The Week in Breach News: 11/23/22 – 11/29/22
This week: Credential stuffing sticks DraftKings with a $300K loss, a bevy of Canadian breaches, a new holiday infographic plus more resources and what to do about elevated ransomware risk this holiday season.
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
DraftKings
https://www.infosecurity-magazine.com/news/credential-stuffers-300k/
Exploit: Credential Stuffing
DraftKings: Sports Betting Platform
Risk to Business: 1.106 = Extreme
Users of sports book platform DraftKings took a heavy hit last week with an estimated $300k lost to a credential stuffing attack. A company official confirmed the attack in a statement, saying that they believe that the incident stemmed from customers reusing login credentials that had already been compromised elsewhere. Bad actors gained access to several user accounts that they immediately took over, changing the passwords and enabling 2FA for a phone number they controlled. DraftKings has said that customers who lost money will be made whole but did not offer specifics.
How It Could Affect Your Customers’ Business: This is not a good look during a busy time f year for sports betting with the World Cup ongoing and the U.S. football playoffs ahead.
ID Agent to the Rescue: Security awareness training prevents employee mistakes. These 10 tips help you ensure that you and your clients are getting the most out of your training program. GET TIPS>>
Cincinnati State Technical and Community College
Exploit: Ransomware
Cincinnati State Technical and Community College: Institution of Higher Learning
Risk to Business: 2.843 = Moderate
The Vice Society ransomware group has added Cincinnati State Technical and Community College to its dark web leak site, releasing a trove of purportedly stolen documents ranging across the past two years. The school confirmed that it had experienced a cybersecurity incident that is still under investigation in early November. While class schedules were not impacted, the school is still working to restore functionality in some of its communications systems. Financial aid services, network printing, VPN tools, department share drives, admission application platforms, transcript exchanges, grading tools and more were all still down as of last Friday. The release of the documents may indicate that the school did not pay the ransom that Vice Society demanded.
How It Could Affect Your Customers’ Business: Educational institutions at every level have been hit hard by bad actors, and they’re favored targets for Vice Society.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
The City of Westmount
https://www.itworldcanada.com/article/montreal-area-city-hit-by-ransomware-report/514484
Exploit: Ransomware
The City of Westmount: Municipality
Risk to Business: 1.652 = Severe
Ransomware has struck the city government of Westmount in Montreal. The Lockbit ransomware gang has claimed responsibility, claiming it snatched 14 TB of data from the city. Westmount’s website is unaffected, but many city departments are hampered by a lack of access to email and communications systems. The attack was reportedly spotted by a city employee on Sunday morning, The city says that its Information Technology Department is working with a leading external cybersecurity firm and the appropriate national agencies to determine the extent of the attack and remediate damage, but no timeline was provided.
How It Could Affect Your Customers’ Business: Municipal governments have been a major target for ransomware gangs looking to score a quick ransom payment.
ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>
Sonder
https://www.infosecurity-magazine.com/news/sonder-confirms-data-breach/
Exploit: Hacking
Sonder: Hospitality Company
Risk to Business: 2.633 = Moderate
Sonder, a Montreal company that specializes in short-term rentals, has experienced a data breach that has exposed data for some of its clients. In a statement, Sonder disclosed that it had discovered that there had been unauthorized access to one of its systems that included certain guest records in early November. Specifically, guest records created prior to October 1, 2021, were involved in this incident. The company said that it is working with appropriate authorities as well as leading security and forensic specialists to get to the bottom of the incident.
Individual Risk: 2.722 = Moderate
Guest data exposed in this incident may include passport or other ID data, Sonder.com username and encrypted password, personal data including full name, phone number, date of birth, address, email address, financial data including guest transaction receipts and the last 4 digits of credit card numbers and transaction amounts, plus dates booked for stays at a Sonder property.
