The Week in Breach News: 12/01/21 – 12/07/21
Cybercriminals snatched millions from three cryptocurrency platforms, PII and PHI were exposed in major medical clinic snafus and the impact of ransomware on their clients according to MSPs, plus what they expect to see in the ransomware space in 2022.
Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>
Planned Parenthood
https://www.washingtonpost.com/nation/2021/12/01/los-angeles-planned-parenthood-hack/
Exploit: Ransomware
Planned Parenthood: Healthcare Provider
Risk to Business: 1.616= Severe
Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack. A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway.
Risk to Business: 1.703= Severe
PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.
Customers Impacted: 400,000
How It Could Affect Your Customers’ Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.
ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
Gale Healthcare Solutions
Exploit: Misconfiguration
Gale Healthcare Solutions: Healthcare Job Placement
Risk to Business: 1.611=Severe
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused.
Individual Risk: 1.813=Severe
Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.
Customers Impacted: 300,000
How It Could Affect Your Customers’ Business This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.
ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
MonoX
https://www.hackread.com/hackers-steal-badger-defi-monox/
Exploit: Hacking
MonoX: Cryptocurrency Finance
Risk to Business: 1.318=Extreme
The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business In an ultra-competitive sector like crypto, customers will be watching every move a company makes, especially if it could potentially cost them money.
ID Agent to the Rescue: Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>>
DNA Diagnostics Center
Exploit: Ransomware
DNA Diagnostics Center: Healthcare Services
Risk to Business: 1.819= Severe
DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.
Individual Risk 1.617= Severe
The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.
Customers Impacted: 2,102,436
How it Could Affect Your Customers’ Business Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.
ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>>
Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>
United Kingdom – BitMart
https://portswigger.net/daily-swig/crypto-exchange-bitmart-reports-150-million-theft-following-hack
Exploit: Hacking
BitMart: Cryptocurrency Exchange
Risk to Business: 1.212= Extreme
Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.
ID Agent to the Rescue The Security Awareness Champion’s Guide gamifies risks to make them memorable to encourage employee caution around security risks. GET THIS BOOK>>
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
Japan – Panasonic
https://www.securitymagazine.com/articles/96615-panasonic-discloses-data-breach
Exploit: Hacking
Panasonic: Electronics Manufacturer
Risk to Business: 1.919 = Severe
Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Large companies are treasure troves for data-hungry cybercriminals looking for a quick, low-risk score to turn over for fast profit.
ID Agent to the Rescue What cyber threats are your clients facing in 2022? Learn what you should have on your radar from cybercrime expert Rachel Wilson to get the jump on the bad guys! WATCH NOW>>
Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>
Australia – CS Energy
https://www.itpro.co.uk/security/ransomware/361687/cs-energy-ransomware-attack
Exploit: Ransomware
CS Energy: Energy Company
Risk to Business: 1.723 = Severe
CS Energy confirmed it experienced a ransomware attack on November 27. The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Utility companies and other critical infrastructure businesses are tempting targets for cybercriminals because their essential nature makes the owners more likely to pay a ransom.
ID Agent to the Rescue Learn 4 highly effective ways to protect your clients from ransomware now and set them up for future defensive success in one fun, educational webinar! WATCH NOW>>
Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Cyberattacks on Healthcare Targets Create a Public Health Risk
- Do a Security Checkup for National Computer Security Day!
- Holiday Shopping Scams Can Damage Business Security
- Cyber Insurance May Not Cover That Incident
- The Week in Breach News: 11/24/21 – 11/30/21
Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>>
See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>
These Gifts to Yourself Will Help You Make More Money in 2022
Is more MRR on your wish list this holiday season? ID Agent is here to fulfill your wish with three new resource bundles that will help you build your security business.
Intro to Cybersecurity Bundle – Refresh your knowledge of the basics and find new data that will start profitable security conversations! GET THIS BUNDLE>>
Deep Dive into Cybersecurity Bundle – Learn more about the risks your clients face and actionable strategies to beat them. GET THIS BUNDLE >>
Deep Dive into Ransomware Bundle – Develop your expertise in securing your clients from today’s nastiest threat. GET THIS BUNDLE >>
Empower Your Clients to Spot & Stop Insider Threats
The infographic 5 Red Flags That Point to a Malicious Insider at Work details 5 things to watch for that can expose malicious insiders. DOWNLOAD IT NOW>>
The Building a Strong Security Culture Checklist helps clients find security flaws that you can help fix! DOWNLOAD IT NOW>>
Did You Miss… The Computer Security To-Do List can show your clients how to do their part in preventing cyberattacks. DOWNLOAD IT >>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
Ransomware Risk is Influenced By Business Technology Choices
What MSPs and Their Clients Are Doing to Reduce Risk
As 2021 draws to a close, everyone’s attention turns to getting ready to face the threats ahead in 2022. But a big part of making sure that you and your clients are ready for what’s sure to be another tumultuous year in cybersecurity is understanding what drove some of 2021’s biggest cybersecurity trends. A new study that looks at the relationships that MSPs and their clients have with ransomware can provide valuable insight into how the fight against ransomware is shaping up for you and your clients in 2022.
