Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/29/23 – 12/05/23

December 06, 2023

This week: Two worrying cyberattacks on aerospace agencies, ransomware hits another utility, a fresh feature in Datto EDR and a look at business cybersecurity spending.


See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>


Exploit: Ransomware

Staples: Office Supply Retailer

1.51 – 2.49 = Severe Risk

Risk to Business: 1.617 = Severe

A Cyber Monday attack on office supply retailer Staples threw a wrench in the company’s business on one of the busiest shopping days of the year. Staples said that it was forced to take many of its systems offline, disrupting processing and delivery capabilities, communications channels and customer service lines. Most services were restored by the end of the week, and there was no word about data theft at press time. 

How It Could Affect Your Customers’ Business: Retailers can’t afford downtime at any time, but it is especially damaging during the holiday season.

Kaseya to the Rescue: Learn about how Datto EDR with Ransomware Rollback helps companies recover from ransomware faster. REGISTER NOW>>

Blue Shield of California

Exploit: Hacking

Blue Shield of California: Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.691 = Severe

Blue Shield California is the latest company to fall victim to a MOVEit-related hack by the Cl0p ransomware gang. Data was stolen from a Blue Shield server managing vision care data on May 28 and May 31, 2023. The insurer said that it became aware of the problem on September 1, 2023.  The stolen data may have included names of members, their dates of birth, social security numbers and information related to their vision health care. The company said it has brought in a third-party cybersecurity company and law enforcement for the investigation. 

How It Could Affect Your Customers’ Business: The interconnection of businesses means that cybercriminals will continue to find new zero-day exploits.

Kaseya to the Rescue:  An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>


Exploit: Misconfiguration

WeMystic: Astrology Website

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.703 = Moderate

WeMystic, a website that offers its users astrology, spiritual well-being care and fortune telling has experienced a data breach caused by a server misconfiguration. Experts discovered an open server with 34 gigabytes of data about 1. 3 million people. The exposed data includes users’ names, email addresses, dates of birth, IP addresses, gender, horoscope signs and other user system data.  

How It Could Affect Your Customers’ Business: Human error is the number one enemy of data security, but security awareness training can change that.

Kaseya to the Rescue: Our Guide to Reducing Insider Risk offers tips for mitigating accidental insider risk and spotting malicious insiders. DOWNLOAD IT>>

North Texas Municipal Water District (NTMWD)

Exploit: Ransomware

North Texas Municipal Water District (NTMWD): Utility

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.840 = Severe

 A north Texas water utility that serves more than 2.3 million people in 13 cities has fallen victim to a ransomware attack. North Texas Municipal Water District (NTMWD). Officials said that the attack only impacted its phone system and the systems in its business office, assuring the public that the attack did not impact its core water, wastewater and solid waste services. The cybercrime group Diaxin has claimed responsibility for the attack.  

How It Could Affect Your Customers’ Business: Ransomware attacks against utilities have been ramping up, and everyone should be worried about that.

Kaseya to the Rescue:  Ransomware is a major threat to all organizations, not just businesses. Learn more about ransomware and get tips to mitigate risk in Ransomware 101. DOWNLOAD IT>> 

Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>

China – Yanfeng Automotive Interiors

Exploit: Ransomware 

Yanfeng Automotive Interiors: Auto Parts Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

The Qilin ransomware group has claimed responsibility for a cyberattack on one of the world’s largest automotive parts manufacturers, Yanfeng Automotive Interiors (Yanfeng). This attack forced the car company to stop production at its North American plants. The threat actors published multiple samples as proof of the hack including financial documents, non-disclosure agreements, quotation files, technical data sheets and internal reports.  

How it Could Affect Your Customers’ Business: Manufacturers of all kinds have been experiencing increased cyber risk as operational technology (OT) comes under fire.

Kaseya to the Rescue:  This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>> 

India – National Aerospace Laboratories (NAL)

Exploit: Ransomware

National Aerospace Laboratories (NAL): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.736 = Severe

The notorious ransomware group LockBit has added India’s space agency National Aerospace Laboratories (NAL) to its dark web leak site. The gang claims to have snatched a wide variety of data including confidential letters, an employee’s passport and other internal documents. NAL’s website also experienced an outage.  

