The Week in Breach News: 12/07/22 – 12/13/22
This week: Hackers hit Sequoia One, a Chinese nation-state attack on Amnesty International, another breach at Telstra, learn about Managed SOC and read nine must-see cybersecurity predictions for 2023.
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
Sequoia
https://www.wired.com/story/sequoia-hr-data-breach/
Exploit: Hacking
Sequoia: Payroll & Benefits Management Company
Risk to Business: 2.176 = Severe
California-based major business services company Sequoia, known for their Sequoia One payroll services, has disclosed that they’d detected unauthorized access to one of the company’s cloud storage repositories containing an array of sensitive and personal data. The company says it occurred between September 22 and October 6. The company noted that investigators from Dell SecureWorks did not find evidence of malware in its network and did not find any compromised computers or servers in Sequoia’s infrastructure.
Individual Risk: 2.131 = Severe
Sequoia’s breached cloud system stored an array of sensitive personal data, including names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, and member IDs as well as any other ID cards, Covid-19 test results, and vaccine cards that individuals uploaded to the employment system.
How It Could Affect Your Customers’ Business: Business services companies, especially those that store large amounts of sensitive data, are tempting targets for cybercriminals
ID Agent to the Rescue: Security awareness training prevents employee mistakes. These 10 tips help you ensure that you and your clients are getting the most out of your training program. GET TIPS>>
Acuity Brands
https://www.securityweek.com/lighting-giant-acuity-brands-discloses-two-data-breaches
Exploit: Hacking
Acuity Brands: Lighting & Building Services
Risk to Business: 1.227 = Extreme
Acuity Brands has disclosed that it has had not just one but two previously unannounced data breaches in the last few years. The company says that it became aware of unauthorized access to its systems that resulted in data theft in early December 2021. While undertaking that investigation, Acuity also discovered that they’d had a separate, unrelated breach in October 2020, which also involved attempts to copy files from compromised systems. SecurityWeek said that they’ve found evidence that the 2021 attack may have been carried out by the notorious now-defunct Conti ransomware group. Acuity said that it had initially customers and partners about the breach in December 2021, and that this new notification is a follow-up for impacted employees. Employee data was accessed in both incidents. The company is likely facing a class-action lawsuit related to the incident in California.
Individual Risk: 1.207 = Extreme
In this incident, immigrants’ names, case status, detention locations, and other information was published on a page where ICE regularly publishes detention statistics.
How It Could Affect Your Customers’ Business: A cascade of damage can follow in the wake of a data breach, like expensive legal trouble.
ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>
The Metropolitan Opera
https://www.nytimes.com/2022/12/07/arts/met-opera-cyberattack-website.html/
Exploit: Hacking
The Metropolitan Opera: Arts Organization
Risk to Business: 1.981 = Severe
The Metropolitan Opera in New York City experienced a cyberattack that disrupted its ability to sell tickets. The company’s website and box office were affected. The New York Times reported an outage of 30 hours. However, that didn’t stop the show, with performances continuing as scheduled. There has been no announcement that this was a nation-state cyberattack, but the newspaper noted that The Met has been outspoken in its support for Ukraine throughout the Russia-Ukraine conflict, including parting ways with a leading Russian singer and hosting a benefit for Ukraine relief.
How It Could Affect Your Customers’ Business: Bad actors love to hit businesses that are impacted by a time crunch in the hope of scoring a big payday.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
The California Department of Finance
https://www.cyberscoop.com/lockbit-ransomware-california-department-of-finance/
Exploit: Ransomware
The California Department of Finance: Government Agency
Risk to Business: 1.981 = Severe
The LockBit 2.0 ransomware group says that it has snatched 76 gigabytes of data from the California Department of Finance. The agency has been added to the group’s leak site with a deadline of December 24 to pay the unspecified ransom. The group claims that it has stolen a wide variety of data including databases, confidential data, financial documents and court records, providing seven screenshots of the data as proof. The California Governor’s Office of Emergency Services did confirm that the California Cybersecurity Integration Center (Cal-CSIC) is actively investigating a cybersecurity incident at the agency but did not offer any further comment.
How It Could Affect Your Customers’ Business: Government agencies are ripe ransomware targets because they maintain huge stores of often sensitive data.
