The Week in Breach News: 04/10/24 – 04/16/24
This week: A second helping of cyber trouble for Change Healthcare and Roku, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) speaks about the hacking at Sisense, a new feature in vPenTest and three email-based cyberattacks that can be prevented by powerful email security.
Learn about the challenges that MSPs face in 2024 in Datto’s State of the MSP 2024 Report. GET YOUR COPY>>
Change Healthcare
Exploit: Ransomware
Change Healthcare: Technology Provider
Risk to Business: 1.741 = Extreme
On the heels of its massive cyber disaster a few weeks ago, Change Healthcare has fallen victim to a ransomware attack yet again. A threat actor new to the scene calling themselves RansomHub claims to have snatched 4TB of sensitive data from the organization’s network. The bad actors claim to have obtained a variety of data including the personal identifying information (PII) of active US service members and other patients, medical records, insurance records, payment information and over 3,000 source code files for Change Healthcare technology.
How It Could Affect Your Customers’ Business: Getting hit by another major cyberattack so soon after the last one is a disaster for a company whose reputation is already tarnished
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Roku
https://techcrunch.com/2024/04/12/roku-second-user-accounts-hacked/
Exploit: Credential Stuffing
Roku: Streaming Service
Risk to Business: 1.856 = Extreme
Roku is cleaning up after its second credential stuffing attack in as many months. The company said about 576,000 customers were impacted. Roku said that the attackers likely did not steal any customer information. However, malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in about 400 users’ accounts. Those charges have been refunded. Roku said it discovered this incident while investigating a credential stuffing attack we covered two weeks ago. when 15,000 Roku users had their accounts compromised.
How It Could Affect Your Customers’ Business: Credential stuffing isn’t hard for bad actors to pull off with the huge pools of exposed passwords for sale on the dark web.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Wells Fargo
https://cybernews.com/news/wells-fargo-suffers-data-breach/
Exploit: Insider Threat
Wells Fargo: Bank
Risk to Business: 1.721 = Severe
Banking giant Wells Fargo has sent a data breach notice to some customers. In the letter, the bank said that an employee violated company policy by sending information to his personal account. Wells Fargo told customers that their personal information and mortgage account numbers were exposed in the incident. It is not known how many customers were impacted.
How It Could Affect Your Customers’ Business: Employees mishandling data, whether accidental or intentional, can cause major problems that lead to big bills quickly
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Sisense
https://techcrunch.com/2024/04/11/cisa-government-sisense-reset-credentials-cyberattack/
Exploit: Hacking
Sisense: Analytics Platform Developer
Risk to Business: 1.803 = Severe
In a rare move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a short statement noting that it is investigating a data breach from a cyberattack on analytics technology company Sisense. The company counts major organizations including infrastructure operators among its clients. CISA warned customers to reset their passwords immediately. The purloined data included millions of access tokens, email account passwords and SSL certificates among other data. Sisense confirmed that bad actors accessed a restricted server. The incident is under investigation.
How It Could Affect Your Customers’ Business: A data breach from a company that handles sensitive infrastructure data is a danger to the public.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
The Heritage Foundation
https://techcrunch.com/2024/04/12/heritage-foundation-cyberattack/
Exploit: Hacking
The Heritage Foundation: Think Tank
Risk to Business: 1.712 = Severe
Conservative think tank the Heritage Foundation admitted that they fell victim to a cyberattack last week. A spokesperson from the group said that they suspect they’ve fallen victim to nation-state hackers, although there is no solid evidence that is the case. The group was not forthcoming about any stolen data.
