The Week in Breach News: 02/08/23 – 02/14/23
This week: Sharp HealthCare’s security falls flat, cybercriminals score a data haul from a major grocer, Canada’s largest bookstore is shut down online by hackers and why MSPs should invest in Managed SOC.
Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>
Pepsi Bottling Ventures LLC
Exploit: Malware
Pepsi Bottling Ventures LLC: Soft Drink Distributor
Risk to Business: 1.763 = Severe
Pepsi Bottling Ventures LLC, the U.S.’s largest Pepsi bottler, has fallen victim to a data-stealing malware attack. The bottler operates 18 bottling facilities across North and South Carolina, Virginia, Maryland, and Delaware. The company said in a breach disclosure that the attack took place on December 23, 2022, but went undiscovered until 18 days later on January 10, 2023. Information about the soft drink bottler’s employees appears to have been snatched by the crooks including an employee’s full name, address, financial account information (including passwords, PINs, and access numbers), state and Federal government-issued ID numbers and driver’s license numbers, ID cards, Social Security Numbers (SSNs), passport information, digital signatures, information related to benefits and employment (health insurance claims and medical history).
How It Could Affect Your Customers’ Business: A business that is time sensitive in nature is very attractive to the bad guys.
ID Agent to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
Sharp HealthCare
Exploit: Hacking
Sharp HealthCare: Healthcare Provider
Risk to Business: 1.808 = Severe
San Diego, California healthcare provider Sharp HealthCare has begun notifying 62,777 of its patients that some of their personal information was compromised in a cyberattack. Specifically, patients who paid a bill using the provider’s online bill payment service between Aug. 12, 2021, and Jan 12, 2022, had data exposed. Sharp was quick to reassure patients that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth or health records. The breach was limited to patient names, internal Sharp identification numbers, invoice numbers, payment amounts and the names of the Sharp entities receiving payment.
How It Could Affect Your Customers’ Business: Healthcare targets have been getting hammered by ransomware groups and hackers thanks to the wide array of valuable data they hold.
ID Agent to the Rescue: Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
Weee!
Exploit: Hacking
Weee!: Specialty Grocer
Risk to Business: 1.657 = Severe
The largest Asian and Hispanic grocery store in North America Weee! announced that it has experienced a data breach. The personal information of 1.1 million customers was affected. The incident came to light after a threat actor began leaking the stolen data on a dark web forum. The cybercriminal claims that the data was stolen in February 2023. The stolen data includes Weee! customers’ first and last names, email addresses, phone numbers, device type (iOS/PC/Android), order notes and other data the delivery platform uses. The company has confirmed the authenticity of the data.
How It Could Affect Your Customers’ Business: Online retailers handle and retain data that sells fast in dark web markets.
ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Build one with our Building a Strong Security Culture Checklist! DOWNLOAD IT>>
MKS Instruments
https://www.csoonline.com/article/3687098/mks-instruments-falls-victim-to-ransomware-attack.html
Exploit: Ransomware
MKS Instruments: Semiconductor Manufacturing
Risk to Business: 1.379 = Extreme
Massachusetts-based semiconductor and circuit board maker MKS Instruments has experienced a ransomware attack that may cause manufacturing delays. In a filing, the company said that the event happened on February 3 and impacted its production-related systems. A company executive disclosed that the incident has affected certain business systems, including production-related systems, and as part of the containment effort, the company has elected to temporarily suspend operations at certain of its facilities. No word on what if any ransom was demanded.
How It Could Affect Your Customers’ Business: the semiconductor shortage has made manufacturers of those critically needed items prime targets for cyberattacks.
ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>
City of Oakland, California
https://securityaffairs.com/142110/cyber-crime/city-of-oakland-ransomware-attack.html
Exploit: Ransomware
City of Oakland: Municipal Government
Risk to Business: 1.709 = Severe
The City of Oakland, California announced that some city services and systems were knocked offline as a result of a ransomware attack. Officials assured citizens that the city’s emergency services were not impacted and none of the city’s financial data was accessed. However, delays are expected for things like inquiries to city staff and officials. The City’s Information Technology Department is investigating the incident in cooperation with law enforcement.
How it Could Affect Your Customers’ Business: Cybercriminals have been going after governments at every level hard for the past few years.
ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>
Indigo Books & Music
Exploit: Hacking
Indigo Books & Music: Bookstore Chain
Risk to Business: 1.892 = Severe
Indigo Books & Music, Canada’s largest bookstore chain, has announced that it has experienced a cyberattack, suspected to be ransomware, that may have exposed customer data last week. The incident caused the company to make the website unavailable to customers and to only accept cash payments in stores. Gift cards were also unusable. Indigo cautions that there may be delays in shipped orders. The bookseller has not offered specifics as to the type of cyberattack that caused the problem or if any data was encrypted or stolen. An investigation and restoration of systems is ongoing.
