (EDR) with a ransomware rollback feature will go a long way toward mitigating disaster.
What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?
| Likelihood of falling victim to a ransomware attack | Response |
| Extremely likely | 5% |
| Very likely | 22% |
| Somewhat likely | 37% |
| Not very likely | 28% |
| Not at all likely | 8% |
Source: Kaseya Security Survey Report 2023
If a successful ransomware attack on your business were to occur, how much impact do you think it would have?
| Severity of Impact | Response |
| Extreme impact – it would be difficult to recover | 17% |
| Significant impact | 53% |
| Minimal impact | 28% |
| No impact | 2% |
Source: Kaseya Security Survey Report 2023
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
Companies take a variety of pathways to recovery
Our survey respondents followed a variety of pathways to recover from ransomware disasters. One-third of respondents (33%) said they were successfully able to perform a disaster recovery and restore everything from backups — a low figure considering the expenses and downtime a business can face in the event of a ransomware attack. More than half of respondents (60%) told us that they were forced to reinstall and reconfigure at least some of their systems — a time-consuming operation.
One in five respondents said that their organizations paid the attackers — a practice that is frowned upon by experts and law enforcement because it can embolden cybercrime gangs and, in some cases, support terrorism. About one-fifth of respondents paid the ransom in an effort to recover their data. However, as 14% of respondents found out, paying the ransom doesn’t necessarily mean that you will recover your data.
If you were a victim of a ransomware attack, which of the following actions did you take to recover your data?
| Action | Response |
| Performed disaster recovery (DR) and restored everything from full backups | 33% |
| Restored a portion of the systems and reinstalled and reconfigured the rest | 31% |
| Reinstalled and reconfigured all of our systems from scratch | 29% |
| We paid the ransom to have our data decrypted | 21% |
| We decided not to pay the ransom and lost our data completely | 17% |
| We paid the ransom but still could not decrypt our data, losing it completely | 14% |
| We could not recover and have closed or are closing our business | 7% |
| No action was needed | 4% |
| We have never been hit with a ransomware attack | 14% |
Source: Kaseya Security Survey Report 2023
Almost half of respondents reported that their organization chose to pay a ransom
As we covered earlier, one in five of our respondents said that their organization paid the attacker when they experienced a successful ransomware attack. For nearly half of those businesses, that ransom payment was between $100 and $1,000 (42%). Even though that may seem like an acceptable cost to retrieve your data and get back to work, paying the ransom doesn’t always work out and may be illegal.
Thinking about the ransomware attack you experienced, what was the cost of the ransom?
| Cost of Ransom | Response |
| $50,000 or more | 6% |
| $25,000 to less than $50,000 | 9% |
| $10,000 to less than $25,000 | 12% |
| $5,000 to less than $10,000 | 13% |
| $1,000 to less than $5,000 | 21% |
| $500 to less than $1,000 | 15% |
| Less than $500 | 15% |
| I don’t know | 5% |
| I prefer not to answer | 2% |
Source: Kaseya Security Survey Report 2023
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Are You Ready for the 12 Days of Phishmas?
Phishing risk is greatly elevated during the winter holiday season. Join us on December 12, 2023, at 1 pm ET / 10 am PT for our exclusive webinar, The 12 Days of Phishmas, as we unwrap 12 cybersecurity disasters and provide insights on how to avoid the same fate. REGISTER NOW>>
December 5: RocketCyber and Datto EDR Q4 Product Innovation Update REGISTER NOW>>
December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!