ID Agent to the Rescue: Give clients this infographic to help them see how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Amnesty International
https://www.securityweek.com/amnesty-international-canada-says-it-was-hacked-beijing
Exploit: Nation-State Cyberattack
Amnesty International: Non-Profit Organization
Risk to Business: 2.107 = Severe
The Canadian arm of the human rights organization Amnesty International said that it was recently the victim of a cyberattack sponsored by China. The organization said that it first detected the security breach on October 5. Officials said that said the searches that attackers made in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. Amnesty International disclosed that the hack left the organization offline for nearly three weeks.
How it Could Affect Your Customers’ Business: Nation-state cyberattacks are hitting organizations that you may not expect these days.
ID Agent to the Rescue: Have you covered all of the bases to protect your clients from nation-state cyberattacks? This checklist helps you make sure. GET CHECKLIST>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
France – Intersport
https://techmonitor.ai/technology/cybersecurity/intersport-cyberattack
Exploit: Ransomware
Intersport: Retailer
Risk to Business: 1.882 = Severe
French sports equipment company Intersport has fallen victim to a ransomware attack by the Hive cybercrime group. The group allegedly snatched data about Intersport’s customers in the Hauts-de-France region were primarily impacted, but some clients in other areas, including the central Île-de-France, were also at risk. Intersport has more than 700 outlets. Allegedly, the company was given an unusual same-day deadline to pay the extortionists.
How it Could Affect Your Customers’ Business: Tis the season for retailers to get hit by cyberattacks and cybercriminals snatch up valuable data.
ID Agent to the Rescue: Security awareness training helps employees avoid ransomware traps. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>>
Belgium – The City of Antwerp
Exploit: Ransomware
The City of Antwerp: Municipal Government
Risk to Business: 1.904 = Severe
The city of Antwerp, Belgium, suffered a disruption to many public services after bad actors obtained access to its network through a cyberattack on its digital provider Digipolis. Phone and email systems were widely disrupted at city agencies. Schools, daycares, senior care, health services and other city services were impacted. The city’s police also experienced outages. Antwerp’s mayor said that the impact could last until the end of December. the Play ransomware group has claimed responsibility for the attack.
How it Could Affect Your Customers’ Business: Bad actors have been having a field day hitting small and large local government entities worldwide.
ID Agent to the Rescue: Learn more about how to defend businesses from ransomware with the resources in our Deep Dive into Ransomware bundle! GET BUNDLE>>
Australia – Telstra
https://www.bankinfosecurity.com/australian-telecom-firm-leaks-data-130000-customers-a-20681
Exploit: Misconfiguration
Telstra: Telecommunications Company
Risk to Business: 2.103 = Severe
Another breach at telecom Telstra has left the information of over 130,000 customers whose details were supposed to be unlisted exposed. The company pointed to a “misalignment of databases” as the cause behind the incident, which made the name, address and phone numbers of customers who had requested to be unlisted available via Directory Assistance or the White Pages. Telstra says that it has partnered with IDCARE to develop a response plan and offer affected individuals support. Telstra also suffered a security breach in October that exposed the personal data of an estimated 30,000 past and present Telstra employees days after the massive Optus incident.
How it Could Affect Your Customers’ Business: One breach is bad enough, but two blunders so close together is going to be very disheartening to consumers.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- Cyberattack Readiness is Down Sharply Says Insurer
- Why Do Ransomware Attacks Skyrocket During the Winter Holiday Season?
- Beware of These Email-Based Holiday Risks to Consumers & Retailers
- 7 Answers to Burning Questions About the State of the MSP
- The Week in Breach News: 11/30/22 – 12/06/22
SPECIAL FEATURE
Get tips on incident response and insight into future cybersecurity challenges that MSPs and SMBs will face in 2023 from Jason Manar, Chief Information Security Officer (CISO) for Kaseya.
READ KASEYA BLOG POST>>
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
Get Expert Help Detecting and Mitigating Threats with Managed SOC 24×7 Threat Monitoring
With the growing sophistication of cyberattacks, traditional security solutions are inefficient to handle advanced cyberthreats that have accelerated in recent years. You need expert help to mitigate sophisticated cyberattacks before they can wreak havoc – but it needs to be affordable. You need Kaseya’s world-class Managed SOC.
