The Week in Breach News: Best of 2022
Welcome to our annual “Best of” edition of The Week in Breach. We’ll review some of our top stories of 2022 plus essential resources, upcoming events and product news you can use to make all the right security moves in 2023.
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
12 Breaches That Focus on 2022’s Top Cybersecurity Topics
These 12 stories are great examples of major security trends in 2022 with a few wild security tales that you won’t want to miss!
Focus on: Supply Chain Risk
United States – FinalSite
Exploit: Ransomware
FinalSite: Education Technology Provider
Risk to Business: 1.227=Extreme
School website services provider FinalSite has suffered a ransomware attack that disrupted access to websites for thousands of schools worldwide. FinalSite provides solutions for over 8,000 K – 12 schools and universities in 115 countries. School districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors. Bleeping Computer reports that in addition to the website outages the attack prevented schools from sending closure notifications due to weather or COVID-19. FinalSite says that approximately 5,000 school websites went offline as a result of the ransomware attack and no data was stolen. An investigation is ongoing.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
ID Agent to the Rescue: Learn more about how ransomware is evolving and get tips for protecting your clients in 2022 in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Focus on: DeFi
United Kingdom – Qubit Finance
https://therecord.media/qubit-finance-platform-hacked-for-80-million-worth-of-cryptocurrency/
Exploit: Hacking
Qubit Finance: De Fi Platform
Risk to Business: 1.204= Extreme
A threat actor has stolen approximately $80 million from Qubit Finance after exploiting a flaw in the De Fi platform. Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet on January 27, 2022. The hacker used a vulnerability in one of its Ethereum blockchain contracts to do the deed. The company has issued a public plea for the threat actor to return the stolen funds, asking them to get in contact with its team to “disclose the bug and receive a bounty reward”. This is sometimes used as a means of circumventing legal trouble for paying a ransom.
Individual Impact: No information about exposed customer personal or financial data was available at press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business DeFi has been buried under an avalanche of cybercrime lately and there doesn’t appear to be an end in sight.
ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>>
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Focus on: Nation-State Cyberattacks
Ukraine – Viasat
https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/
Exploit: Nation-State Cyberattack
Viasat: Internet Service Provider
Risk to Business: 1.661=Severe
An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.
ID Agent to the Rescue Ransomware is the preferred tool of nation-state cybercrime. Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>
Focus on: Government Agency Cyberattacks
Costa Rica – The Government of Costa Rica
Exploit: Ransomware
The Government of Costa Rica: National Government
Risk to Business: 1.271 = Extreme
The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.
ID Agent to the Rescue See the mechanics of ransomware, plus get tips and expert advice to guide you through securing your clients effectively in Ransomware 101. READ IT>>
Help your clients make sure they’ve got their identity & access management bases covered. GET CHECKLIST>>
Focus on: An Outrageous Response to a Ransom Demand
Zambia – National Bank of Zambia
Exploit: Ransomware
National Bank of Zambia: Banking & Financial Services
Risk to Business: 1.917 = Severe
A cyberattack at the National Bank of Zambia has played out with a bizarre twist. After experiencing a ransomware attack by the Hive ransomware outfit that purportedly encrypted the bank’s Network Attached Storage (NAS) device, officials responded to the cybercriminals’ ransom demands with a refusal to pay. Bloomberg reports that the refusal was accompanied by images of male genitalia and a message referencing a common NSFW insult about what the bad guys could do with their demands. In a statement, the bank said that it had experienced an incident that impacted some systems such as the Bureau De Change Monitoring System and the bank’s website.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Organizations in the Banking & Finance sector suffered the most cyberattacks in 2021, and pressure isn’t letting up.
