The Week in Breach News: 01/25/23 – 01/31/23
This week, we’ll explore a nasty cyberattack at GoTo that compromised customers’ backups, look at the impact of a successful phishing attack at Zendesk and reveal the five biggest SMB cybersecurity concerns listed in the new Datto SMB Security for MSPs report.
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
One Brooklyn Health
Exploit: Hacking
One Brooklyn Health: Healthcare Provider
Risk to Business: 1.776 = Moderate
Hospital operator One Brooklyn Health has confirmed that its hospitals were forced offline in November 2022 because of a security incident. The incident affected three OBH hospitals and affiliated care sites: Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. At those hospitals, workers were forced to resort to manual recordkeeping, creating treatment delays that were widely reported in the local press. Bad actors gained access to patient data in the incident including patient names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions and health insurance information.
How It Could Affect Your Customers’ Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Zacks Investment Research
https://securityaffairs.com/141343/data-breach/zacks-investment-research-data-breach.html
Exploit: Hacking
Zacks Investment Research: Financial Analysts
Risk to Business: 2.021 = Severe
Investment analysis company Zacks Investment Research has informed more than 280,000 customers that bad actors gained access to some of its client data. The company said that the intrusion occurred at the end of 2022. In the incident, the intruders had their hands on a database of customers who had signed up for the Zacks Elite product between November 1999 and February 2005. Exposed data may include a customer’s name, address, phone number, email address and password used for Zacks.com. Zacks was quick to assure customers that threat actors did not gain access to any customer credit card information, customer financial information or any other customer personal information.
How It Could Affect Your Customers’ Business: The financial services industry was among the three most cyberattacked industries in 2022.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Circleville Municipal Court
https://therecord.media/ohio-town-working-to-restore-municipal-court-systems-after-cyberattack/
Exploit: Ransomware
Circleville Municipal Court: Municipal Government
Risk to Business: 1.837 = Severe
The municipal court system in Circleville, Ohio is the latest municipal government entity to have ransomware trouble. Circleville Municipal Court was added to the dark web leak site of the LockBit ransomware group last week. The group claims to have snatched 500 GB of data including sensitive court records. Officials have confirmed that the court system has had its operations disrupted and said that they are working with experts to get up and running again. No information was available about any ransom demands.
How It Could Affect Your Customers’ Business: Ransomware has been a menace for government agencies and municipalities of all sizes.
ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
GoTo
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html
Exploit: Hacking
GoTo: Software Company
Risk to Business: 1.981 = Extreme
GoTo disclosed that it has experienced a data security incident that impacts customers’ backups. The company said that in November 2022, unidentified threat actors snatched some customers’ encrypted backups along with an encryption key for some of those backups. Users of GoTo’s Central, Pro, join.me, Hamachi and RemotelyAnywhere products may have been hit in this incident. The exposed data may include customers’ account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, and well as some product settings and licensing information. In addition, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted.
How It Could Affect Your Customers’ Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Build one with our Building a Strong Security Culture Checklist! DOWNLOAD IT>>
Charter Communications
Exploit: Supply Chain Attack
Charter Communications: Telecommunications Company
Risk to Business: 1.973 = Severe
Telecom giant Charter Communications disclosed that 550,000 of its customers have had information exposed as the result of a data breach at one of its vendors after bad actors claimed on a dark web site to have obtained Charter’s customer data. A post on a dark web data broker’s site claimed that the broker had obtained a tranche of data that belonged to Charter Communications that included 550K user records listing information like customers’ account numbers and some identity information. Charter says that the incident is still under investigation. The company serves 32 million customers in 41 states.
How it Could Affect Your Customers’ Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
Running Room
Exploit: Hacking
Running Room: Sporting Goods Retailer
Risk to Business: 1.802 = Severe
Running Room has informed customers that it has experienced a data breach due to hackers setting up a skimming operation on its website. The sporting goods retailer said that the incident took place between November 19, 2022, and January 18, 2023. The company says that the hackers were able to access and steal customers’ emails, names, addresses, phone numbers and credit card information during website transactions. Running Room did not specify how many transactions or customers had been impacted.
How it Could Affect Your Customers’ Business: Payment skimmers are a cybercriminal favorite, and they can be hard to spot before it’s too late.