Managed SOC (security operation center) is a white labeled managed service that leverages our Threat Monitoring Platform to detect malicious and suspicious activity across three critical attack vectors: Endpoint | Network | Cloud. Our elite team of security veterans hunt, triage and work with your team when actionable threats are discovered including:
- Continuous Monitoring – Around the clock protection with real-time threat detection
- World Class Security Stack – 100% purpose-built platform backed by over 50 years of security experience
- Breach Detection – The most advanced detection with to catch attacks that evade traditional defenses
- Threat Hunting – Elite security team proactively hunt for malicious activity
- No Hardware Required – Patent pending cloud-based technology eliminates the need for on-prem hardware
Watch the on-demand webinar “Stop Attackers with Managed SOC” featuring Mike Puglia, General Manager of Security Products for Kaseya. WATCH WEBINAR>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
3 Infographics to Help Your Clients Start 2023 Strong
These three infographics can help your clients start 2023 on the best cybersecurity footing.
Make Smart Cybersecurity New Year’s Resolutions – While we’re all making New Year’s resolutions about diet and exercise, it’s also the perfect time to help your clients reboot their cybersecurity practices! This infographic helps businesses kick off 2023 right. GET INFOGRAPHIC>>
Security Awareness Training: How it Prevents the Biggest SMB Security Threats – Security awareness training and phishing simulations are a critical part of maintaining strong security. This infographic shows your clients how security awareness training pays off for them. GET INFOGRAPHIC>>
6 Tips for Creating a Security Awareness Training Policy – Help your customers strengthen their security awareness training programs and build a strong security culture with these tips. GET INFOGRAPHIC>>
Did you miss…12 Days of Tips to Help Businesses Reduce Holiday Cyber Risk? DOWNLOAD IT>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
9 Must-See 2023 Predictions from Cybersecurity Experts
Use this insight to prepare for 2023’s security challenges!
As this year draws to a close, everyone is looking ahead to the challenges that they might face in 2023 and making plans to overcome them, especially cybersecurity professionals. Every year brings a new wave of cyberattacks as bad actors evolve their schemes to circumvent security measures and trick users. This look at what some security experts see as possible future problems for business cybersecurity can offer insight that you’ll benefit from when making 2023 cybersecurity plans.
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
We predict continued cybersecurity pressure for businesses & IT pros
We surveyed 675 IT professionals from around the world about their IT needs and perspectives for the Kaseya Security Insights Report 2022, gaining insight into their biggest concerns.
Security pressure on businesses and their IT teams won’t relent
About half of the businesses that we surveyed told our researchers that they have been the victim of a successful cyberattack or security breach (49%). For one in five of our survey respondents, that successful cyberattack or security breach occurred in the past 12 months. That’s a powerful illustration of the security pressure that businesses and IT professionals are under in today’s turbulent cybersecurity landscape – pressure we expect will continue to grow in 2023. It will be beneficial for security professionals to partner with a managed detection and response service through a managed security operations center (SOC).
Mitigating phishing risk will continue to be paramount for businesses
Over half of the survey respondents pointed to general phishing as their biggest security concern (55%). That squares with the current threat landscape where the nastiest cyberattacks like business email compromise tend to be phishing based. Ransomware, also often a phishing-based cyberattack, came in second place, with nearly one-quarter of our respondents naming it as their biggest security concern (23%). Overall, that tells us that 78% of IT professionals are extremely concerned with phishing risk. Strengthening email security by putting extra protection in place with an antiphishing solution in addition to the onboard security in Microsoft 365 or Google Workspace can go a long way toward mitigating phishing risk. However, only about half of businesses are doing that. MSPs have room to maneuver here.
Companies aren’t ready to face the consequences of a ransomware attack
In today’s volatile security landscape, businesses need to be prepared for trouble at any moment. Unfortunately, far too many businesses aren’t. Almost two-thirds of our survey respondents said they believe their organization would incur expensive downtime and suffer data loss if they fell victim to a ransomware attack (63%). For another 4%, the consequences would be even more dire – these respondents indicated that they’d “be in big trouble” if faced with a ransomware attack. Businesses must engage in incident response planning and prepare for the worst before it happens, including investing in solutions like SaaS/cloud backup and business continuity and disaster recovery (BCDR).
