The Week in Breach News: 01/11/23 – 01/17/23
This week, we’re exploring: a bevy of big healthcare-related breaches, a scary ransomware hit in Australia and another nasty supply chain attack plus our new guide to choosing a managed SOC and news about cyberattack danger for MSPs.
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
San Francisco Bay Area Rapid Transit (BART)
https://therecord.media/san-francisco-bart-investigating-ransomware-attack/
Exploit: Ransomware
San Francisco Bay Area Rapid Transit (BART): Transportation Authority
Risk to Business: 2.776 = Moderate
The Vice Society ransomware gang has claimed responsibility for a cyberattack on the San Francisco Bay Area Rapid Transit (BART) system and added purportedly stolen data to its dark web leak site. NBC News reported that the gang snatched over 120,000 highly sensitive files from BART’s police department that include data like the names of children suspected of suffering abuse, driver’s license numbers and mental health evaluation forms. A spokesperson for BART says that no BART services or internal business systems have been impacted. No information was available at press time about any ransom demand.
How It Could Affect Your Customers’ Business: Ransomware attacks have been an ongoing threat to infrastructure and the pace is not slowing down.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Consulate Health Care
https://securityaffairs.com/140452/cyber-crime/consulate-health-care-hive-ransomware.html
Exploit: Ransomware
Consulate Health Care: Healthcare Services Company
Risk to Business: 1.221 = Extreme
Consulate Health Care, a large provider of specialty healthcare services for seniors, has been hit by the Hive ransomware group. Hive recently leaked 550 GB of data that it claims to have stolen in the attack including PHI and PII. The attack took place on December 3rd, 2022, and it was disclosed on January 6, 2023. The gang claims to have stolen a wide array of data including contracts, NDA documents, proprietary company data (internally facing budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), employee PII (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.), and patient PII and PHI (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc.). This deluge of data was revealed on Hive’s dark web leak site after Consulate Health Care apparently refused to pay an unspecified ransom.
How It Could Affect Your Customers’ Business: This incident will cost Consulate a fortune once regulators get through with them.
ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
Des Moines Public Schools
https://therecord.media/iowa-school-district-cancels-classes-another-day-due-to-cyberattack/
Exploit: Ransomware
Des Moines Public Schools: Municipal Education Authority
Risk to Business: 1.837 = Severe
Des Moines Public Schools, a system that serves more than 30k students, was forced to suspend classes for two days following a suspected ransomware attack on January 9. A district official said that the district was forced to take its systems offline after discovering the incident to limit the damage. The district was able to return to in-person learning on January 12. However, it experienced ongoing problems with its virtual learning and student information system Infinite Campus and its phone systems that have since been resolved. Many students were also left without Wi-Fi on campus, and access to networked systems within individual schools was also impacted.
How It Could Affect Your Customers’ Business: The education sector is especially attractive to bad actors because of its time-sensitive nature.
ID Agent to the Rescue: See the biggest risks that different sectors face today and get a look at what businesses will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
Bay Bridge Administrators
https://www.securityweek.com/251k-impacted-data-breach-insurance-firm-bay-bridge-administrators
Exploit: Hacking
Bay Bridge Administrators: Employee Benefits Administrator
Risk to Business: 1.981 = Extreme
Texas-based employee benefits administration firm Bay Bridge Administrators says that it was the victim of a successful cyberattack that may have exposed the data of more than 250K people. Bay Bridge Administrators disclosed that on August 15, 2022, a threat actor gained unauthorized access to the Bay Bridge Administrators network and used that access to exfiltrate certain data on September 3, 2022. An investigation determined that PHI and PII was exposed in the incident, and subsequently began notifying those whose data had been stolen. The information about employees whose benefits Bay Bridge Administrators managed includes names, addresses, birth dates, Social Security numbers, ID and driver’s license numbers and medical/health insurance data.