How it Could Affect Your Customers’ Business:Ths kind of business is ripe for the picking by bad actors because it holds a wide variety of saleable data
ID Agent to the Rescue: See what the hottest topics are in business security and explore the challenges SMBs face today in The Kaseya Security Insights Report 2022. DOWNLOAD IT>>
Coinsquare
https://bitcoinist.com/coinsquare-suffers-data-breach-heres-what-happened/
Exploit: Hacking
Coinsquare: Cryptocurrency Exchange
Risk to Business: 1.482 = Severe
Crypto platform Coinsquare had to temporarily shut down operations in response to a hacking incident that caused a data breach on its platform. Coinsquare admitted that its customer database with personal information was accessed by a third party in the November 19 incident. The company was quick to note that although user PII and come account information were likely exposed to bad actors, no passwords were compromised and users’ assets remained safe. Just one month ago, Coinsquare became the first Canadian crypto trading platform to get registered by the Investment Industry Regulatory Organization of Canada (IIROC).
How it Could Affect Your Customers’ Business: The embattled cryptocurrency industry can’t afford high-profile losses right now, especially from reputable platforms.
ID Agent to the Rescue: Security awareness training helps employees avoid ransomware traps. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>>
Harry Rosen
Exploit: Ransomware
Harry Rosen: Menswear Retailer
Risk to Business: 1.812 = Severe
Harry Rosen is the latest retail company to be hit by a cyberattack. The menswear retailer was hit by a suspected ransomware attack in mid-October. The BianLian ransomware group has claimed responsibility, listing the company as a victim on its leak site. According to the gang they have obtained more than 1TB of data including data on Gold club members, sales records, file server data and data they’ve labeled Projects, Marketing, HR and Public Relations. The data has begun to be released, suggesting that Harry Rosen did not pay the unspecified ransom demanded. The company said that it is working with federal privacy regulators and the privacy regulators in Alberta and Quebec to resolve the incident.
How it Could Affect Your Customers’ Business: Tis the season for a non-stop barrage of cyberattacks against brick-and-mortar and eCommerce retailers.
ID Agent to the Rescue: Learn more about how to defend businesses from ransomware with the resources in our Deep Dive into Ransomware bundle! GET BUNDLE>>
What’s next for MSPs? Find out in the Datto Global State of the MSP Report: Looking Ahead to 2023 DOWNLOAD IT>>
France – The Government of Guadeloupe
https://therecord.media/guadeloupe-kickstarts-continuity-plan-after-wide-ranging-cyberattack/
Exploit: Ransomware
The Government of Guadeloupe: Regional Government
Risk to Business: 1.733 = Severe
The French Caribbean island region Guadeloupe has been struck by a ransomware attack that has crippled its government. What has been described as a “far-reaching” cyberattack culminated in a temporary shutdown of the government’s online functions and communications systems. Officials said that a continuity plan in place ensured that essential functions like schools and public services would continue to function normally. No timeline was provided for all services to be restored and no ransom demand was made public. The government announced that it is working with France’s data protection authority Commission nationale de l’informatique et des libertés )CNIL) as well as France’s National Information Systems Security Agency (ANSSI), the National Police and the Gendarmerie to resolve the incident.
How it Could Affect Your Customers’ Business: Making a continuity plan is a smart move that will help Guadeloupe get out from under this disaster quickly.
ID Agent to the Rescue: Learn more about how to defend businesses from ransomware with the resources in our Deep Dive into Ransomware bundle! GET BUNDLE>>
Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>
Australia – The Smith Family
Exploit: Credential Compromise
The Smith Family: Youth Non-Profit
Risk to Business: 2.237 = Severe
Children’s charity The Smith family has become the latest victim in a string of cyberattacks that have pummeled Australia in recent months. The organization said that an unauthorized party was able to gain access to an employee’s email account in October, resulting in the exposure of donor information. At the same time, the bad actor also attempted to siphon off funds, but that attempt was thwarted. The charity said it is working with the Australian government’s Cyber Security Centre and the Office of the Australian Information Commissioner to investigate the incident. The perpetrator was not able to access any data about the children the charity helps, and programs will continue to run as normal.
