The Week in Breach News: 12/28/22 – 1/03/23
This week we’re exploring two interesting twists that have cropped up in recent ransomware attacks, another expensive crypto breach and 7 cybersecurity new year’s resolutions.
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
The Housing Authority of the City of Los Angeles (HACLA)
https://therecord.media/los-angeles-housing-authority-says-cyberattack-disrupting-systems/
Exploit: Ransomware
The Housing Authority of the City of Los Angeles (HACLA): Municipal Government Agency
Risk to Business: 2.176 = Severe
The Housing Authority of the City of Los Angeles (HACLA) has been hit by a cyberattack that is impacting its data security. HACLA appeared on the dark web leak site operated by the LockBit ransomware group last week. Reports say that on December 31, 2022, the LockBit ransomware group claimed that it had stolen 15 TB of data. The group also gave HACLA a deadline of January 12, 2023, to pay an undisclosed ransom. No specifics were available at press time about exactly what types of data were stolen or who that data may have belonged to.
How It Could Affect Your Customers’ Business: This database could contain many kinds of privileged information and its loss will incur a heavy fine from data protection regulators.
ID Agent to the Rescue: Learn more about the security challenges that businesses face in the Kaseya Security Insights Report 2022. READ THE REPORT>>
Avem Health Partners
https://www.bankinfosecurity.com/hack-on-services-firms-vendor-affects-271000-patients-a-20755
Exploit: Supply Chain Attack
Avem Health Partners: IT Services Provider
Risk to Business: 1.201 = Extreme
Avem Health Partners has filed a data breach notification with the Maine’s attorney general’s office. Avem disclosed that patient information stored on servers of one of its vendors was subject to unauthorized access in an external hacking incident in May. Avem says that the breach was at a third-party data center the vendor in question used, 365 Data Centers. Further complicating the situation, that data center is disputing Avem’s version of events. An estimated 271,000 people had information exposed in this incident. Patient information that may have been impacted in this breach includes names, birthdates, Social Security numbers, driver’s license numbers, health insurance information and diagnosis/treatment information.
How It Could Affect Your Customers’ Business: Supply chain risk is a huge problem for businesses that will only keep growing in 2023.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Iowa Public Broadcasting Service
https://therecord.media/royal-ransomware-group-claims-it-attacked-iowa-pbs-station/
Exploit: Ransomware
Iowa Public Broadcasting Service: Television Station
Risk to Business: 1.821 = Severe
The Royal ransomware group has claimed responsibility for a successful ransomware attack on Iowa’s Public Broadcasting Station (PBS). The incident occurred on November 20, 2022. Iowa PBS said in a statement that the attack did not disrupt its ability to serve its viewers, and that all broadcast, livestream and digital platforms are still operational. However, local news outlets reported that the station had been forced to cut its annual fundraising drive short due to the cyberattack. It also appears that information was snatched by the gang. The station said that it sent out data breach notifications but has not specified who received them or what information was stolen.
How It Could Affect Your Customers’ Business: Media organizations have been experiencing an increased level of cyberattacks, especially ransomware.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what businesses will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Jakks Pacific
Exploit: Ransomware
Jakks Pacific: Toymaker
Risk to Business: 1.981 = Severe
California-based toy company Jakks Pacific has disclosed that it was the victim of a successful ransomware attack. The company said that its servers were encrypted on December 8, 2022. Oddly, two major ransomware groups have posted data purportedly stolen from Jakks Pacific on their sites, Hive and BlackCat. Hive posted information allegedly snatched from Jakks Pacific first on December 19, 2022. BlackCat followed them with a post on December 28, 2022. The gangs featured screenshots of the reportedly stolen information on their individual leak sites. Hive’s spokesperson told reporters that both gangs had purchased access to the data from an initial access broker, and they’d agreed to split the demanded $5 million ransom. The Hive representative also said that Jakks Pacific did not negotiate with the extortionists or pay the demanded ransom.