How it Could Affect Your Customers’ Business: Government agencies need to be especially careful about protecting sensitive data.

Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>

Japan – Japan Aerospace Exploration Agency (JAXA)

Exploit: Hacking

Japan Aerospace Exploration Agency (JAXA): Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.791 = Severe

The Japan Aerospace Exploration Agency (JAXA) has disclosed that it has experienced an unauthorized intrusion into its network.  The agency was made aware of the break-in over the summer. It was quick to assure the public that it doesn’t believe that any data pertaining to rockets or satellites was accessed. The incident remains under investigation. 

How it Could Affect Your Customers’ Business: This kind of highly sensitive data like schematics is very valuable for both garden-variety cybercriminals and nation-state threat actors.

Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>

Japan – Shimano

Exploit: Ransomware

Shimano: Bike Parts Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Major Japanese cycling component manufacturer Shimano was the victim of a ransomware attack by the LockBit group. The gang claims to have stolen 4.5 terabytes of sensitive company data, including confidential employee details, financial documents, a client database and other confidential company documents. The group had placed a November 5 deadline on the publication of the purloined data, but only published a fraction of the data after the deadline passed.  

How it Could Affect Your Customers’ Business: Ransomware risk has been steadily increasing and companies in every industry are in danger of an attack.

Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

Datto EDR Update – Named Security Policies

Datto EDR’s latest update adds a new must-have feature: customizable security policies that can be applied across different organizations and locations. Now EDR will no longer be restricted to a single set of global policies, making it easier for MSPs to tailor their policies for unique client needs.
Key Functionalities:

  • Create multiple named security policies
  • Apply different named policies across organizations and locations
  • Quickly edit, disable and apply policies

Learn more about the capabilities of Datto EDR now! LEARN MORE>>

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

The Guide to Reducing Insider Risk 2023  

In the latest edition of The Guide to Reducing Insider Risk, you’ll find the information that you need to take a deep dive into the problem of insider risk and explore ways to combat it, including:

  • What the biggest factors are that influence insider risk
  • How to spot a malicious insider before they strike
  • What actions you can take to reduce insider risk fast 


Did you miss… our Kaseya Security Survey Report 2023DOWNLOAD IT>>

Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>

Businesses Are Ready to Make New Security Investments 

Every day, businesses are navigating an intricate landscape where safeguarding sensitive data has become paramount as well as increasingly difficult. As the frequency and sophistication of cyber threats continue to escalate, a promising trend is emerging— a significant upswing in businesses’ investments in cybersecurity. Recognizing the importance of fortifying their digital defenses, organizations across various industries are allocating substantial resources to bolster their cybersecurity infrastructure. This surge in financial commitment by business leaders underscores the recognition of the critical role cybersecurity plays in safeguarding networks and data as well as the necessity for new tools to make it happen. In the Kaseya Security Survey Report 2023, we polled 3,066 IT professionals from around the world to find out about their companies’ investments in cybersecurity in 2023 and beyond.

Find more exclusive data about how companies are approaching cybersecurity in the Kaseya Security Survey Report 2023 DOWNLOAD IT>>

Many businesses need to improve the frequency of vulnerability assessments

IT security vulnerability assessments like penetration testing are a valuable tool for organizations to employ to find weaknesses in their security buildout, and most of our respondents are putting that tool to work for their organization in some capacity. Over half of our survey respondents (52%) said that their company conducts vulnerability assessments two to four times per year. Quarterly assessments are a requirement under some compliance standards and are considered a best practice. Another fifth (20%) said that their employer conducts assessments only once per year — well below the recommended standard. Even worse, 8% of respondents conduct assessments only every two to five years, allowing dangerous vulnerabilities that could translate into damaging cyberattacks to pile up.  

Approximately how frequently does your organization conduct IT security vulnerability assessments?  