How It Could Affect Your Customers’ Business: Business services companies like this one hold lots of valuable data, making them attractive targets for cyberattacks.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
United Kingdom – Morgan Advanced Materials
https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/
Exploit: Ransomware
Morgan Advanced Materials: Semiconductor Supply Manufacturer
Risk to Business: 1.643 = Severe
The British company Morgan Advanced Materials, a manufacturer of specialized ceramic and carbon parts used in semiconductor manufacturing, has disclosed that it has been the victim of a probable ransomware incident that disrupted its operations. The company said that it has initiated incident response plans and “taken action within its IT systems” to limit the damage. Customers and suppliers have been told to manually process existing and upcoming orders. Morgan Advanced Materials said in a statement that it has engaged a third-party firm to investigate the incident.
How it Could Affect Your Customers’ Business: Hits on manufacturers can cause a cascade of supply chain problems that impact other businesses too.
ID Agent to the Rescue: Identity and Access Management (IAM) helps stop cyberattacks. Our Complete IAM Checklist helps you find the right solution for your needs. GET CHECKLIST>>
United Kingdom – Royal Mail
Exploit: Ransomware
Royal Mail: Postal Service
Risk to Business: 1.643 = Severe
Britain’s Royal Mail is in chaos as a successful ransomware attack by the Lockbit Group has left the service reeling. Royal Mail said it is temporarily unable to dispatch export items, warning that letters and parcels in transit to international destinations may be delayed. Royal Mail officials said that Royal Mail’s Parcelforce Worldwide brand is still operating to all international destinations, but customers should expect delays. Officials were also quick to assure people that the domestic post has not been affected. The service is asking people to not post anything going to an international destination until the situation has been resolved. The perpetrator was first identified as a Russia-aligned cybercrime gang that ultimately turned out to be Lockbit. Royal Mail says that it informed the government’s National Cyber Security Centre to help in the investigation. No ransom demand if any has been made public.
How it Could Affect Your Customers’ Business: Hits on service providers can cause a cascade of supply chain problems that impact other businesses too.
ID Agent to the Rescue: Identity and Access Management (IAM) helps stop cyberattacks. Our Complete IAM Checklist helps you find the right solution for your needs. GET CHECKLIST>>
France – Family Allowance Fund (CAF)
Exploit: Human Error
Family Allowance Fund (CAF): Social Security Agency
Risk to Business: 2.702 = Severe
Family Allowance Fund (CAF), France’s social security agency, is facing a problem after information about citizens was exposed. The incident occurred when a local branch office of CAF in Gironde (Nouvelle-Aquitaine) reportedly sent a file containing PII of 10,204 beneficiaries to a service provider responsible for training the organization’s statisticians to be used in training exercises. The unnamed service provider the information was sent to claims that it did not know that the CAF file contained real, and not fictitious, information. Complicating matters, the file was also posted on a public-facing webpage in March 2021 in the course of the training exercises without any security and easily downloadable by anyone. The surnames, first names and postal codes of beneficiaries were removed from the file, but other information remained including a beneficiary’s address (number and street name), date of birth, household composition and income, amounts and types of benefits received.
How it Could Affect Your Customers’ Business: Human error is the most likely cause of expensive disasters like a data breach, and failure to train is a common reason for employee errors.
ID Agent to the Rescue: Security awareness training helps employees avoid security errors. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>>
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
Australia – Fire Rescue Victoria (FRV)
https://www.bankinfosecurity.com/ransomware-group-behind-victoria-fire-department-outage-a-20913
Exploit: Ransomware
Fire Rescue Victoria (FRV): Public Safety Service
Risk to Business: 1.831 = Severe
The Vice Society ransomware group has claimed responsibility for a ransomware attack on Fire Rescue Victoria that resulted in data theft. The December 2022 attack led to a widespread IT outage for the fire department, a public safety threat. Vice Society has released a sample of the stolen data on its dark web leak site. That leaked data includes budget documents, job applications and other sensitive information. FRV has recovered many critical systems since the incident, but reports say that its overall IT infrastructure is still not fully operational. FRV has had to resort to using older, offline resources such as dispatch crews, mobile phones, pagers and radios. Firefighting crews and trucks remained operational throughout the incident, which remains under investigation.