ID Agent to the Rescue Go behind the scenes to learn more about ransomware and how to defend against it (plus who profits from it) in our eBook Ransomware Exposed. GET EBOOK>>
Focus on: Industrial Cyberattacks
Mexico – Foxconn
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Exploit: Ransomware
Foxconn: Electronics Manufacturing
Risk to Business: 1.349 = Extreme
A major factory for Foxconn located in Tiajuana, Mexico near the California border was hit by a ransomware attack in late May that resulted in a shutdown. The plant specializes in the production of medical devices, consumer electronics and industrial operations. The operators of LockBit have claimed responsibility for the attack.
How It Could Affect Your Customers’ Business: Manufacturers have been popular targets for cybercriminals, ranking number one for ransomware attacks in 2021.
ID Agent to the Rescue: Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with The Cybersecurity Monster Hunter’s Checklist! GET IT>>
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Focus on: Shoddy Maintenance
Japan – Handa Hospital
https://www.asahi.com/ajw/articles/14640348
Exploit: Ransomware
Handa Hospital: Medical Center
Risk to Business: 1.780 = Severe
Handa Hospital in Tsurugi, Tokushima Prefecture, Japan has announced that it has been the victim of a ransomware attack. Investigators say that the October 2021 cyberattack occurred after a company that was involved in providing an electronic medical record system for the hospital had disabled anti-virus software on the hospital’s computers. Investigators laid out the chain of events and it is a lesson in security woes. Before the cyberattack occurred, the service provider configured the Windows settings of about 200 computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates because they made the electronic medical record system unstable. Investigators also determined that other circumstances contributed to the problem. Windows was never updated on the computers at the hospital and the hospitals’ VPN had never been updated. The investigation ultimately determined that the cybercriminals exploited defects in the hospital’s VPN device and made an unauthorized intrusion to have the ransomware infect the hospital’s system.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business This is a great illustration of the unfortunate sequence of events that can lead to disaster.
ID Agent to the Rescue See the story of phishing, dark web credential compromise and cyberattack risk today and how it impacts your tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Focus on: Insider Risk No One Sees Coming
Japan – The City of Amagasaki
https://www.theregister.com/2022/06/27/security_in_brief/
Exploit: Insider Threat (Employee Mistake)
Amagasaki: Municipal Government
Risk to Business: 1.772 = Severe
In this week’s most interesting breach tale, the city of Amagasaki, Japan has found itself embroiled in a data breach thanks to the actions of one careless worker. A contractor who was working for this city to disburse pandemic subsidies took a USB drive containing numerous city records out of the office. But rather than heading straight home, the worker decided to go out on the town. That resulted in the worker passing out in the street and losing the bag containing the USB and all that city data.
Individual Risk: 1.613 = Severe
The USB contained names, birth dates, addresses, tax details, banking information and social security records for city residents.
How it Could Affect Your Customers’ Business Data stored on physical devices is data that can be more easily misplaced or lost with careless handling.
ID Agent to the Rescue Get tips and helpful data to start conversations about ways to mitigate insider risk with your clients in our Guide to Reducing Insider Risk. DOWNLOAD IT>>
Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>
Focus on: Massive Ransomware Hits
Australia – Optus
Exploit: Ransomware
Optus: Telecom
Risk to Business: 1.102 = Extreme
Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the largest data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack and initially posted a ransom demand of $1.5 million as well as the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.
Risk to Business: 1.236 = Extreme
Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.
How it Could Affect Your Customers’ Business: An incident this massive is a catastrophe that may spur some changes in Australia’s data privacy laws.
ID Agent to the Rescue: Sell clients on the benefits of security and compliance training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>>
Focus on: Employee Errors
United States – U.S. Internal Revenue Service (IRS)
Risk to Business: 2.026 = Severe
The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.
Risk to Individual: 2.406 = Severe
Exposed taxpayer data includes names, contact information, and financial information about IRA income The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.
How It Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes.