How it Could Affect Your Customers’ Business: Shutting down retail businesses is a favored tactic of ransomware practitioners looking for a quick score
ID Agent to the Rescue: Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>
Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>
Ireland – Munster Technological University (MTU)
Exploit: Hacking
Munster Technological University (MTU): Institution of Higher Learning
Risk to Business: 1.711 = Severe
Indigo Books & Music, Canada’s largest bookstore chain, has announced that it has experienced a cyberattack, suspected to be ransomware, that may have exposed customer data last week. The incident caused the company to make the website unavailable to customers and to only accept cash payments in stores. Gift cards were also unusable. Indigo cautions that there may be delays in shipped orders. The bookseller has not offered specifics as to the type of cyberattack that caused the problem or if any data was encrypted or stolen. An investigation and restoration of systems is ongoing.
How it Could Affect Your Customers’ Business: Online learning has been a boon for cybercriminals too, making it easy for them to hold schools hostage with ransomware.
ID Agent to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
UK – Vesuvius Plc
https://therecord.media/vesuvius-plc-cyber-incident-steel-industry-supplier/
Exploit: Hacking
Vesuvius Plc: Ceramics Manufacturer
Risk to Business: 1.823 = Severe
Vesuvius Plc, a UK company that produces ceramics used by steelmakers, has announced that it was the victim of a cyberattack. The company said that it was forced to shut down affected systems and initiated steps to assess the scale of the attack, including the impact that this attack will have on production and shipping. The company did not say if any data was stolen, simply saying that it was working with the relevant authorities.
How it Could Affect Your Customers’ Business: Small manufacturers of key specialty parts that move other industries are attractive to bad guys because of the chance that they have low security.
ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>
See how today’s biggest threats may impact businesses in our security blogs.
- Supply Chain Attacks Rise While Other Breaches Dip Slightly
- Cyberattack Recovery is Uncertain for Almost Half of Businesses
- How Can Businesses Overcome the Cybersecurity Talent Shortage?
- The Week in Breach News: 02/01/23 – 02/07/23
Explore Kaseya’s Innovative, Affordable Security Suite
Explore Kaseya’s Innovative, Affordable Security Suite
Businesses face a volatile and dangerous cybersecurity landscape. Choosing the right partner to help you secure your organization against mounting cybercrime risk is key to staying out of trouble. Kaseya is ready to help.
Learn how Kaseya’s solutions work together to help you protect your organization from cyberattacks, detect problems, defend against intrusions, respond to threats and recover from incidents in a product brief.
Kaseya Security Suite for MSPs Product Brief DOWNLOAD IT>>
Kaseya Security Suite for Businesses Product Brief DOWNLOAD IT>>
Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>
Take a Deep Dive into Cybersecurity Frameworks
Take a Deep Dive into Cybersecurity Frameworks
Having a security framework in place is a key element in any plan to keep systems and data safe. These webinars help you learn more about security frameworks.
For MSPs: Watch “Cybersecurity Roundtable Series: Security Frameworks 201” to hear Kaseya’s CISO Jason Manar and Miles Walker, Channel Development Manager, discuss the critical points you need to know regarding security frameworks. WATCH NOW>>
For Business IT Pros: Explore what cybersecurity frameworks are and why they are critical for keeping your company safe from cyberattacks. Learn how to incorporate a security framework into your strategic and day-to-day operations. WATCH NOW>>
Did you miss… The Comprehensive Guide to Business Email Compromise? DOWNLOAD IT>>
Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>
How Does Managed SOC Help MSPs Transform Their Clients’ Security?
Small and midsize businesses (SMBs) are experiencing record levels of cyber threats, and those numbers are only expected to keep climbing. At the same time, the cybersecurity talent shortage and a turbulent economy have created new challenges for MSPs. That leaves MSPs with a quandary: How can you take care of your clients without overextending your staff or your budget? Managed SOC, also known as managed detection and response (MDR), is the answer.
Excerpted in part from our eBook How to Pick the Right Managed SOC Solution. DOWNLOAD IT>>
What is Managed Detection & Response (MDR)
With Managed Detection and Response (MDR), SMBs can turn cybersecurity management over to the experts in the form of a SOC. This provides knowledge and expertise without adding headcount costs and managerial overhead. The primary function of a Managed SOC is to rapidly analyze, detect and respond to cyber threats that bypass traditional cybersecurity tools.
Comprehensive MDR will cover:
Endpoint security: Protect your endpoints with Windows and macOS event log monitoring, advanced breach detection, malicious files and processes, threat hunting, intrusion detection and third-party, next-gen AV integrations — at a minimum.
Network security: Gain new levels of network protection with firewall and edge device log monitoring integrated with real-time threat reputation, DNS information and malicious connection alerts.