How It Could Affect Your Customers’ Business: The Manufacturing sector has experienced a plague of cyberattacks that are compounding supply chain woes.
ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
Hospital for Sick Children
https://www.cbc.ca/news/canada/toronto/sickkids-cyber-security-breach-1.6691980
Exploit: Ransomware
Hospital for Sick Children: Medical Center
Risk to Business: 2.843 = Moderate
Operations were snarled at Toronto’s Hospital for Sick Children after a ransomware attack by the Lockbit group struck the facility on December 18, 2022. However, in the wake of the attack, the Lockbit group announced that it had suspended the attack and given the hospital a decryptor for free because the attack on the hospital, conducted by one of its affiliates, violated the group’s policies. The group also apologized, saying in a statement that “the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program.”
How it Could Affect Your Customers’ Business: This is definitely an unusual situation as ransomware criminals aren’t known for being picky about their targets.
ID Agent to the Rescue: Identity and Access Management (IAM) helps stop attacks like this. Our Complete IAM Checklist helps you find the right solution for your needs. GET CHECKLIST>>
Canadian Copper Mountain Mining Corporation (CMMC)
Exploit: Ransomware
Canadian Copper Mountain Mining Corporation (CMMC): Mining Company
Risk to Business: 1.603 = Severe
British Columbia-based Canadian Copper Mountain Mining Corporation (CMMC) was the victim of a ransomware attack. The company was forced to suspend operations at its mill after the December 27, 2022, incident. CMMC was quick to assure the public that the incident did not compromise its safety measures or cause environmental damage. Bleeping Computer reported that a cybersecurity firm discovered compromised credentials belonging to a CMMC employee on a dark web site shortly before the attack.
How it Could Affect Your Customers’ Business: Ransomware gangs are especially likely to target businesses that can’t afford downtime in hopes of a fast payoff.
ID Agent to the Rescue: Security awareness training helps employees avoid ransomware traps. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>>
What’s next for MSPs? Find out in the Datto Global State of the MSP Report: Looking Ahead to 2023 DOWNLOAD IT>>
UK – The Guardian
https://www.infosecurity-magazine.com/news/ransomware-attack-guardian/
Exploit: Ransomware
The Guardian: News Organization
Risk to Business: 1.904 = Severe
Legendary UK newspaper The Guardian has fallen victim to a cyberattack. A spokesperson said that parts of the company’s technology infrastructure were impacted, including unspecified behind-the-scenes services, resulting in a temporary shutdown of the news organization’s offices worldwide. However, digital publishing operations continue normally, and staffers are working from home. No information was available about any ransom demanded or if any data was stolen in the attack.
How it Could Affect Your Customers’ Business: News organizations are time-sensitive, making ransomware attacks against them very attractive for bad actors looking for a quick payday.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Hong Kong – BTC Mining
https://heimdalsecurity.com/blog/cryptocurrency-exchange-btc-com-suffers-massive-cyber-attack/
Exploit: Hacking
BTC Mining: Cryptocurrency Mining
Risk to Business: 2.103 = Severe
The biggest cryptocurrency mining pool in the world has suffered a cyberattack that has resulted in an estimated $3 million in losses. The company said in a statement that it had experienced a cyberattack on December 3, 2022. As a result of that attack, some digital assets were stolen, including approximately US$700,000 in asset value owned by BTC.com’s clients, and approximately US$2.3 million in asset value owned by the company. The company also said that it has subsequently recovered an unspecified amount of company-owned assets. BTC maintains that its client fund services are unaffected and it is operating normally.
How it Could Affect Your Customers’ Business: Cryptocurrency and DeFi platforms have been hammered by cybercrime and need powerful security to steer clear of trouble.