Risk to Business: 2.165 = Severe
Data exposed in this incident includes. donor names, addresses, other contact information and partial credit card data.
How it Could Affect Your Customers’ Business: Cyber risk is especially elevated for charities throughout the holiday season as donations rise.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- Almost Half of Businesses Are Making a Big Email Security Mistake
- Cyberattacks on Critical Infrastructure Are Surging
- Businesses Face Growing Cyberattack Risk from Dark Web Exposure
- Watch Out for Brand Impersonation Phishing Attacks
- SMBs Fear Phishing More Than Any Other Threat
- Automation Makes Credential Stuffing Nastier Than Ever
- The Week in Breach News: 11/09/22 – 11/15/22
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
2 Holiday-Themed Bonus Campaigns from Powered Services Pro
Bonus Social Media Pro Campaign: Online Shopping Risks – Everyone’s doing some online holiday shopping at home and at work. At the same time, risks for cyberattacks like ransomware double during the winter holidays. Your clients need to know how to mitigate that risk and reduce the chance of an unwelcome guest this holiday season, and this bonus campaign about holiday shopping risk gets the message across!
MSP Value Prop:
When it comes to steep discounts in times of high inflation, it can be tempting to click before thinking. Help your social media followers avoid getting scammed this holiday season by freshening up on online best practices now.
End Buyer Value Proposition:
Click with confidence this holiday shopping season. Brush up on spotting a real deal from a scam now, so that you only catch good deals and not a digital virus this holiday shopping season.
Q4 Bonus Holiday Campaign Ads and Starter Posts – As we roll into the thick of the winter holiday season, keep your MSP top-of-mind with customers by leveraging our celebratory bonus ads to start a conversation about security with your clients.
- National Computer Security Day (11/30)
- National App Day (12/11)
- National Device Appreciation Day (12/17)
- Hanukkah begins (12/18)
- Christmas (12/25)
- Kwanzaa begins (12/26)
- National Download Day (12/28)
- New Year (01/01)
Save Big on Tickets for Connect IT Global for a Limited Time
It’s that time of the year when we thank you for your unwavering support of Kaseya’s solutions and your contribution to the success of Kaseya. As a token of our gratitude, we are running a special Thanksgiving promo offer on early bird tickets for Connect IT Global 2023.
Buy a ticket before November 28, 2022, and get another at 50% off on our discounted early bird pricing*.
Don’t miss this chance to attend the IT service industry’s best event and learn how to build systems, evolve your business and lead the industry toward a stronger tomorrow.
*Discount applicable to same ticket type as the first one purchased. This discount does not apply to 3 Night or 4 Night Hotel Bundle Tickets. Additional Tickets can be added at the end of the first ticket registration process.
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
New Infographic! 12 Days of Tips to Help Businesses Reduce Holiday Cyber Risk
‘Tis the season for online shopping. But with that shopping comes some unpleasant cybersecurity risks for businesses. This new infographic details those risks and how to avoid them. Share these 12 tips with your clients to ensure that your clients they don’t receive the unwanted gift of a cyberattack or data breach this holiday season.
Did you miss… Security Awareness Training: How It Prevents the Biggest SMB Security Threats DOWNLOAD IT>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Are Your Clients Ready for Holiday Cyberattacks?
Don’t Risk Ransomware Running Anyone’s Holiday!
It’s that time of year again when people’s minds turn to fun holiday activities and relaxing time off. But this is also the time of year when something else comes along to disturb that holiday peace: cyberattacks. The winter holiday season is prime time for cyberattacks, with increased risk for businesses of every kind. These tips can help you navigate your customers safely through this tricky period and prevent their good time (and yours) from being rudely interrupted by cybercriminals.