Unitrends MSP surveyed more than 200 IT professionals from MSP organizations worldwide for its 2021 State of Ransomware Survey Report. In this study, researchers took a deep dive into the fundamentals of how ransomware impacted MSPs and their clients. They also broke down exactly which operating systems and SaaS applications the bad guys preferred when choosing their targets for ransomware operations. Another branch of study for this report included a look at MSP and customer attitudes toward ransomware readiness as well as the consequences businesses may face in the aftermath. In addition, researchers explored MSP and MSSP relationships, why security measures may fail and securing backup and recovery assets.
Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>
Ransomware Attacks Plague MSPs & Their Clients
The study’s findings illuminate the impact that ransomware has had on business IT for both businesses and MSPs – and that impact has been extensive. Their research shows that a majority of MSPs have gone through the pain of a ransomware attack with their customers. Only 4.59% of the MSPs surveyed said that they haven’t had any clients affected by ransomware. Things get a little murkier when taking a look at why those clients fell victim to ransomware though. Of course, human error tops the list of reasons why a ransomware attack succeeded against its target. Respondents identified human activity, such as falling for phishing and lack of security awareness, as the leading cause of malware attacks, at the root of more than 50% of ransomware incidents. But surprisingly, 18% of ransomware incidents could be chalked up to corporate IT woes.
The Leading Causes of Ransomware Infections
Phishing 23%
Lack of Security Awareness 22%
Lost/Stolen Credentials 13%
Malicious Websites 12%
Lack of IT Budget 10%
Lack of Executive Buy-in 8%
Misconfigured Firewall 6%
Insider Threat 5%
Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>
MSPs & Clients Differ on Concern About Ransomware Threats
For the most part, MSPs and their clients are closely aligned on their attitudes toward ransomware as a security concern. The biggest surprise was the 1.73% of MSPs that stated they are not concerned at all about the threat of ransomware for their clients. Researchers noted that the unconcerned MSPs also indicated they are confident in their ability to recover from an attack because many have already helped their clients do so first-hand. That increased confidence due to successful recovery has in part alleviated their concerns over the threat. However, MSPs and their clients were almost universally worried about the possibility of a ransomware attack.
Levels of Concern About Ransomware
MSPs Clients
Very Concerned 43% 25%
Concerned 36% 49%
Somewhat Concerned 20% 21%
Not Concerned 1% 2%
Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>
MSPs See Ransomware Risk Growing
Attitudes toward the growth of ransomware as a risk are similar. No business is too small to be interesting to cybercriminals, putting every business at risk of a ransomware attack. In the last 12 months, 50% of ransomware attacks worldwide have nailed SMBs, and 55% of all ransomware attacks hit businesses with fewer than 100 employees. Companies that store and handle a great deal of valuable data have been squarely in cybercriminals’ sights as the value of that data soars. The number of breaches that involve ransomware has doubled in 2021 when compared to 2020. Those circumstances should have alarm bells ringing for IT professionals in every industry, and that’s borne out by the data in this survey.
In the Last 24 Months, Ransomware Has…
Become a significant risk 89%
Stayed the same 5%
Diminished 2%
Not Sure 5%
90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>
Only 50% of Clients Are Ready for Trouble
Unfortunately, no matter how much MSPs try to raise awareness about potentially devastating threats like ransomware, many businesses fail to take those threats seriously until they’re knocking on the door. An analysis of non-tech business leaders’ attitudes toward cybersecurity on IBM’s Security Intelligence blog revealed the disturbing fact that that 60% of SMB owners feel that they will not face any kind of cybersecurity incidents. At the enterprise level, an equally astonishing more than 65% of senior-level decision-makers said they didn’t believe the businesses for which they’re responsible would ever fall victim to a cyberattack. Those troubling conclusions also appear in the Unitrends survey. The majority of surveyed MSPs reported that their clients are only somewhat prepared or not prepared at all to face a ransomware attack.
Levels of Client Preparedness for a Ransomware Attack
Somewhat Prepared 50%
Mostly Prepared 37%
Extremely Prepared 7%
Not Prepared 7%
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
What Operating Systems Are Ransomware Gangs Targeting?
Knowing what ransomware gangs are looking for as likely weak spots when they choose their targets is very important. Surprisingly, roughly half of the ransomware operators analyzed in a recent study of dark web forum posts were clear about their disinterest in pursuing ransomware attacks targets in the government, healthcare or education sectors. Other factors including how high the target’s profile is, the risk that the operation poses to a gang’s continued operation and the odds that an organization will just pay the ransom are important modifiers in determining an individual business or industry’s ransomware risk.
