The Week in Breach News: 12/06/23 – 12/12/23
This week: A ransomware hit knocks out an Irish water utility for days, a Nissan data breach, seven new phishing resistance training kits in BullPhish ID and mitigating the biggest digital risk businesses face.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Austal USA
Exploit: Hacking
Austal USA: Shipbuilder
Risk to Business: 1.617 = Severe
A major shipbuilder that holds contracts with the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) has fallen victim to a ransomware attack. The cybercrime group Hunters International is claiming the hit on Austal USA, a subsidiary of the Australian shipbuilder Austal. The company reported that no personal or confidential data was compromised as a result of the incident. Hunters International has exposed some of the company’s proprietary data on its data leak site and claims to have more of that data including finance information, recruiting details, engineering data, certifications and compliance files. No ransom demand has been made public.
How It Could Affect Your Customers’ Business: Companies like this hold sensitive military technology data like schematics and other information about other operational technology.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Henry County Schools
https://therecord.media/schools-maine-indiana-georgia-ransomware
Exploit: Ransomware
Henry County Schools: School District
Risk to Business: 1.691 = Severe
Ransomware continues to be the bane of schools and school districts. Attacks hit school systems in several U.S. states including Maine, Indiana and Georgia. Henry County Schools, a Georgia school system, disclosed last week that it discovered suspicious activity impacting its network operations during the first week of November. School officials were quick to reassure the public that the hackers did not breach sensitive student and employee systems, contending that the hackers were only able to access a “file storage area containing mostly historical procedural documents.” The school system has since restored all systems and functions impacted by the cyberattack, which remains under investigation by law enforcement.
How It Could Affect Your Customers’ Business: The education sector is the top target for ransomware attacks, and schools need to plan their defenses accordingly.
Kaseya to the Rescue: Learn how Datto EDR with Ransomware Rollback helps organizations including schools recover from ransomware faster. REGISTER NOW>>
Greater Richmond Transit Company (GRTC)
https://therecord.media/central-va-transit-system-cyberattack
Exploit: Hacking
Greater Richmond Transit Company (GRTC): Public Transportation System
Risk to Business: 2.703 = Moderate
The Greater Richmond Transit Company (GRTC), the operator of public buses and specialized transportation services for the Richmond, Virginia area, said last week that it had been the victim of a cyberattack. The Thanksgiving weekend attack temporarily knocked out part of the transportation system’s network and impacted some services. An official said that those services have since been restored and schedules are back to normal.
How It Could Affect Your Customers’ Business: Critical infrastructure that is at risk for ransomware isn’t just limited to defense, utilities and manufacturers.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Norton Healthcare
https://www.cybersecuritydive.com/news/norton-healthcare-ransomware-attack/702140/
Exploit: Ransomware
Norton Healthcare: Health System
Risk to Business: 1.840 = Severe
Kentucky health system Norton Healthcare has filed a data breach notification with the Maine Attorney General’s Office disclosing that it experienced a data breach in May 2023 as the result of a ransomware attack. Norton Healthcare said that the intrusion was discovered on May 9. Norton Healthcare said that threat actors had access to some of its network storage devices between May 7 and 9, but its medical record system was not compromised. An investigation determined that an estimated 2.5 million people had data exposed in this incident including patients’ names, contact information, Social Security numbers, dates of birth, health and insurance information and medical ID numbers.
How It Could Affect Your Customers’ Business: Healthcare companies benefit from investing in powerful defensive solutions instead of chancing regulatory fines.
Kaseya to the Rescue: Learn more about the various types of ransomware and get tips to mitigate ransomware risk in Ransomware 101. DOWNLOAD IT>>
HTC Global Services
Exploit: Ransomware
HTC Global Services: Business Services
Risk to Business: 1.673 = Severe
The notorious ALPHV/BlackCat ransomware group claims to be behind a likely ransomware attack on business digital transformation service provider HTC Global Services. The gang leaked a sample of the data it purportedly stole to its dark web leak site including images of passports, contact lists, emails and confidential documents. Experts believe that the attack vector was a zero-day Citrix Bleed vulnerability that was discovered in October but may have been active as early as August 2023.
