The Week in Breach News: 05/01/24 – 05/07/24
This week: Dive into big breaches at Kaiser Permanente and JP Morgan, see two hacktivist attacks in Belarus and learn why you should choose a smart security operations center (SOC) that makes the most of the MITRE ATT&CK framework.
Ready to see how Kaseya 365 is transforming the MSP business? LEARN MORE HERE>>
Kaiser Permanente
Exploit: Misconfiguration
Kaiser Permanente: Health System
Risk to Business: 1.741 = Extreme
Kaiser Foundation Health Plan, which operates as Kaiser Permanente, is informing 13.4 million members that their personal data may have been exposed. The healthcare provider said that the incident took place in mid-April. In a statement, Kaiser Permanente said that it determined that online technologies previously installed on its website and mobile applications may have transmitted patients’ personal information to third-party vendors Google, Microsoft Bing and X (Twitter) when members and patients accessed its websites or mobile applications. The company said that patients’ usernames, passwords, Social Security numbers and payment information were not impacted. The incident has been noted on the Department of Health and Human Services’ breach notification portal.
How It Could Affect Your Customers’ Business: Unexpected privacy issues can crop up when technologies evolve, and businesses need to keep an eye on that potential problem.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
The City of Wichita (KS)
https://www.ksn.com/news/city-of-wichita-faces-ransomware-attack
Exploit: Ransomware
The City of Wichita (KS): Municipal Government
Risk to Business: 1.356 = Extreme
City officials in Wichita, Kansas admitted that the city fell victim to a ransomware attack over the weekend that led to the shutdown of some of the city’s technology systems. Attackers hit the city government last Sunday, resulting in data encryption. To limit the spread of the attack, city workers shut down some systems including the water bill payment website and other online city services. The city said that systems will be restored gradually but did not offer a timeline for recovery.
How It Could Affect Your Customers’ Business: Governments and government agencies of all sizes are prime targets for cyber trouble and must plan accordingly.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
JP Morgan
Exploit: Misconfiguration
JP Morgan: Financial Services Company
Risk to Business: 1.221 = Extreme
JP Morgan is informing 451,000 retirement plan participants that their personal data has been exposed. The exposed information includes names, addresses, Social Security numbers, and details regarding payment and deductions. Some clients had their bank routing and account numbers compromised. The breach was discovered on Feb. 26, 2024. JP Morgan said that the data was exposed due to a flaw in software provided by an unnamed vendor. The financial services giant said that three unauthorized system users linked to J.P. Morgan customers or their agents had gained access to plan participant data ranging from August 26, 2021, and February 23, 2024. The flaw has since been corrected.
How It Could Affect Your Customers’ Business: Third-party data security issues can be just as problematic and expensive for a company to clean up as an internal data security issue.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Dropbox
https://therecord.media/dropbox-data-breach-notification
Exploit: Hacking
Dropbox: Technology Company
Risk to Business: 1.803 = Severe
Dropbox has admitted that hackers gained access to its company systems on April 24, 2024. The company said it discovered that hackers initially gained access to the production environment of Dropbox Sign. The bad actors were able to access information related to users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed. Dropbox said that there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information. Dropbox was quick to reassure users that this incident was limited to Dropbox Sign users.
How It Could Affect Your Customers’ Business: Bad actors will seek out any opening to exploit, making penetration testing a must-have to close gaps.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pen testing process to help you find the right pen testing solution for your needs. GET THE GUIDE>>
Learn about the challenges that MSPs face in 2024 in Datto’s State of the MSP 2024 Report. GET YOUR COPY>>
Belarus – The State Security Committee of the Republic of Belarus
https://therecord.media/belarus-secret-service-website-hacked
Exploit: Hacking (Hacktivism)
The State Security Committee of the Republic of Belarus: Government Agency
Risk to Business: 1.712 = Severe
The website for The State Security Committee of the Republic of Belarus, sometimes called Belarus’ KGB, has been knocked out. The hacktivist group the Belarusian Cyber-Partisans has claimed responsibility for the attack. The agency has not confirmed or denied the attack, instead claiming that the website outage is due to “the process of development”. The Cyber-Partisans group is a hacktivist collective that is part of the broader opposition movement in Belarus working to topple the regime of President Aleksandr Lukashenko, who has held that office since 1994.
How it Could Affect Your Customers’ Business: Hacktivists are a dangerous foe whose capabilities should never be underestimated.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of cyberattacks fast. This checklist helps you find the right one. DOWNLOAD IT>>
Belarus – Grodno Azot
https://therecord.media/belarus-cyber-partisans-fertilizer-hack-lukashenko
Exploit: Hacking (Hacktivism)
Grodno Azot: Fertilizer Manufacturer
Risk to Business: 2.376 = Severe
The Belarusian Cyber-Partisans hacktivist collective has claimed responsibility for a cyberattack on fertilizer maker Grodno Azot. The group says that they successfully hacked into the company and gained access to myriad systems. They say they gained control over security systems and surveillance cameras at a manufacturing plant, encrypted hundreds of computers and internal emails and wiped out the company’s backups of databases and servers. The hackers are demanding that the government release political prisoners in exchange for the return of the data.