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Forbes Magazine predicts several trends will continue
Forbes Magazine has released its list of the top cybersecurity trends their experts are anticipating for 2023. Those predictions include:
Regulations may help solve some Internet of Things challenges
The general thinking here is that the more connected Internet of Things (IOT) devices someone has, the more avenues that offers attackers to strike. Gartner analysts predict that there will be 43 billion IoT-connected devices in the world in 2023. That’s a lot of possible attack vectors to exploit. A number of government initiatives around the world are expected to come into effect in 2023 that are designed to increase security around connected devices and the cloud systems and networks that tie them all together. In the U.S. that will take the form of stern warnings on IoT devices to inform users about the risk they present to security.
Artificial intelligence (AI) will steadily increase in prominence in cybersecurity
It’s no secret that AI has been transformative in the cybersecurity space. These technologies help companies solve major security problems, from adjudicating phishing messages to reducing It team workloads. Forbes predicts that this trend will continue, citing the tremendous savings that automation and AI enablement provides in the case of a data breach as one attraction of AI security. However, they also caution that the bad guys are also making use of AI to mount sophisticated attacks and even create deepfakes.
Strengthening a company’s security culture will continue to be important
A strong security culture, underpinned by regular security awareness training, is a powerful weapon against security incidents and cyberattacks. It reduces employee blunders, encourages regulatory compliance, and builds a foundation for avoiding future security pitfalls. In fact, companies that engage in regular training have up to 70% fewer incidents than companies that don’t train. Forbes says that “the most important step that can be taken at any organization is to ensure that it is working towards initiating and fostering a culture of awareness around cybersecurity issues.” Teaching employees to resist phishing doesn’t require teaching them any advanced technical skills. Getting everyone onboard with identity and access management controls like two-factor authentication and safe password habits is also critical for every employee.
Gartner analysts predict evolution in cyberattacks & defensive technology
In a recent article in Venture Beat, analysts at Gartner laid out some predictions for cybersecurity trends that they expect in 2023 including:
Supply chain risk and nation-state activity will be big topics
Analysts predict that supply chain risk will continue to be a problem for businesses. Adding another wrinkle, nation-state cybercrime may have some overlap with the supply chain attack problem. Experts point to an increased risk for malware, data theft and cloud infrastructure attacks for enterprises among other risks that can be categorized as resulting from continuing geopolitical cyber jockeying. Deploying access controls is suggested as a smart step to take for businesses that want to be ready for this kind of trouble.
Human-operated ransomware may haunt businesses
While the bad guys have been making strides with adding automation and AI to their cybercrime toolkit, the re-emergence of a more old-school cyberattack technique may also be just around the corner. Human-controlled cyberattacks like ransomware look set to cause problems and bad actors look for ways to circumvent increasingly tough security measures. Analysts advise that security teams need to be prepared to adapt their strategies to this scenario quickly. Bolstering security using solutions like endpoint detection and response (EDR) may help mitigate this risk.
Security automation will continue to grow in prominence
Just like AI, security automation is also continuing to grow in importance and value. Companies can turn to automation to alleviate the cybersecurity skills shortage and maximize their IT team’s productivity without making a huge upfront investment, an especially appealing prospect in an uncertain economy. While experts predict that the shift from generalized to more specialized security automation uses like EDR and Security Incident Event Management (SIEM) will continue, they also warn businesses to be selective about ensuring that they’re really making security improvements that they’re prepared to leverage when investing in new automated technology.
Make sure cybercriminals don’t give you the unwelcome gift of a cyberattack with these 12 tips to reduce holiday risk. GET TIPS>>
Taking action now prevents regret later
This is the perfect time for businesses to reboot their cybersecurity practices and put strong protections in place against a cyberattack. Our security solutions can help keep businesses out of trouble effectively and affordably.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
Don’t Miss the RocketCyber (Managed SOC) Product Update
Friday, December 16 at 10am AEDT and Monday, December 19 at 2pm ET | 11am PT, Monday, December 19 at 10am ET | 3pm GMT
Join Mike Puglia, General Manager of Security Products for Kaseya to learn about RocketCyber’s recent updates, exciting new features and enhancements coming soon, as well as insight into the product roadmap. During the session we’ll have a robust Q&A and also cover:
- An overview of recently released updates
- New features coming soon
- Insight into the product roadmap
- New integrations with 3rd party products and IT Complete
December 18: Connect IT Local – Washington DC REGISTER NOW>>
January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>
April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!