ID Agent to the Rescue: Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
Denmark – Zendesk
https://www.securityweek.com/zendesk-hacked-after-employees-fall-for-phishing-attack/
Exploit: Phishing
Zendesk: Software Company
Risk to Business: 1.672 = Severe
Zendesk has begun informing customers that the company has experienced a security incident as a result of a successful phishing attack. A message from Zendesk informed customers that the company found out about the issue in October 2022. At that time, several employees were targeted in a “sophisticated SMS phishing campaign” and some of them took the bait. Those employees then handed over their account credentials, giving hackers access to data from a logging platform between late September and late October 2022. Zendesk warned impacted customers that service data belonging to those company’s accounts may have been in the logging platform data, although there is no evidence that bad actors gained access to anyone’s instance.
How it Could Affect Your Customers’ Business: phishing is the bane of every IT team and the biggest security danger most businesses face.
ID Agent to the Rescue: Learn how to protect businesses from almost all sophisticated phishing messages in our infographic How AI Enables Graphus to Protect Businesses from Phishing. GET IT>>
UK – Arnold Clark
Exploit: Ransomware
Arnold Clark: Car Dealer
Risk to Business: 2.103 = Severe
One of the UK’s largest car retailers Arnold Clark has been added to the Play ransomware group’s dark web leak site. Play claims that they’ve stolen 15 GB of data that includes National Insurance numbers, passport data, addresses and phone numbers. The group also published a selection of bank statements and car finance documents for customers of the Glasgow-based firm The December 2022 attack led to an information systems shutdown at the retailer that caused workers to have to resort to pencil and paper to handle business.
How it Could Affect Your Customers’ Business: Ransomware is a quick path to loss of revenue and customer service nightmares because of delays and system shutdowns.
ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- How Can Businesses Overcome the Cybersecurity Talent Shortage?
- The Week in Breach News: 01/18/23 – 01/24/23
New Powered Services Campaign: Cyber Supply Chain Risk Management
MSP Value Proposition:
Help your customers and prospects understand why their organization’s cybersecurity might only be as strong as the weakest link in their network. Just as people can spread viruses, your IT network can be used to spread digital viruses to every other system with which you’re connected. Teach businesses how to put cybersecurity measures in place to stop cyber supply chain attacks in their tracks.
End Buyer Value Proposition:
Put security measures in place to better identify and remediate security issues before they harm your business or, worse, spread to other businesses connected to yours. When it comes to cybersecurity and business supply chains, you don’t want to be a superspreader. Spread joy, not digital viruses.
Check out our Quick Start Guide for help learning how to use the Pro Campaigns.
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
3 Reasons Why MSPs Need the Datto SMB Cybersecurity Survey for MSPs Report
Check out 3 reasons why every MSP will benefit from downloading and reading the new SMB Cybersecurity Survey for MSPs Report
- Get a look at the mindset and challenges of cybersecurity decision-makers
- Learn exactly which problems weigh heaviest on business IT professionals’ minds
- See how trends are developing in SMB cybersecurity that you can leverage to profit
Did you miss… Our infographic How AI Enables Graphus to Protect Businesses from Phishing? GET IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
The Big 5 Cybersecurity Issues for SMBs (and What They’re Doing About Them)
Securing a business against cybersecurity risks isn’t a straightforward proposition. The risk landscape is constantly changing, and cyber threats evolve every day. Plus, both the good guys and the bad guys are dedicated to innovation, creating unexpected hazards. That leaves business security professionals facing a host of current and future cybersecurity issues. For the Datto SMB Cybersecurity for MSPs Report, we asked 2,913 IT decision-makers at organizations of all sizes to tell us about their cybersecurity pain points This data gives MSPs a look behind the curtain at the day-to-day challenges that face business security professionals and business leaders.
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
It’s impossible to point thefinger at a single reason for SMB security trouble
SMBs aren’t facing security stress from just one avenue. Instead, they’re bombarded by a wide variety of risks daily, making every business’s security concerns unique. There’s no one-size-fits-all proposition for MSPs to offer businesses to take care of their security challenges quickly. Every company’s cybersecurity woes are different. However, there are some challenges that are more common than others. About a quarter of businesses named five issues as their biggest pain points: Phishing, malicious ads/websites, passwords, bad user practices and lack of security awareness training.
Main reasons SMBs feel they have had cybersecurity issues
| Issue | Response |
| Phishing emails | 37% |
| Malicious websites/web ads | 27% |
| Weak passwords/access management | 24% |
| Poor user practices/gullibility | 24% |
| Lack of end-user cybersecurity training | 23% |
| Lack of administrator cybersecurity training | 19% |
| Phishing phone calls | 19% |
| Lack of defense solutions (antivirus) | 19% |
| Insufficient security support for different types of user devices | 18% |
| Outdated security patches | 18% |
| Lack of funding for IT security solutions | 17% |
| Lost/stolen employee credentials | 17% |
| Lack of executive buy-in for adopting security solutions | 16% |
| Open remote desktop protocol (RDP) access | 15% |
| Shadow IT | 13% |
Source: Datto
See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>
SMBs are plagued by phishing
Businesses have been impacted by many cybersecurity woes, but phishing takes the cake. Many of our respondents saw phishing as the prime suspect for security issues. Almost one-third of respondents dealt with phishing and viruses last year. Interestingly, more than one-quarter of respondents have experienced an attack on their IT service provider (16% in the past year). This is an opportunity for MSPs to provide highly secure service.