This study shows that the operating system that a business relies on also impacts their likelihood of becoming a target of a ransomware attack. Cybercriminals clearly have preferences about which OS they prefer to deal with, and that factor may have a significant impact on a company’s ransomware prospects. As of 2020, the CVE database listed more than 660 “dangerous” security gaps were attributed to Windows operating systems, with 357 of these vulnerabilities relating to Windows 10.5 Beyond backdoors found in the OS, users may be at increased risk due to the transition to remote work, with the potential for threat actors to attack security vulnerabilities through connected devices. Being the world’s most popular operating system has left a target on the proverbial backs of Windows systems, with Windows machines ending up as the target of 83% of malware attacks during the pandemic.
Operating Systems Targeted by Ransomware
Windows 10 41%
Windows Server 37%
Android 9%
MacOS 5%
Linux 4%
Apple IOS 3%
None 2%
See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>
SaaS Isn’t Safer
SaaS applications weren’t safe from ransomware gangs either. Unitrends researchers reported that almost three-quarters of all survey respondents said that their clients’ SaaS applications have come under attack. Bad actors know that SaaS applications serve as important document stores that are loaded with potentially valuable data like PI, financial information, medical records and other profitable commodities in the busy dark web data markets.
SaaS Applications Targeted by Ransomware
Microsoft 365 41%
None 27%
Other 19%
Google Workspace 11%
Dropbox 8%
Salesforce 5%
We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>
The Future of Ransomware
Ransomware has experienced rapid growth as a risk that MSPs see their clients facing, and that risk keeps on rising. Researchers determined that 89.02% of the MSPs that they surveyed feel that ransomware has become a majorly significant risk for their clients in the last 24 months. When looking at the future of ransomware, it’s also clear that for better or worse, MSPs overwhelmingly expect ransomware to be a continuing risk for their clients in 2022. The vast majority of survey respondents, about 84.12%, also anticipate that the rate of ransomware attacks that their clients face will stay the same or get even worse over the next year. Conversely, less than 2% of respondents believe the threat of ransomware has diminished and only 4.71% anticipate the threat of ransomware will diminish at all over the next 12 months.
The State of Ransomware in 2022
Worsen 66%
Stay The Same 18%
Not Sure 11%
Diminish 5%
Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>
MSPs + ID Agent = A Strong Partnership Against Cybercrime
ID Agent is a partner that MSPs can rely on when looking at ways to reduce the risk that their clients face from cybercrime like ransomware. Our solutions help you feel confident that you can secure your clients against the next generation of cyber threats while our partnership benefits help you build your business and grow your MRR.
The award-winning solutions in our digital risk protection platform provide strong security and an excellent value for both you and your clients. A partnership with ID Agent enables you to access Kaseya Powered Services, featuring best-in-class marketing and sales support including:
- Sales coaching to help you overcome objections and close more deals
- A new complete multichannel security sales campaign every month that’s just waiting for your personalization and logo to launch
- Monthly live interactive sales and marketing workshops on topics like maximizing LinkedIn, website SEO, delivering winning webinars and more!
Many of our new partners realize ROI in 30 days or less! Let us show you why over 4,000 MSPs in 30+ countries are using ID Agent. BOOK A DEMO>>
Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>
Dec 08-09: CharTech Academy REGISTER NOW>>
Dec 08 – 10: Robin Robins Rapid Implementation Workshop REGISTER NOW>>
Dec 09: How Security Awareness Training Protects Your Employees & Hardens Your Cyber Defenses REGISTER NOW>>
Dec 09: Nano Session #3: How to Sell More Security Solutions to Your Clients (EMEA) REGISTER NOW>>
Dec 13: Christmas Phish and Chips (DACH Edition) REGISTER NOW>>
Dec 14: The Road to Prosperity: Strategies to Help Drive to Success in 2022 REGISTER NOW>>
Dec 16: Christmas Phish and Chips (EMEA Edition) REGISTER NOW>>
Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>
2022 Will Be a Banner Year for Ransomware. Are You Ready?
Ransomware has been top-of-mind for business owners and security professionals as they struggle to keep their organizations a step ahead of cybercrime and a new survey says that trend looks set to continue into 2022.
In the Unitrends 2021 State of Ransomware Survey Report, researchers determined that 89.02% of the IT professionals that they surveyed felt that ransomware has become a majorly significant risk in the last 24 months. A further 84.12%, also anticipate that the rate of ransomware attacks will stay the same or get even worse over the next year.
That means that every company needs to be on top of reducing its cyber risk. One effective way to do that is through increased security awareness training with a solution like BullPhish ID. Companies that engage in regular cybersecurity awareness training have up to 70% fewer security incidents – and that’s a welcome relief when it seems like a cyberattack is waiting around every corner.
Do you have comments? Requests? News tips? Compliments? Complaints 9or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!