ID Agent to the Rescue: Identity and access management (IAM) can stop a cyberattack and prevent a hacker from stealing data. See what features a winning solution provides. GET THE CHECKLIST>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- Watch Our MSP Security Roundtables & Product Update Webinar
- 6 Essential Resources for Strengthening Your Email Security in 2023
- 5 Must-See Security Reports to Make a Plan for Security Success
- Register Now for Connect IT Global & Other Must-Attend 2023 Events
- The Week in Breach News: Best of 2022
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
It’s Time to Explore the Benefits of Managed SOC
Cybersecurity is growing ever more complex and challenging for organizations of every size. With the growing sophistication of cyberattacks, traditional security solutions can be inefficient, making it problematic for them to handle advanced cyberthreats.
In our Managed Security Operations Center (SOC) product brief, we’ll show you the big benefits that businesses and MSPs can realize when they choose Managed SOC like:
- 24/7 expert threat monitoring
- White-labeled managed detection and response service for MSPs
- Detection and monitoring of advanced security threats for three critical attack vectors: endpoint, network and cloud.
These resources can help you get to know Managed SOC
- See the Managed SOC product brief to learn more about the features & benefits. DOWNLOAD IT>>
- Get more information about Managed SOC for businesses and MSPs. LEARN MORE>>
- Explore managed SOC in the webinar “Stop Attackers with Managed SOC” featuring Mike Puglia, General Manager of Security Products for Kaseya. WATCH WEBINAR>>
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
3 Essential Webinars to Kick Off 2023
These three webinars provide critical information about making sure you’re covering the right security bases.
Cyber Insurance: Market Changes and You
Go inside the changes in the cyber insurance market that businesses are likely to see in 2023 with experts to learn more about topics like compliance requirements. WATCH NOW>>
Is Your Email Security Up to the Test?
Our experts discuss six dangerous and common email security exploits that can devastate businesses with advice on mitigating risk. WATCH NOW>>
5 Ways Your SEG is Failing You
Watch this on-demand webinar and discover the five scary ways that your SEG is failing you, putting your business at serious risk. WATCH NOW>>
Did you miss… the infographic 10 Tips for Successful Employee Security Awareness Training? DOWNLOAD IT>>
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Make Smart Cybersecurity New Year’s Resolutions
These 7 Tips Can Help
The new year brings everyone the opportunity for a fresh start. That makes it the perfect time to resolve to improve your cybersecurity practices and for MSPs to help their clients improve theirs too. This list of seven New Year’s resolutions to make about cybersecurity can provide a good starting point for powering up a company’s defenses in 2023.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
7 Smart Cybersecurity New Year’s Resolutions
These seven good cybersecurity practices will help mitigate a company’s risk of a cyberattack and strengthen its security culture.
1. Conduct frequent phishing simulation exercises companywide
Phishing is the most likely launch point for most of today’s nastiest cyberattacks including ransomware, business email compromise (BEC) and account takeover (ATO). An estimated 90% of cyberattacks start with a phishing email. Make a commitment to conduct regular training to prepare employees for phishing. To make that training even more effective, customize the content in phishing simulations to reflect the actual threats that employees face daily.
Learn more in a blog post about the benefits of anti-phishing training. READ IT>>
2. Implement or improve a security awareness training program
Security awareness training is one of the primary pillars of building a strong defense for a business. It’s affordable and effective. Companies that run regular security awareness training are up to 70% less likely to have a security incident. In order to receive all of the benefits of security awareness training, companies need to make sure that they’re doing two essential things: training regularly and training everyone. Putting a security awareness training policy in place that outlines the company’s training expectations is a good start to making training work.
This infographic offers six tips for making a training policy. DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
3. Invest in IAM
Identity and access management (IAM) is essential for every organization. It offers defensive benefits including multifactor authentication (MFA) or two-factor authentication (2FA). This security measure alone can stop up to 99% of cyberattacks according to Microsoft. Plus, the access controls that are commonly available in IAM solutions are fast becoming requirements for compliance in many industries and under many geographic information privacy regulations.