ID Agent to the Rescue: Lower your clients’ risk of an accidental or malicious insider incident with The Guide for Reducing Insider Risk. DOWNLOAD IT>>
Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>
Focus on: Big Trouble from Circumventing Security Protocols
Portugal – Armed Forces General Staff agency of Portugal (EMGFA)
https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html
Exploit: Hacking
Armed Forces General Staff agency of Portugal (EMGFA): Government Agency
Risk to Business: 1.361 = Extreme
Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were spotted for sale on the dark web, leading the agency to discover that it had experienced a data breach. First spotted by US Information Services, hundreds of sensitive documents have apparently been snatched by bad actors. The documents were exfiltrated from systems in the EMGFA, in the secret military (CISMIL) and in the General Directorate of National Defense Resources. Investigators determined that security rules for the transmission of classified documents had been broken, and threat actors were able to access the Integrated System of Military Communications (SICOM) and receive and forward classified documents.
How it Could Affect Your Customers’ Business: This problem could have been prevented by simple adherence to security rules and compliance with security policies.
ID Agent to the Rescue: The infographic 6 Tips for Creating a Security Awareness Training Policy can help you and your clients draft strong security policies that prevent disasters like this. DOWNLOAD IT>>
Focus on: Healthcare Cyberattacks
United States – CommonSpirit Health
Exploit: Ransomware
CommonSpirit Health: Healthcare System Operator
Risk to Business: 2.771 = Extreme
One of the largest healthcare systems in the US is experiencing outages impacting patient care after a suspected ransomware attack knocked some hospital systems offline. Subsidiaries of CommonSpirit have reported being affected by the attack including CHI Health facilities in Nebraska and Tennessee, Seattle-based Virginia Mason Franciscan Health providers, MercyOne Des Moines Medical Center, Houston-based St. Luke’s Health and Michigan-based Trinity Health System. The company disclosed that it has rescheduled some patient procedures because of an inability to access electronic medical records or lab results. Some hospitals are using paper charts. The company says it is working to restore systems and the incident is under investigation.
How It Could Affect Your Customers’ Business: Ransomware is an especially devastating prospect for a healthcare organization because it can impact patient care and even mortality rates.
ID Agent to the Rescue: Learn more about ransomware and reduce your clients’ risk of falling victim to an attack with the tips in our eBook Ransomware Exposed! GET EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
Top 12 Blog Posts of 2022
- Reduce Insider Threats by Building a Strong Security Culture
- Employees See Messages from These Impersonated Brands Daily
- Russia-Ukraine Cyberattacks Put Businesses Worldwide in Danger
- Cyberattack Readiness is Down Sharply Says Insurer
- 8 Reasons Why Security & Compliance Awareness Training is the Perfect Investment
- Industry, Infrastructure and Manufacturing Cyberattack Danger is Rising
- The Nuts and Bolts of Dark Web Monitoring + How It Stops Insider Threats
- 2 Factors Make Data Breaches More Expensive
- The Soaring Cost of a Data Breach Leads to Soaring Prices
- 4 Reasons Why Ransomware Risk Won’t Stop Rising for SMBs
- What Phishing Tricks Do Employees Fall for?
- What’s for Sale on the Dark Web?
- How Do Malicious Insiders Damage Companies?
2022 Top 10 Lists
- 10 More Facts About Phishing That You Need to See
- 10 Facts About the Benefits of Security Awareness Training
- 10 Phishing Facts: Employee Behavior & Insider Risk
- 10 Facts About Nation-State Cybercrime That Impact Businesses
- 10 Spoofing Facts You Need to See
- 10 Facts About Business Email Compromise That You’ve Got to See
- 10 Data Breach Statistics That You Don’t Want to Miss
Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>
2022 Resources
Make Smart Cybersecurity New Year’s Resolutions
12 Days Of Tips To Help Businesses Reduce Holiday Cyber Risk
Security Awareness Training: How It Prevents The Biggest Smb Security Threats
Kaseya Security Insights Report 2022
10 Tips For Successful Employee Security Awareness Training
6 Tips For Implementing Zero Trust Security
Security Awareness Training: Buyer’s Guide for MSPs
Security Awareness Training: Buyer’s Guide For Businesses
The Global Year in Breach 2022
The Dark Web Monitoring Buyer’s Guide For MSPs
The Dark Web Monitoring Buyer’s Guide For Businesses
How Nation State Cybercrime Affects Your Business
How To Build A Security Awareness Training Program
Top 5 Nation-State Cybercrime Risks For Businesses
Are You Doing These 5 Things To Protect Your Clients From Nation-state Cybercrime?