Cloud security: Secure the cloud with Microsoft 365 security event log monitoring, Azure AD monitoring, Microsoft 365 malicious logins and overall Secure Score.
In MDR, analysis is done by collecting information from a variety of sources like endpoints, cloud services and firewall logs. From this telemetry, trained SOC analysts can:
- Investigate suspicious activities
- Proactively hunt for hidden latent threats
- Respond to and remediate early-stage threats
- Spot and stop cyberattacks
- Take care of problems before they become disasters
Choosing between building a SOC or leveraging a managed SOC
Many MSPs and SMBs envision building a SOC, only to discover how complex and costly a task it actually is. Leveraging a Managed SOC lowers the barrier to entry, making MDR easy and affordable. Keep these key points of consideration in mind when considering your options:
Personnel: Most SOCs are 24/7/365 operation centers. Creating your own means that you will need to have a large enough team on the payroll to handle its needs.
Availability: Many sophisticated attacks tend to start on a Friday evening while even more occur on holiday weekends. Ensuring personnel are available at off times or during holidays can be difficult and expensive.
Talent: Obtaining and retaining talent is a challenge. Unfortunately, the market demand for security professionals far outweighs the market availability. This drives up the cost of hiring cybersecurity professionals and makes it harder to keep trained experts on staff.
Investment: Advanced cybersecurity tools aren’t cheap and can be costly to set up. For example, in a SOC, you’ll need many defensive tools like threat intelligence feeds and malware analysis solutions, as well as experienced staffers who can utilize them to their fullest extent.
Identifying key capabilities of a Managed SOC Service
The right managed SOC service will include these key capabilities:
24/7/365 service: The SOC must be operational every hour of every day, all year long. This is the most crucial factor to consider since many attackers try and time their attacks when companies have less staff available, especially over holiday weekends — ransomware attack rates climb by about 30% during the winter holiday season.
Integrated threat intelligence: Threat intelligence is the lifeblood of a SOC. Ensure the SOC you choose brings in multiple threat feeds to quickly identify the latest emerging threats.
Threat hunting: To find and neutralize threats, a SOC must always have experienced cybersecurity analysts on hand. These experts will proactively hunt for latent threats and other security dangers that could be hiding in a company’s network.
Expert analysis: A SOC is only as good as its cybersecurity experts. Ensure the analysts and threat hunters your SOC relies on are true cybersecurity experts, trained to detect suspicious behavior as well as stealthy threats.
Time to resolution: These days, it’s less of an “if’ and more of a “when” a company will face a cyberattack. Discovering a cyberattack quickly and limiting the damage that it does is critical to a company’s survival. Ask how the SOC will respond to and remediate an incident.
SIEM-less log monitoring: Find out if you’re required to deploy a security information and event management system (SIEM) for the SOC to function. Ideally, you want to have a Managed SOC solution that does not require a SIEM — technology that can be very costly and cumbersome to manage.
MITRE ATT&CK alignment: It’s one thing to have a CSF in place but another to be able to leverage the MITRE ATT&CK framework in the event of an attack. Understanding how the MITRE ATT&CK framework can help prevent and mitigate cyberattacks is important for incident response.
Intrusion monitoring: The right SOC will be able to detect suspicious activity in real time, including connections to terrorist nation-states and unauthorized TCP/UDP services, as well as backdoor connections to command-and-control servers.
Transform your security operations with Kaseya’s Managed SOC
Stop advanced threats with Kaseya’s Managed SOC — a world-class MDR solution that offers an innovative, affordable and effective way to power up your security. Our platform is purpose-built for MSPs, with a built-in app store that provides over 35 cybersecurity apps you can put to work immediately.
By partnering with us, you can gain access to an elite team of cybersecurity veterans that will help you hunt for threats and triage them. They will be available 24/7/365 to dive in immediately and work with your team when actionable threats are discovered.
Kaseya’s Managed SOC includes:
- Continuous monitoring: Round-the-clock protection with real-time advanced threat detection.
- Breach detection: Thwart sophisticated and advanced threats that bypass traditional AV and perimeter security solutions.
- Threat hunting: Focus on other pressing matters while an elite cybersecurity team proactively hunts for malicious activities.
- No hardware requirements: Patent-pending, cloud-based technology eliminates the need for costly and complex on-premises hardware
Our SOC analysts investigate each alert, triage the data and produce a ticket to your PSA system accompanied with the remedy details so you can focus on your operations without hiring additional security engineers.
Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>
February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>
February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>
February 23: Kaseya + Datto Connect Local Sydney, Australia REGISTER NOW>>
February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>
March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>
March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>
March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>
March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>
March 16: Kaseya + Datto Connect Local London REGISTER NOW>>
March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>
March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>
March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>
April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!