How it Could Affect Your Customers’ Business: Nation-state threat actors and hacktivists often concentrate on key points in a country’s infrastructure or supply chain.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Datto EDR’s Ransomware Rollback rolls data and systems back to their pre-attack state in minutes SEE HOW IT WORKS>>
Australia – Monash Health
https://www.cyberdaily.au/security/10511-monash-health-caught-up-in-zircodata-ransomware-data-breach
Exploit: Supply Chain Cyberattack
Monash Health: Health System
Risk to Business: 1.866 = Severe
Monash Health has disclosed that it has experienced a data breach following a data security incident at secure document management firm ZircoDATA. That company fell victim to a ransomware attack by the Black BASTA ransomware group in February 2024. Monash Health said in a statement that its investigation had revealed that the information involved relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital and Southern Health, limited to the period from 1970 to 1993. Monash Health was quick to reassure the public that its own systems are secure.
How it Could Affect Your Customers’ Business: Healthcare providers often hold very sensitive data that can be used for nefarious purposes like blackmail if it falls into the wrong hands.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Australia – Firstmac
Exploit: Ransomware
Firstmac: Mortgage Lender
Risk to Business: 1.602 = Severe
Lender Firstmac has confirmed that it has fallen victim to a ransomware attack. The fledgling EMBARGO cybercrime group has claimed responsibility. The hackers claim to have snatched more than 500 gigabytes of data, including databases, source code and sensitive customer data. Customers were informed that they may have had data exposed including name, tax file number, date of birth and contact information.
How it Could Affect Your Customers’ Business: Mitigating email-based cyber risk starts with powerful email security and regular phishing awareness training.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
2 New Canada-focused phishing simulation kits available in BullPhish ID
Bad actors are constantly hard at work refining their scams to trick people around the world into falling for their phishing scams. These two new phishing simulation kits can help train employees to be wary of suspicious emails from Canadian banks.
- BMO Canada – Restore Your Account
- RBC Royal Bank – Update Your Account Records
See more about these phishing simulation kits in the Release Notes. LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Learn about the cybersecurity dangers ahead
Cyberthreats have been coming in fast and furious in the first half of 2024, and the second half of 2024 promises to be just as fast-moving. Be ready for the next cyberthreat with the insight you’ll gain from our webinar Dangers Ahead Emerging Cybersecurity Threats for 2024. In this session you’ll discover:
- Real-world examples of emerging threats and significant attack vectors
- How SOC analysts detect, analyze, and respond to unforeseen incidents
- How a proactive approach to cybersecurity mitigates risks and enhances resilience
- How managed SOCs offer an effective and easy option to strengthen your cybersecurity posture
Ready to elevate your cybersecurity threat knowledge? WATCH NOW>>
Did you miss… The Benefits and Barriers of Having a SOC? DOWNLOAD IT>>
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Leveraging MITRE ATT&CK is Key for a Smart SOC
Every day, information technology (IT) professionals strive to keep the systems and data they manage secure against a wide range of dangerous cyberthreats. With the increasing prevalence of targeted and persistent threats, IT professionals need to be equipped with tools, resources and intelligence that enable them to stay ahead of adversaries through proactive threat detection. A Security Operations Center (SOC) is an invaluable asset for IT professionals tasked with securing any organization.
What should you be looking for in an EDR solution? This checklist helps you make a smart choice! GET IT>>
The role of a SOC
A SOC is a must to defend against cyberthreats. In a SOC, a centralized team of IT security professionals continually monitor and analyze an organization’s security systems and data to uncover, detect, investigate and respond to cybersecurity incidents.
A SOC offers a multitude of cybersecurity benefits, including:
Proactive threat detection and prevention: 24/7/365 monitoring and analysis of security events helps identify and respond to potential threats before they can cause damage.
Improved threat intelligence: SOCs gather and analyze data from various sources to stay ahead of the evolving threat landscape and detect new threats faster.
Reduced risk of attacks: By proactively identifying and mitigating potential threats, SOCs help to reduce the risk of successful cyberattacks.
Incident response coordination: SOCs provide a central hub for coordinating responses to security incidents. This helps to streamline the response process and reduce the impact of incidents.
Increased visibility: SOCs provide a centralized view of an organization’s security posture. This helps to identify and address potential vulnerabilities.
Affordable, automated penetration testing is a game-changer. Learn about it in our buyer’s guide! GET GUIDE>>
Why choose a managed SOC?
There are two paths for managed service providers (MSPs) and businesses to take to approach gaining access to the benefits of a SOC.
In-house: Building an in-house SOC is a complex and time-consuming process that requires major upfront investment. The cybersecurity talent shortage also makes it difficult to find the right personnel to staff it.
Managed SOC: Choosing a managed SOC removes all of the major burdens of establishing a SOC. Partnering with a managed SOC offers access to a seasoned team of IT professionals with the latest technology to hunt, mitigate and respond to threats quickly without a big upfront cost.
See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>
What is the role of the MITRE ATT&CK framework in a smarter SOC?