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
Ransomware risk goes up by 70% this time of year
Everyone’s busy during the holidays, and cybercriminals know that. They also know that people are doing online shopping through personal and work devices. The Deloitte 2022 holiday retail survey found that over 60% of shoppers prefer to shop online for gifts and other seasonal deals. Bad actors are more than happy to take advantage of the opportunities offered to them by the distraction and disruption that celebrations, schedule changes and end-of-year pressures can bring to the office to launch cyberattacks, especially through phishing. TransUnion’s research shows that in 2021, there was a 25% increase in e-commerce fraud attempts during the holiday season.
But fraud isn’t the only unwelcome gift that cybercriminals want to bring to the company holiday party. They’re also launching an increased number of ransomware attacks. In 2021, researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. A new holiday ransomware study from Cybereason, “Organizations at Risk 2022: Ransomware Attackers Don’t Take Holidays”, dives into some of the ways that ransomware impacts companies and employees throughout the winter holidays with data included for both several major industries and geographic regions. The report also goes into the steps that companies can take to steer clear of holiday risk.
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
IT pros lose holiday time to cybersecurity problems
No one wants to worry about a cyberattack when they’re relaxing with friends and family, let alone execute an incident response. Unfortunately, far too many IT professionals find themselves in exactly that position. A whopping 88% of survey respondents said they had missed out on something special like a holiday celebration or weekend event due to a ransomware attack. Digging deeper, in the U.S. and Germany, nine in 10 respondents said that they’d had their holiday plans disrupted by a ransomware attack on their organization.
Have you had your holiday or weekend plans disrupted by a cyberattack?
| Region | % of respondents |
| Italy | 97% |
| Germany | 95% |
| UAE | 94% |
| Singapore | 92% |
| US | 97% |
| South Africa | 84% |
| UK | 81% |
| France | 79% |
Source: Cybereason
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Companies that are unprepared suffer additional damage
The impact of a ransomware attack on a holiday weekend varies by industry, but none of the outcomes is pleasant. Across the board, an attack coming during a weekend or holiday is just worse than the same attack at another time. The most common factor that companies have to deal with when responding to a cyberattack on a holiday or weekend is that it takes longer to get a full picture of the attack. Over one-third of respondents (37%) said that it takes them longer to assess the scope of an attack on a holiday. Building on that, more than a third of respondents also said it takes them longer to stop an attack and assemble their response team on weekends and holidays. This cascade of challenges leads directly to businesses experiencing a longer recovery timeline and ultimately losing more money in the event of an attack on a holiday or weekend than they normally would.
Outcomes of a cyberattack on a weekend or holiday
| Negative consequence | % of respondents who experienced it |
| It took us longer to stop the attack | 37% |
| It took us longer to assess the scope of the attack | 37% |
| It took us longer to recover from the attack | 36% |
| It took us longer to assemble our team | 34% |
| The business lost more money | 31% |
Source: Cybereason
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
Holidays slow down detection & response but drive up bills
The news isn’t any better about the impact of a cyberattack like ransomware during a holiday by industry. In fact, some industries are particularly hard-hit by holiday attacks. The seven sectors that researchers chose to concentrate on in this report are Education, Finance, Healthcare, Travel & Transport, Manufacturing & Utilities, IT & Telecom and Retail, Catering & Leisure. Across those verticals. Education stood out as the sector in which it would take the longest for an organization to assess the scope of a cyberattack over a holiday, with more than half of respondents indicating that their assessments might be slow. IT professionals in the Education sector also said that their organizations would lose more money in a holiday attack.
| Education | Finance | Healthcare | IT & Telecom | Manufacturing & Utilities | Retail, Catering & Leisure | Travel & Transport | |
| It took us longer to assess the scope of the attack | 54% | 39% | 30% | 35% | 38% | 41% | 33% |
| It took us longer to respond to/ stop the attack | 42% | 40% | 31% | 31% | 37% | 40% | 43% |
| The business lost more money | 42% | 24% | 34% | 24% | 32% | 31% | 38% |
Source: Cybereason
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
3 attack types dominate the threat landscape
Diving deeper, researchers also looked at what types of incidents companies SOCs were responding to the most during holiday or weekend periods. The top threat varied around the world, but three major cyberattacks stood out as the most problematic incidents for SOCs. Ransomware leads the pack for U.S. companies, with more than half (66%) of IT pros in the U.S. indicating that is the threat their SOC handles the most. For organizations in the UK, their SOC is most likely to be looking at a supply chain attack (45%). Overall, an average of 49% of respondents indicated ransomware, 46% of respondents pointed to a supply chain attack and 31% said a targeted attack was the incident that their SOC was most likely to have to deal with during a weekend or holiday.