How it Could Affect Your Customers’ Business: The rapid digital evolution of the way that we do business means that cybercriminals will continue to find new zero-day exploits at a brisk pace.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
The City of Huber Heights, Ohio
https://www.govtech.com/security/extent-of-damage-in-huber-heights-cyber-attack-unknown
Exploit: Ransomware
The City of Huber Heights, Ohio: Municipal Government
Risk to Business: 1.736 = Severe
The city government of Huber Heights, Ohio says that it is still working to determine the extent of the damage from a cyberattack that started three weeks ago. The BlackSuit ransomware gang claims to be behind the hit. It says it has released a 129-GB file of the city’s data. The attack was initially discovered on November 12. All city agencies and services are fully operational; however, some are still operating on temporary devices while the city’s IT infrastructure is restored.
How it Could Affect Your Customers’ Business: Bad actors hit governments and government agencies frequently in the hope of getting paid fast if services are knocked out.
Kaseya to the Rescue: Every organization, even a government, needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Ireland – Binghamstown/Drum Water Scheme
https://westernpeople.ie/news/hackers-hit-erris-water-in-stance-over-israel_arid-4982.html
Exploit: Hacking (Hacktivism)
Binghamstown/Drum Water Scheme: Utility
Risk to Business: 1.239 = Extreme
180 homes and businesses in the area around Erris in northwestern Ireland were left without water for several days last week after a politically motivated cyberattack on their water distribution system. The bad actors said that the community’s water station was targeted because the equipment inside was made by Eurotronics, a company based in Israel that is a major supplier of water pumping technology. The water was restored last Friday night. Government officials are assisting in the investigation of the incident.
How it Could Affect Your Customers’ Business: A cyberattack can hit any target, big or small, at any time for a variety of reasons so it is best to be prepared for it.
Kaseya to the Rescue: Learning about the cyberattack trends and business cybersecurity challenges we followed in 2023 gives IT professionals a valuable edge against cybercrime in 2024. READ THE REPORT>>
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
Japan – Nissan
https://therecord.media/nissan-australia-new-zealand-cybsecurity-incident
Exploit: Hacking
Nissan: Carmaker
Risk to Business: 2.823 = Moderate
Nissan is warning its customers in Australia and New Zealand that their personal information may have been exposed as the result of a cyberattack on the carmaker. Nissan has not offered specifics about the likely stolen data, simply posting a warning on their regional website warning customers in Australia and New Zealand to be on guard for possible scams and phishing attempts. Nissan also said that it has notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre of the incident.
How it Could Affect Your Customers’ Business: Even basic personal information may have value to cybercriminals and identity thieves.
Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Presenting 7 new & updated phishing simulation kits!
We’ve just added seven new and updated phishing simulation kits in BullPhish ID. Run these now to keep users on their toes through the dangerous holiday season!
- OneDrive Document Invite
- SharePoint Remote Work Policy
- Office 365: Employee Benefits Package
- MyKaplan Special Offer
- PayPal: Fraudulent Activity
- Schedulicity – Important Message
- Staples: Invoice Request
Learn more about these new phishing simulation kits in the Release Notes!
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The Educator’s Guide to Cybersecurity
A successful cyberattack can wreak havoc on a K-12 school or school district. However, non-tech stakeholders like educators and faculty may not understand the importance of investing in cybersecurity. In The Educator’s Guide to Cybersecurity, we explain:
- Cyberattacks in easy-to-understand language
- Why cybersecurity matters for K-12 schools
- Steps schools and school districts can take to bolster their security
- MSPs: This is a great eBook to send to your education sector clients!
Did you miss…The 2023 edition of The Guide to Reducing Insider Risk? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
The Biggest Cybersecurity Threat That Businesses Face? Employees
Cybersecurity is a fast-paced and complex world that brings a variety of challenges to businesses. Many of those challenges have something in common: they’re caused by the people who work for the business. Even if they don’t intend to harm the organization, employees can do things to damage or subvert security carelessly like mishandling data or falling for a phishing trick. As detailed in our Kaseya Security Survey Report 2024, we saw one theme pop up again and again – the biggest cybersecurity challenge that businesses face today is people.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
4 of the top 5 challenges businesses face are directly people-related
When considering the IT security challenges that respondents anticipate encountering in the next year, no single challenge outstripped the rest of the pack. What is interesting is that four of the top five security management challenges our respondents selected are people-based challenges: human error (20%), IT and security skills (18%), insider risk (15%) and security awareness training (11%). An increase in security awareness training and strong security policies can mitigate some of these risks.