This checklist can help when shopping for an IAM solution. GET CHECKLIST>>
4. Evaluate the benefits of a managed SOC
Cybersecurity is a factor that can make or break a company – 60% of companies that experience a successful cyberattack go out of business thanks to the immense damage a cyberattack can cause. However, getting the security personnel that a company or MSP needs into its IT department can be a challenge because of the massive cybersecurity skills shortage. Plus, investing in all of the tools that a company or MSP needs to adjudicate and handle security problems can be prohibitively expensive. Those dilemmas can be solved by choosing to utilize a managed security operations center. Managed SOC puts the expertise a company or an MSP needs to maximize security and quickly handle emergencies at their fingertips at all times without a major upfront investment or growing the payroll.
Learn more about the benefits of managed SOC in this product brief. DOWNLOAD IT>>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
5. Add dark web monitoring that includes privileged credentials
The last thing any business needs is an unpleasant surprise from the dark web. However, credential compromise is a serious problem for every business. Employees love to reuse and recycle passwords, including mixing the use of their favorite passwords between their business and personal lives. Dark web monitoring helps businesses and MSPs find compromised credentials in dark web markets, data dumps and other sources. It can also alert techs to trouble fast, giving a company or MSP the advantage to act before cybercriminals do. Look for a dark web monitoring solution that protects with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
This blog dives deeper into the benefits of dark web monitoring. READ THE BLOG>>
6. Improve email security
The most likely path for a cyberattack to take into a business is via email. Putting the strongest possible email security in place is a powerful way to protect a company from email-based cyberattacks like spear phishing or many types of malware. Unfortunately, too many companies are still relying on a secure email gateway (SEG) to give them that protection, and a SEG isn’t up to the test when it comes to today’s sophisticated email threats. Explore the benefits of other types of email security like AI-driven solutions that spot and stop 40% more dangerous messages than other types of email security
This blog offers a comparison chart between a SEG, native email security, and automated API security. READ THE BLOG>>
7. Make or test an incident response plan
When a cybersecurity emergency occurs, businesses need to be able to act fast to limit the damage and bounce back. Making and testing an incident response plan is critical to ensuring that a company can efficiently and effectively respond to a cybersecurity incident. Even if a company never uses their incident response plan, IBM researchers determined that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan. Plus, incident response planning can help organizations find and fix security gaps or weaknesses before the bad guys do. Now is the perfect time for MSPs to sit down with their clients and make a plan and for companies to create or test their incident response plan to ensure that it is ready for trouble.
Take a look at three bottom-line benefits of incident response planning in this blog. READ THE BLOG>>
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
The Right Solutions Make Keeping Business Safe Easier Instead of Harder
Our security solutions can help keep businesses out of trouble effectively and affordably.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
January 17: Kaseya + Datto Connect Local Tampa, FL REGISTER NOW>>
January 19: Kaseya + Datto Connect Local Los Angeles, CA REGISTER NOW>
January 23 – 25: Schnizzfest in Phoenix, AZ REGISTER NOW>>
January 25: Q1 Security Suite Product Update: BullPhish ID, Dark Web ID, Passly & Graphus REGISTER NOW>>
February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas, NV REGISTER NOW>>
SNEAK PREVIEW!
Mark your calendar now for these upcoming Kaseya + Datto live events, registration opens soon!
February 2: Kaseya + Datto Connect Local Orlando
February 14: Kaseya + Datto Connect Local Atlanta
February 16: Kaseya + Datto Connect Local Miami
February 23: Kaseya + Datto Connect Local Phoenix
February 28: Kaseya + Datto Connect Local New York
March 2: Kaseya + Datto Connect Local New Jersey
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh
March 9: Kaseya + Datto Connect Local Philadelphia
March 14: Kaseya + Datto Connect Local Chicago
March 16: Kaseya + Datto Connect Local Dallas
March 21: Kaseya + Datto Connect Local Washington D.C
March 23: Kaseya + Datto Connect Local Denver
March 28: Kaseya + Datto Connect Local Boston
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!