Frequency of assessments Response 
Twice per year 29% 
3 to 4 times per year 23% 
Once per year 20% 
More than 4 times per year 15% 
Once every 2 to 4 years 6% 
Once every 5 years or longer 2% 
Never 2% 
I don’t know 2% 

Source: Kaseya Security Survey Report 2023

Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>

Businesses are investing in security

Even in a time of strained budgets, companies recognize how important IT security is for their continued success — and they’re making investments in it. Cloud security (28%), cyber insurance (27%) and endpoint detection and response (EDR) (26%) are the top three areas in which respondents said they plan to invest in the next year. Surprisingly, only 17% of respondents are planning to invest in security awareness training, a low-cost way to reduce security incidents by up to 70%, and 3% of respondents said their companies will not be making any cybersecurity investments at all. 

Which of the following cybersecurity investments do you anticipate making in the next 12 months?  

Investment Response 
Cloud security 28% 
Cyber insurance 27% 
Endpoint detection and response (EDR) 26% 
Dark web monitoring  23% 
Email/collaboration tool security 23% 
Network security 20% 
Managed SOC/MDR 19% 
Automated pen testing 18% 
Security awareness training 17% 
Secure remote access (SASE) 15% 
Vulnerability assessment 13% 
We do not anticipate investing in cybersecurity 3% 

Source: Kaseya Security Survey Report 2023

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

Security occupies up to half of IT budgets at most companies

Just like any other business asset, cybersecurity requires an investment, and a failure in upkeep can be disastrous. For the most part, business IT budget controllers are making security a priority and investing in cybersecurity technology. Just over three-quarters of our (76%) said that up to 50% of their company’s total IT budget is dedicated to security. Many IT professionals are looking at good news ahead in terms of budget.  

Approximately what percentage of your overall IT budget is dedicated to security?  

Budget dedicated to security    Response    
More than 50%  5%    
26% to 50%    30%    
11% to 25%    46%    
Less than 10%    15%    
I don’t know    4%    

Source: Kaseya Security Survey Report 2023

This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>

Cybersecurity budgets aren’t decreasing

In a challenging economy, businesses are looking for ways to save everywhere in their operations. Fortunately, many business decision-makers understand that cybersecurity isn’t the place to cut corners. More than half of our survey respondents (60%) said that their IT security budget was unchanged in the past 12 months. 30% of companies pumped up their investment in 2023, giving them an edge to combat future trouble. 

Did your company’s IT security budget increase, stay the same or decrease compared to 12 months ago? 

State of 2023 Security Budget Response 
Stayed the same 60% 
Increased 29% 
Decreased 7% 
I don’t know  4% 

Source: Kaseya Security Survey Report 2023

Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>

Companies have more money to spend on security in 2024

Businesses are facing a myriad of cybersecurity challenges, and IT departments will need to be appropriately resourced to meet them. About three-quarters of respondents (75%) expect their budgets to stay the same or increase in the next year, and that’s good news for overstretched IT professionals looking ahead to new threats. However, just under one-third of respondents said they expect budget cuts.  

Do you expect your company’s IT security budget to increase, stay the same or decrease in the next 12 months?  

Anticipated 2024 security budget Response 
Stay the same 45% 
Increase 43% 
Decrease 7% 
I don’t know 4% 

Source: Kaseya Security Survey Report 2023

Learn to defend against devastating cyber threats with A Comprehensive Guide to Email-based Cyberattacks. GET IT>>

Companies are savvy to the need for cyber insurance

Cyber insurance has become a must-have for businesses. The majority of our respondents (79%) said that their organization has cyber insurance. Our respondents also indicated that if their company doesn’t have cyber insurance, they’re planning to invest in it soon. Nearly two-thirds of respondents (62%) said that their organization is at least somewhat likely to purchase cyber insurance in the next 12 months.  

How likely is your organization to invest in cyber insurance in the next 12 months? 

Response % of responses 
We already have cyber insurance 27% 
Extremely Likely 17% 
Very likely 25% 
Somewhat likely 20% 
Not likely 7% 
I don’t know 5% 

Source: Kaseya Security Survey Report 2023

See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>

Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite

Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier. 

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.     

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.  

Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>

Are You Ready for the 12 Days of Phishmas?

Phishing risk is greatly elevated during the winter holiday season. Join us on December 12, 2023, at 1 pm ET / 10 am PT for our exclusive webinar, The 12 Days of Phishmas, as we unwrap 12 cybersecurity disasters and provide insights on how to avoid the same fate. REGISTER NOW>>

December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!