How it Could Affect Your Customers’ Business: Politically prominent organizations are prime targets for both general hackers and nation-state cybercriminals
Kaseya to the Rescue: See exactly how a hacker would penetrate your network quickly and affordably with network penetration testing. This guide helps you choose the right solution. GET GUIDE>>
New Mexico Highlands University (NMHU)
https://www.aol.com/nmhu-nears-week-canceled-classes-030200860.html
Exploit: Hacking
New Mexico Highlands University (NMHU): Institution of Higher Learning
Risk to Business: 2.376 = Severe
Classes have been canceled for a week as the result of a ransomware attack on New Mexico Highlands University (NMHU). School officials said that its Information Technology Services department identified a technology issue on April 3, 2024. NMHU said that the impacted system was the college’s internal portal for staff, students and faculty. The incident is still under investigation.
How it Could Affect Your Customers’ Business: Cyberattacks on business service providers can open the organizations they serve up to data security and cybersecurity trouble.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
UK – EBlock
https://cybernews.com/news/eblock-hit-by-cyberattack/
Exploit: Hacking
EBlock: Auto Retailer
Risk to Business: 1.866 = Moderate
Toronto-based online auto retailer EBlock has fallen victim to a data breach. The company disclosed that an unauthorized party had accessed specific areas of the legacy ABS Auto Auctions infrastructure. The personal information of its clients was stolen including dates of birth, Social Security numbers, driver’s licenses, bank account numbers and bank routing numbers.
How it Could Affect Your Customers’ Business: A data breach is an expensive proposition for any business from the first stage of the investigation to the final stage of remediation.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
France – The City of Saint-Nazaire
https://therecord.media/france-cyberattack-loire-municipalities
Exploit: Ransomware
The City of Saint-Nazaire: Municipal Government
Risk to Business: 2.602 = Moderate
The City of Saint-Nazaire, France is among five cities in the Loire Valley region that experienced a cyberattack last week that knocked out city systems and services. French officials are describing this as a “large-scale cyberattack”. The cities impacted are Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais and Pornichet. In Saint-Nazaire, the attack that occurred last Tuesday night left city employees with no access to their workspaces, files or business software. No word on what, if any, data was stolen or a timeline on restoring impacted systems.
How it Could Affect Your Customers’ Business: Municipal governments around the world have been plagued by hackers deploying ransomware to interrupt city services.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Explore a new feature in vPenTest: Advanced Exploitation Settings
We’ve added a new feature to Vonahi’s vPenTest: Advanced Exploitation Settings. These three new settings offer our advanced users more customization and control over their assessments and how their networks are being tested, enabling IT teams to align with their unique network security needs.
- Man-in-the-Middle (MitM) & relay attacks: Uncover vulnerabilities in communication protocols that could allow unauthorized interception and manipulation of data.
- Password cracking & spraying: Customize how many password attempts vPenTest will try against the particular service.
- Sensitive data discovery: Explore databases, network services, and active directories using compromised credentials to find and protect sensitive information, improving security measures
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Watch a webinar to learn all about 2024’s biggest challenges
Learn about the cybersecurity challenges and trends our experts predict for 2024 in the insightful webinar “Dangers Ahead: Emerging Cybersecurity Threats for 2024”. You’ll learn:
- Real-world examples of emerging threats and significant attack vectors
- How SOC analysts detect, analyze and respond to unforeseen incidents
- How a proactive approach to cybersecurity mitigates risks and enhances resilience
- How managed SOCs offer an effective and easy option to strengthen your cybersecurity posture
Did you miss… A Comprehensive Guide to Email-based Cyberattacks? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Strong Email Security Helps Conquer These Two Dangerous Cyberattacks
These days, email security is more important than ever before. Experts estimate that 9 in 10 cyberattacks start with a phishing message. The advent of generative AI has made cybercriminals’ jobs easier and defenders’ jobs harder. The continuing evolution of email-based cyberattacks makes it imperative for businesses to implement smart email security that can handle sophisticated threats like these.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Ransomware is hard for businesses to survive
Ransomware is the monster under the bed for IT teams, and the most likely vector for ransomware or malware is email. One successful ransomware attack is potentially devastating for any business, setting off a cascade of negative outcomes that cost businesses a fortune in lost productivity, lost business, incident response expenses, regulatory fines and other expensive nightmares. In our Kaseya Security Survey 2023, we asked IT professionals about how they think a ransomware attack would impact their organization, and the results are grim. More than half (53%) of our respondents indicated that a successful ransomware attack would have a significant impact on their organization. An unfortunate 17% said they believe their company is unlikely to survive a successful ransomware attack.