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior that reflects the various phases of an adversary’s attack lifecycle and the platforms they are known to target. The MITRE ATT&CK framework offers a structured and comprehensive approach to understanding, assessing and defending against cyberthreats. Unlike the traditional, static catalog of known threat vectors, MITRE ATT&CK is a dynamic framework that adapts to the evolving tactics, techniques and procedures (TTPs) of cyber adversaries. This beacon of strategic guidance is an invaluable resource for cybersecurity professionals and offers a common language for defenders to use when communicating cybersecurity information.
Here are some benefits of the MITRE ATT&CK framework for defenders:
- Comprehensive knowledge base: MITRE ATT&CK is the common language the cybersecurity community uses to describe adversarial behaviors. Aligning with it gives IT professionals access to a comprehensive and structured knowledge base that catalogs various TTPs employed by adversaries during different stages of the cyberattack lifecycle. Organizations can use this knowledge base to understand potential threats more comprehensively and enhance their defense strategies.
- Improved threat detection: ATT&CK helps organizations develop threat detection and response capabilities by mapping out specific techniques that adversaries might use. This mapping assists in creating more effective detection rules, allowing organizations to proactively identify and respond to potential threats more efficiently.
- Risk assessment and mitigation: By understanding the tactics and techniques employed by adversaries, organizations can better assess their overall cybersecurity risk. This knowledge enables organizations to implement more targeted and effective security measures to mitigate specific threats.
- Vendor and tool evaluation: Organizations can use the ATT&CK framework to evaluate the efficacy of security tools and solutions. It provides a standardized way to assess how well security products align with real-world threats, aiding in informed decision-making during the selection of cybersecurity tools.
- Continuous improvement and adaptability: ATT&CK is regularly updated to include new threat intelligence and evolving tactics used by adversaries. This allows organizations to adapt and continuously improve their cybersecurity strategies in response to emerging threats.
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
5 ways to make a SOC smarter with MITRE ATT&CK
In the dynamic realm of cybersecurity, adaptability is key. A smart SOC using the MITRE ATT&CK framework has access to a global knowledge base of the latest threats and challenges.
Here are a few ways MITRE ATT&CK alignment can be utilized to make a smarter SOC:
- Map security controls to ATT&CK: Identify which security controls are effective against the TTPs listed in the ATT&CK framework to identify any gaps in security coverage. Finding gaps makes it easy to make the right investments in new security controls.
- Use ATT&CK-based, threat-hunting techniques: Utilize ATT&CK-based, threat-hunting techniques to proactively search for hidden threats in an organization’s environment. This includes using ATT&CK knowledge to identify suspicious activity and indicators of compromise.
- Develop ATT&CK-based playbooks: Create playbooks for responding to specific ATT&CK-based threats. These playbooks should outline the steps that SOC analysts should take to identify, contain and eradicate threats.
- Continuing education for SOC analysts: Providing SOC analysts with access to ATT&CK resources equips them with the tools they need to constantly improve their threat detection, hunting and response capabilities.
- Continuously monitor and improve: Smart reports give analysts actionable data that enables them to take proactive security steps, like closing security gaps, reviewing security controls and updating incident response playbooks.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
RocketCyber and MITRE ATT&CK are the perfect set up for security success
RocketCyber is built to align seamlessly with the MITRE ATT&CK framework, with a plethora of integrations that make it ideal for support across the kill chain, including:
- Recognizance
- Resource Development
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Command and Control
- Exfiltration
- Impact
RocketCyber features unmatched threat detection and response capabilities, offering a wide array of benefits at an affordable price.
Real-time threat detection and response: Bad actors are always looking for vulnerabilities, so our managed SOC operates 24/7/365 to monitor and respond to threats no matter when they take place.
PSA (professional services automation) ticketing: Our SOC analysts investigate each alert, triage the data and produce a PSA ticket that includes all of the relevant remedy details so you can focus on your operations without hiring security engineers.
Breach detection: Detect adversaries that evade traditional cyber defenses, such as firewalls and AV. RocketCyber identifies attacker TTPs and aligns with MITRE ATT&CK, producing a forensic timeline of chronological events to deter intruders before a breach occurs
Comprehensive monitoring: RocketCyber’s threat-monitoring platform detects malicious and suspicious activity across three critical attack vectors: endpoint, network and Cloud.
Automatic malware detection and termination: At no extra cost, every deployment comes with an automatic malware detection and termination app built directly into RocketCyber’s cloud platform.
Schedule a demo of RocketCyber Managed SOC today! BOOK IT>>
See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>
It’s Time to Play Cybersecurity Jeopardy!
May 16, 2024 | 1 PM ET / 10 AM PT
Spring is in the air, and it’s time to challenge your cybersecurity knowledge in another exciting installment of Cybersecurity Jeopardy! Hosted by Miles Walker, Channel Development Manager, you’ll see top industry experts battling it out for the title of Cybersecurity Jeopardy Champion. And the excitement doesn’t stop there — you get to participate too! Test your skills by answering questions live and stand a chance to win fantastic prizes. REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local Melbourne REGISTER NOW>>
May 16 – Kaseya+Datto Connect Local New York (Security and Compliance Series) REGISTER NOW>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!