What do you anticipate will be your top security management challenge in the next 12 months?
Challenge | Response |
Human error | 20% |
IT and security skills | 18% |
Insider risk | 15% |
Budget | 13% |
Security awareness training | 11% |
Building a security culture | 9% |
Staffing | 6% |
Supply chain risk | 6% |
Other | 1% |
Source: Kaseya Cybersecurity Survey Report 2024
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Businesses face a wide array of cybersecurity issues
There is no clear leader in the list of cybersecurity issues that businesses have experienced. In fact, the top three challenges are nearly tied. Phishing tops the list of security issues that respondents have encountered (41%), followed closely by viruses (39%) and endpoint threats (39%). More than half of our respondents have also had to contend with a dangerous cyberattack like ransomware or business email compromise at some point (58%).
Which of the following cybersecurity issues have impacted your business?
Issue | Response |
Phishing messages | 41% |
Computer viruses | 39% |
Endpoint threats detected | 39% |
Personal information or credential theft | 34% |
Business email compromise (BEC) | 31% |
Ransomware | 27% |
Supply chain attack | 18% |
None | 4% |
Source: Kaseya Cybersecurity Survey Report 2024
In terms of challenges experienced in the past 12 months, the picture shifts a touch, with the top three issues the same but experienced slightly differently by our survey respondents.
Which of the following cybersecurity issues have impacted your business in the past 12 months?
Issue | Response |
Phishing messages | 37% |
Endpoint threats detected | 33% |
Computer viruses | 33% |
Personal information or credential theft | 29% |
Business email compromise (BEC) | 26% |
Ransomware | 24% |
Supply chain attack | 16% |
None | 7% |
Source: Kaseya Cybersecurity Survey Report 2024
Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>
Lack of training causes major headaches
Companies and security teams constantly grapple with an array of challenges that can be hard to pin down. When asked about the top three reasons behind their cybersecurity issues, lack of cybersecurity training was the top overall culprit. More than half of respondents (53%) reported that the lack of end-user or administrator training was a major reason behind their cybersecurity issues.
What are the top three root causes of your cybersecurity issues?
Issue | Response |
Lack of end-user cybersecurity training | 28% |
Lack of defense solutions (antivirus) | 28% |
Insufficient security support for different types of user devices | 26% |
Lack of administrator cybersecurity training | 25% |
Lack of executive buy-in for adopting security solutions | 22% |
Lack of funding for IT security solutions | 21% |
Lost or stolen employee credentials | 17% |
Poor user practices/gullibility | 15% |
Open Remote Desktop Protocol (RDP)access | 13% |
Outdated security patches | 13% |
Shadow IT | 11% |
Weak passwords or access management | 10% |
We have not experienced a cybersecurity incident | 7% |
Source: Kaseya Cybersecurity Survey Report 2024
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
Businesses & MSPs can solve people-related security problems easily and affordably
Security awareness training that includes phishing simulations is a powerful and cost-effective strategy for mitigating short-term and long-term digital risks. Employees can’t avoid data handling mistakes or recognize phishing scams that they don’t know about – and without training, they will unwittingly do things that negatively impact security. Security awareness training is an investment, but that investment is richly rewarded. These major security benefits are priceless.
- Companies that engage in regular security awareness training have 70% fewer security incidents.
- Security awareness training improves phishing awareness by an estimated 40%.
- A corporate data security training program saves businesses an average of $2.54 million in costs.
- Overall security-related risks are reduced by 70% when businesses invest in cybersecurity awareness training.
- 93% of employees said that well-planned employee training programs positively affect their level of engagement in security practices
Organizations that are in the market for an efficient and effective security awareness training solution with automated features that make administration easy should consider BullPhish ID. Security awareness training as well as phishing simulation with BullPhish ID is highly effective and affordable, making it an accessible security measure for a broad spectrum of organizations and enabling businesses of every size to fortify their defenses against the ever-evolving panoply of digital threats businesses face every day. LEARN MORE>>
Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Watch this space for exciting webinars and events in 2024 coming soon!
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!