Cybersecurity issues that have affected SMBs business in the last 12 months
| Issue | Experienced in the past year | Experienced ever |
| Computer viruses | 30% | 50% |
| Phishing messages | 32% | 49% |
| COVID-19 related scams or threats | 21% | 32% |
| Attack on IT service provider | 16% | 27% |
| Personal information/credential theft | 16% | 26% |
| Endpoint threats detected | 15% | 25% |
| Ransomware | 13% | 24% |
| Other cybersecurity issues | 3% | 8% |
| None | 19% | 8% |
Source: Datto
This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>
SMBs expect to be phished this year
Phishing is a menace to businesses, and the cyberattacks that come to businesses by way of phishing are some of the most dangerous business security threats around. Just under three-quarters of respondents think it’s likely that their organization will experience a phishing attack in the next year they’re looking for ways to mitigate that risk.
| Likelihood | Response |
| Extremely/very likely | 41% |
| Somewhat likely | 31% |
| Not very likely | 22% |
| Not at all likely | 7% |
Source: Datto
Phishing is the most likely gateway for cybersecurity trouble to reach companies. SMB IT decisionmakers are also aware that a successful phishing attack could have a major impact on their organizations. Almost half of respondents believe a phishing attack would have a significant impact on their business.
| Outcome | Response |
| Extreme impact – it would be difficult to recover | 14% |
| Significant impact | 46% |
| Minimal Impact | 36% |
| No Impact | 4% |
Source: Datto
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
Almost three-quarters of companies say that ransomware would be a death blow
What is the cyberattack that keeps IT professionals up at night more than any other? Ransomware. Ransomware is a major danger that only grows worse and more complex as time goes on. Businesses know that they could be next, and they’re worried about it. About 60% of respondents felt their organization might be hit by a successful ransomware attack in the next 12 months
| Likelihood | Response |
| Extremely/Very likely | 34% |
| Somewhat likely | 27% |
| Not very likely | 30% |
| Not at all likely | 8% |
| I’m not familiar with this type of attack | 2% |
Source: Datto
Businesses have gotten the message that a ransomware attack could destroy them, and they’re looking for ways to prevent it. Most businesses aren’t ready to handle a ransomware attack, and the impact of a successful attack would be catastrophic. Around 70% of SMBs admitted that the impact of a ransomware attack would be extreme or significant.
| Impact | Response |
| Extreme impact – it would be difficult to recover | 17% |
| Significant impact | 53% |
| Minimal impact | 28% |
| No impact | 3% |
Source: Datto
Ransom demands vary widely
Ransom demands are constantly evolving. Companies need to know about the gigantic financial hit that they could take in the event of a successful ransomware attack if they plan to pay the extortionists even though officials and experts agree that paying a ransom is a bad idea. Presenting clients and prospects with a clear picture of the ransom demand they could face may help them wrap their heads around the actual hit to their bank accounts.
Almost one-third of SMBs faced $10,000–$50,000 in ransom cost
| Ransom Amount | Response |
| Less than $100 | 2% |
| $100 to less than $500 | 4% |
| $500 to less than $1,000 | 10% |
| $1,000 to less than $5,000 | 21% |
| $5,000 to less than $10,000 | 25% |
| $10,000 to less than $25,000 | 20% |
| $25,000 to less than $50,000 | 11% |
| $50,000 or more | 6% |
Source: Datto
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
Our Security Suite helps businesses mitigate cyber risk easily
Our security solutions can help keep businesses out of trouble effectively and affordably.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size. This powerhouse is the channel leader in phishing simulations.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Automated, AI-powered antiphishing email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- 3 layers of powerful protection at half the cost of competing solutions
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance
Managed SOC
Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered
- Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud
- Patent-pending cloud-based technology eliminates the need for on-prem hardware
- Discover adversaries that evade traditional cyber defenses such as Firewalls and AV
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
February 7: Kaseya + Datto Connect Local Orlando REGISTER NOW>>
February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
February 14: Cybersecurity Jeopardy! REGISTER NOW>>
February 14: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>
February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>
February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>
February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 28: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!