10 Things To Look For As You Shop For A Dark Web Monitoring Solution
The Business Case For Security Awareness Training
Do You Need Best-in-Class Dark Web Monitoring?
6 Tips For Creating A Security Awareness Training Policy
Security Awareness Training: Your Best Investment
Are Your Users Trained To Handle These Risks?
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
Looking Ahead to 2023
News & Events
Learn more about the security suite innovations that you can expect to see in 2023 in our Security Suite Q4 Product Update Webinar. We also introduced multiple new features and enhancements for our security products in Q4 2022 — BullPhish ID, Dark Web ID, Passly and Graphus — that we are excited to share with you.
In the webinar, you’ll learn about:
- New product features and enhancements and what they mean to you
- A roadmap of each product highlighting how we plan to provide additional value to our customers this quarter and beyond
- A recap of each product’s previous quarter releases
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Connect IT Global 2023 | April 24, 2023 – April 27, 2023 | Las Vegas, Nevada
Now is the time to reserve your seat at Connect IT Global 2023 in fabulous Las Vegas! This legendary four-day event brings industry professionals around the world together to share insight and have fun. Meet all of the Kaseya family brands and find out what IT Complete is all about.
You’ll get an exclusive first look at our plans for innovation with the low-down on updates, upgrades and integrations for all of our solutions. Plus you’ll have the opportunity connect with industry heavyweights and learn about what’s next for Kaseya.
Take intensive training and get certified in several Kaseya solutions at the con! You’ll also have the opportunity to attend breakout sessions with technology and sales experts who are ready to share their knowledge with you.
Oh yeah, did we mention it’s in fabulous Las Vegas? Mingle and have fun at amazing parties, receptions and evening events. As always, we’ll have awesome entertainment and fun surprises in store for you!
What is Connect IT Global?
Connect IT Global is designed for leaders and experts in the IT service industry looking to help build systems, evolve their companies, and help lead the industry into a stronger tomorrow.
- Over $15,000 worth of in-depth training and certifications lead by industry leaders.
- Network and be inspired by the most successful MSPs in the industry.
- Connect one-on-one with the Kaseya Leadership team.
- Over 100 sessions to attend, celebrity keynotes, and access to our pre-day event: The M&A Summit, which will focus on Mergers and Acquisitions, and Sales and Marketing.
- Take time in the Exhibit Hall to meet with the vendors that help make your business run.
- Celebrate and party with us! Join us for bottomless drinks, jaw-dropping entertainment and more!
Don’t miss the industry’s premiere event of the year! Register now!
Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>
DattoCon 2023 | October 2, 2023 – October 4, 2023 | Miami, Florida
DattoCon is heading for some fun in the sun in Miami in 2023. Thus marquee industry event brings together industry movers and shakers all in one place. Aside from the unmatched quality of the main stage programming, you can choose from a wide variety of breakout sessions and peer discussion groups to gain insight into challenges and solutions that you may experience in personnel management, recruiting, marketing, selling and other daily business operations.
You’ll gain insight into the next innovation cycle for Kaseya and Datto and be among the first to know about exciting new integrations and solutions. Plus, you’ll have access to experts that can help guide you into choosing the right solutions to grow your business.
Play just as hard as you work with cocktail receptions and parties including the Elements Party and channel events. Plus, Miami is a city with plenty for you to explore – beautiful beaches, fantastic food, unbeatable sights and warm Florida nights to enjoy.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>
October 2 – 4, 2023: DattoCon in Miami, FL REGISTER NOW>>
April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!