How much impact would a successful ransomware attack have on your organization?
| Severity of Impact | Response |
| Extreme impact – it would be difficult to recover | 17% |
| Significant impact | 53% |
| Minimal impact | 28% |
| No impact | 2% |
Source: Kaseya Security Survey Report 2023
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Business email compromise
Although ransomware attacks are widely regarded as the worst cyberattack an organization can contend with, that’s not actually the case. Business email compromise (BEC) attacks are the real supervillain, a devastating attack that causes major damage to organizations across every sector. BEC soared by an eye-popping 1760% in 2023. Experts point at generative AI as the driver behind the surge. In a recent report, 80% of cybersecurity decision-makers said that they expect AI to increase the scale and speed of attacks like BEC and 66% expected AI “to conduct attacks that no human could conceive of.”
Just a few weeks ago, The City of Frederick, Maryland disclosed that it experienced a business email compromise (BEC) in November 2023 related to a municipal construction project. Officials said that bad actors capitalized on a project to retrofit an existing municipal building, the William Donald Schaefer Building, into a police department headquarters. The saga began with a phishing attack that resulted in a fraudulent wire transfer that cost the city $280,000. The city says its network security was never compromised during the attack. Fortunately, the municipal government was able to recover the money minus a $50,000 insurance deductible.
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
How can businesses mitigate these risks?
Phishing is the most common form of cybercrime, with an estimated 3.4 billion malicious emails sent every day. Scammers have upped their game to leverage modern tools that help them easily bypass traditional email security solutions and use advanced social engineering techniques to lure an organization’s employees into taking the attacker’s desired action. These tips can help mitigate email-based cyberattack risk.
- Choose an AI-driven solution that can keep up with the pace of threats
- Don’t ignore the risk presented by spam
- Look for machine learning that ensures your email security solution never stops learning
- Engage in regular employee security awareness training
- Use phishing simulations to keep employees sharp
- Invest in endpoint security that enables a swift response to an attack
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
The Graphus Personal Spam Filter stops dangerous spam
Both phishing and spam are email security concerns. Graphus, renowned for its automated, AI-based email security, has also raised the bar for anti-spam features by introducing a Personal Spam Filter. This feature enhances the existing anti-phishing protection, allowing users to take control of their inbox with a simple click on the interactive EmployeeShield banner.
Graphus Personal Spam Filter goes beyond the standard by empowering end users to mark unwanted messages as spam with a single click, effectively building a personalized spam profile for each individual. This user-centric approach ensures that Graphus blocks the sender solely for the individual user while leaving other recipients within the organization unaffected, enabling a tailored email experience.
Learn more about the Graphus Personal Spam Filter in this blog post. LEARN MORE>>
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
Kaseya’s Security Suite helps IT pros mitigate cyber risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate all types of cyber risk including email-based threats effectively and affordably without breaking a sweat.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
TODAY! Smooth Sailing in Cyber Seas: 12 Ways Kaseya’s Security Solutions Reduce IT Burden
April 17 | 1PM ET | 10 AM PT
Navigating the rocky shoals of cybersecurity can be a scary proposition, but we’re here to help. Our trusty navigator Miles Walker, Channel Development Manager, will help you navigate through the dangers. Join us on April 17, 2024, at 1 PM ET / 10 AM PT for a must-see webinar where you’ll discover:
- Tips for maximizing productivity and minimizing IT burden
- How to make the most of automation and AI in cybersecurity tools
- The time-saving benefits and integrations you’ll enjoy from BullPhish ID, Dark Web ID, Graphus and RocketCyber
Don’t miss the boat – Join us! REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!