How it Could Affect Your Customers’ Business: Although this attack did not have an impact on public safety, it could have created a very dangerous circumstance.
ID Agent to the Rescue: Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>
What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>
Japan – Aflac
https://www.theregister.com/2023/01/11/japan_aflac_zurich_data_breaches/
Exploit: Human Error
Aflac: Insurer
Risk to Business: 2.103 = Severe
Aflac’s Japanese branch disclosed in a statement that personal data describing more than three million customers of its cancer insurance product has been leaked online by a third-party contractor. Aflac’s apology states the contractor’s servers were accessed on January 7, 2023, and that the contractor in question was U.S. based, but no further details were disclosed about the unnamed contractor. AFLAC admitted that Japanese customers of their cancer insurance offering had their surname, age, gender, and insurance coverage details exposed.
How it Could Affect Your Customers’ Business: Employee mistakes are the cause of many expensive disasters that security awareness training can help prevent.
ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- The Thriving Dark Web Economy is Bad News for Businesses
- New January Campaigns from Powered Services Pro
- The Pitfalls of Being Ransomware Complacent
- 9 Cybersecurity Predictions You Must See
- The Week in Breach News: 01/04/23 – 01/10/23
New Graphus Microsoft 365 Wizard is an Onboarding Game-Changer
The Graphus team is excited to announce a significant new product enhancement that was just released that will transform the onboarding process to make it even faster!
The new Microsoft 365 Activation Wizard integration available now for Graphus makes onboarding new customers easier than ever before. The wizard automatically provisions Graphus for every new Microsoft 365 domain with lightning speed and precision, reducing the Graphus activation effort for the customer’s IT admin to just three clicks.
Why you’ll love it:
Until now, IT admins had to manually provision Graphus on each customer’s Microsoft 365 email domain, eating up precious time and resources with 17 different steps which took about 15 minutes. Not anymore! The activation wizard automatically completes the necessary activation steps in Microsoft 365 for faster deployment and improved user experience. It also prevents submitting incorrect inputs or missing permissions that could slow down the client onboarding process.
For more details and instructions on the new, shorter process, please refer to this Knowledge Base article.
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
How to Pick the Right Managed SOC eBook
Creating and maintaining an in-house security operations center (SOC) can be an expensive and daunting undertaking. However, a SOC is a vital tool in today’s volatile cybersecurity world. Are you considering augmenting your security operations with a managed SOC platform, also known as managed detection and response (MDR)? Download our buyer’s guide to learn everything about MDR and how to select the best solution that provides all-around protection against cyber threats. You’ll learn:
- What is managed detection and response (MDR) anyway?
- How managed SOC services fit into security best practices
- What to look for in an efficient, effective and affordable managed SOC
DOWNLOAD THE EBOOK>>
Did you miss…? Can Your Email Security Solution Do These 10 Things? DOWNLOAD CHECKLIST>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
Cyberattack Danger for MSPs Mounts Amidst Growing Concern About Supply Chain Risk
Many IT professionals who spearhead security efforts in enterprises are concerned about the rising tide of risk coming into their organizations through their business partners, service providers and suppliers. This type of risk is especially tricky for MSPs who manage a business themselves and provide services to other businesses. Business service providers are juicy targets for cybercriminals for multiple reasons. A business service provider often offers bad actors a backdoor into other targets. Many business service providers also hold large stores of valuable data. Plus, the time-sensitive nature of the services that some business services companies provide, like an MSP, makes them prime targets for ransomware. So how concerned should MSPs and other businesses be concerned about supply chain risk and what can be done to mitigate it?
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
Businesses are right to worry
Business leaders are worried about supply chain risk. Software supply chain risk is a concern that CISO’s grapple with every day. More than 80% of CISOs believe that their software supply chains are vulnerable, and that’s a fact that is at the forefront of their minds and their decision-making. They’re worried with good reason. Three out of five businesses have been targeted in a software supply chain attack. Drilling down, CISOs are very concerned about addressing vulnerabilities and mitigating risk exposure from business relationships including their relationships with software and technology service providers. About 44% of the executives surveyed by Forbes fear that their growing use of partners and suppliers exposes their organizations to major security risks. All in all, 54% of respondents pegged supply chain risk as a top area of focus for security anxiety.