| US | UK | Germany | France | UAE | Singapore | Italy | South Africa | |
| Ransomware | 66% | 45% | 40% | 41% | 50% | 45% | 37% | 44% |
| Supply chain attack | 47% | 54% | 30% | 33% | 48% | 38% | 51% | 45% |
| Targeted attack | 34% | 29% | 25% | 31% | 27% | 29% | 33% | 35% |
Source: Cybereason
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
Low staffing levels can spell disaster
Staffing is a continuous challenge for every company looking for IT professionals as the IT skills shortage continues to worsen, especially for companies that are looking to add cybersecurity expertise to their roster. Bad actors are well aware of the fact that businesses run on skeleton staffs during holiday periods and on weekends, and they’re using that information to their advantage to plan their operations. The majority of survey respondents said that they run at less than half staff (44%) during holidays and weekends. Many companies drop to less than 10% staffing during those periods, including companies in four major verticals: Finance (36%), Healthcare (26%), Manufacturing (17%) and IT and Telecom (15%).
What is your average staffing level on holidays and weekends?
| 80 – 100% staffed | 7% |
| 50 – 70% staffed | 26% |
| 33 – 50% staffed | 23% |
| Less than 33% staffed | 44% |
Source: Cybereason
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Companies are investing in detection and automation technologies
Organizations are taking a variety of proactive steps to mitigate their risk and reduce the possibility that they’ll have to deal with an unpleasant and time-consuming incident response on a holiday or weekend. More than one-third of respondents said that they’re planning to improve their ransomware detection capabilities. Many organizations are also discovering the power and efficiency of AI and automation in security to help them close gaps and find problems faster, and they’re putting that learning to work for them to reduce their holiday cyberattack risk. Just under a third of respondents (29%) said that they’re investing in automation to improve their attack detection and response capabilities, reducing the burden on their staff.
| Implementing new ransomware detection capabilities | 38% |
| Augmenting staff to respond faster | 31% |
| Adding automation to speed detection & response | 29% |
| Setting up crypto wallets to pay ransoms | 27% |
| Learning to negotiate with ransomware groups | 27% |
Source: Cybereason
Help your clients make sure they’ve got their identity & access management bases covered. GET CHECKLIST>>
The best offense is a strong defense
Kaseya’s security solutions can help you keep your clients safe from holiday cyberattacks quickly and easily at a price you’ll both love.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
- Automated, AI-powered antiphishing email security
Email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Schnizzfest is back this January 23 to 25, 2023 in Phoenix, Arizona. Rub shoulders with industry peers, thought leaders, and enjoy the pure Schnizzfest awesomeness with fun games and drinks at the Hyatt Regency Phoenix. Take advantage of early bird pricing and secure your seat today! REGISTER NOW>>
November 30: Stop Attackers with Managed SOC REGISTER NOW>>
December 6: Connect IT Local – Atlanta REGISTER NOW>>
December 6: Connect IT Local – Auckland, NZ REGISTER NOW>>
December 8: Connect IT Local – Miami REGISTER NOW>>
December 8: Datto & Kaseya Connect IT Local – Reading, UK REGISTER NOW>>
December 8: Cyber Insurance Changes and You REGISTER NOW>>
December 13: Connect IT Local – Ft. Lauderdale REGISTER NOW>>
December 13: Executive Roadshow REGISTER NOW>>
December 15: Connect IT Local – Washington DC REGISTER NOW>>
January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>
April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!