MSPs are right to worry too, especially about the never-ending deluge of ransomware threats that businesses have to grapple with every day. Datto research shows that 90% of MSPs are “very concerned” about the ransomware threats that their clients are facing, and almost one-quarter of those MSPs (24%) report that their clients share that concern. Those worries are well founded, because their customers are experiencing, and falling victim to, ransomware attacks regularly. The MSPs surveyed for this report said that two in five of their customers have dealt with a successful ransomware attack.
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Cyberattacks can crush an MSP
MSPs face increasing danger from cyberattacks, and almost all MSPs have had a brush with cybercrime. Unfortunately, too many of those brushes with cybercrime resulted in successful cyberattacks against MSPs. A report in Infosecurity Magazine details how prevalent cyberattacks against MSPs have become. Nine in 10 (90%) MSPs have experienced a successful cyberattack. Most MSPs are facing many of the same cyber threats that their clients face, making it important for MSPs to follow their own security advice. The most common attacks that landed are phishing (75%), DDoS (56%) and ransomware (42%).
Just like any other business, a successful cyberattack at an MSP is an expensive disaster that has the potential to destroy the business. MSPs that fall victim to a cyberattack are finding that they experience a cascade of negative consequences after they’ve dealt with the problem. Heading the list, almost half of MSPs (46%) have suffered a loss of business in the wake of a cyberattack on their business. That’s shortly followed by reputation damage (45%). Just over one-quarter of MSPs also said that a successful hit on their business had caused their clients to lose faith in them.
Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>
Experts warn: MSPs are in danger
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert in mid-2022 to warn MSPs that they need to be especially wary of cyberattacks against their businesses. In the alert, officials told MSPs: “The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base.”
This alert also offered guidance for MSPs and their customers. Most importantly, MSPs and their clients need to sit down and talk about the supply chain risk that their relationship entails for that customer. Officials urged “transparent, well-informed discussions” between MSPs and their customers that center on securing sensitive information and data. Officials also recommended that MSPs and their clients should do a re-evaluation of security processes and contractual commitments in order to accommodate customer risk tolerance. The goal behind these discussions is to foster a shared commitment to security between MSPs and their clients that will reduce supply chain risk for everyone.
What security challenges do MSPs face?
The nature of the MSP business translates into a sea of unique risks for MSPs too. When we surveyed MSPs about the risks that they feel they’ve had to address in the last year, no single threat was most prevalent in their minds. Instead, MSPs are worried about a plethora of threats at the same time, a circumstance that creates a lot of stress on an MSP and their staff. Heading up the list, computer viruses are the top security concern for MSPs as the ransomware era lives on. COVID-19-related scams and phishing are nearly tied for second place, a great illustration of the behemoth threat that phishing has become for every business in every industry, and endpoint threats round out the list. MSPs face significant threats in all of these areas, making it even more stressful and difficult to mitigate risk.
What security challenges are MSPs facing in their own businesses?
Concern | % of respondents |
Viruses/malware | 38% |
COVID-19 relates scams & threats | 34% |
Phishing | 33% |
Endpoint threats | 31% |
Source: Datto
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
What can MSPs do to reduce their risk?
Our security solutions can help keep MSPs and other businesses out of trouble effectively and affordably.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
January 17: Kaseya + Datto Connect Local Tampa, FL REGISTER NOW>>
January 19: Kaseya + Datto Connect Local Los Angeles, CA REGISTER NOW>
January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>
January 25: Q1 Security Suite Product Update: BullPhish ID, Dark Web ID, Passly & Graphus REGISTER NOW>>
January 31: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
February 7: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
February 14: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>
February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Phoenix (Glendale) REGISTER NOW>>
April 24 – 27, 2023: Connect IT Global in Las Vegas REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!