The Week in Breach News: 02/21/24 – 02/27/24
This week: An insider snatches 79k email addresses from a UK council, Royal Canadian Mounted Police (RCMP) gets caught up in cyber trouble, fresh phishing kits and the top findings of network penetration tests.
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Change Healthcare
https://thecyberexpress.com/cyberattack-on-change-healthcare/
Exploit: Hacking
Change Healthcare: Healthcare Technology Provider
Risk to Business: 1.771 = Severe
Change Healthcare is admitting that it has experienced a successful cyberattack that has caused widespread disruptions to healthcare services and prescription processing across the U.S. The healthcare technology company is part of Optum and owned by UnitedHealth Group. The trouble began on February 21, when bad actors were able to exploit the ConnectWise vulnerability. More than 100 Change Healthcare applications across pharmacy, medical record, clinical, dental, patient engagement, and payment services are affected. Some reports are pointing to a state-sponsored threat actor as the culprit.
How It Could Affect Your Customers’ Business: Software vulnerabilities are a fact of life and unfortunately a hazard that companies have to navigate carefully
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Quik Pawn Shop
https://thecyberexpress.com/quik-pawn-shop-cyberattack/#google_vignette
Exploit: Ransomware
Quik Pawn Shop: Liquidator
Risk to Business: 2.691 = Moderate
The Akira ransomware gang has claimed a hit on Alabama-based pawn shop chain Quik Pawn Shop. The attack occurred on February 22. Akira said that they snatched 140 GB of files along with a database full of customer information. Stolen customer information includes millions of records containing sensitive details such as dates of birth, addresses, Social Security numbers and financial transaction histories. The incident is under investigation.
How It Could Affect Your Customers’ Business: Data from a pawn shop can contain sensitive details that could be used in blackmail operations.
Kaseya to the Rescue: Ransomware is often an email-based cyberattack. Our 5-Minute Guide to Phishing Attacks and Prevention offers a quick guide to stopping phishing. DOWNLOAD IT>>
Medical Management Resource Group (MMRG)
https://www.bankinfosecurity.com/hack-at-services-firm-hits-24-million-eye-doctor-patients-a-24418
Exploit: Hacking
Medical Management Resource Group (MMRG): Professional Services Company
Risk to Business: 1.643 = Severe
An Arizona-based healthcare services firm is in the process of notifying nearly 2.4 million patients that their data may have been compromised in a November 2023 hacking incident. The incident involved data held by American Vision Partners, a brand of Medical Management Resource Group (MMRG) that services ophthalmology practices. The company said that it detected unauthorized activity on certain parts of its network in November 2023 and later determined that hackers had stolen sensitive data. The compromised information varies among patients but may include names, contact information, birthdates and medical information including services received, clinical records and medications. For some individuals, the hack also affected Social Security numbers and insurance information.
How It Could Affect Your Customers’ Business: Business services companies can be juicy targets for cybercriminals because of the large amount of data they handle.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Royal Canadian Mounted Police (RCMP)
Exploit: Hacking
Royal Canadian Mounted Police (RCMP): Law Enforcement Agency
Risk to Business: 1.462 = Extreme
The Royal Canadian Mounted Police (RCMP) has disclosed that a recent website outage was due to a cyber attack. The RCMP site was down as of early morning on February 26. Officials were quick to assure the public that RCMP is still operating normally and there is no impact on public safety. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach.
How It Could Affect Your Customers’ Business: Critical infrastructure has been under increasing pressure and that includes law enforcement agencies as well.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
UK – Stratford-on-Avon District Council
https://www.infosecurity-magazine.com/news/insider-steals-80000-emails/
Exploit: Insider Threat
Warwick District Council: Regional Government Agency
Risk to Business: 2.702 = Moderate
A former council worker has admitted to making off with tens of thousands of residents’ emails from a Stratford-on-Avon District Council database in order to promote a business. The breach occurred in November 2023 when 79,000 email addresses were copied from a garden waste collection database. A Warwick District Council database was also nabbed. Officials say that the databases only contained email addresses. No bank details, names or addresses were exposed. The former employee has been cautioned by the police.
How it Could Affect Your Customers’ Business: Many employees take information with them when they go including customer data and proprietary information.
Kaseya to the Rescue: In The Guide to Insider Risk, we show you exactly how employees can do damage and how to mitigate the threat they present. DOWNLOAD IT>>
Switzerland – Das Team Ag
https://thecyberexpress.com/das-team-ag-cyberattack/#google_vignette
Exploit: Ransomware
Das Team Ag: Job Placement Agency
Risk to Business: 1.836 = Severe
Major recruiter Das Team Ag has become a victim of the notorious Black Basta ransomware outfit. The company, which boasts 25 branches across Switzerland and the Principality of Liechtenstein, admitted that they have fallen victim to a ransomware attack after they appeared on Black Basta’s dark web leak site. The group did not post any evidence to back up its claim, nor did Das Team Ag specify what types of data have been stolen.
How it Could Affect Your Customers’ Business: Ransomware has been a menace to the business and professional services industry as well as other players in the business supply chain.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Germany – PSI Software
https://www.cybersecuritydive.com/news/psi-software-ransomware/707940/
Exploit: Ransomware
PSI Software: Logistics Software Company
Risk to Business: 1.566 = Extreme
German critical infrastructure software and logistics platforms vendor PSI Software has been knocked out by a ransomware attack. The company, providers of software used to provision critical infrastructure, was forced to shut down all external connections and systems last week. The problem was first revealed unusual activity was spotted on PSI’s network on February 15. PSI said that it doesn’t see evidence that customer sites were hacked, and bad actors did not gain access to remote connections for the maintenance of customer systems.
How it Could Affect Your Customers’ Business: Bad actors are leveraging the relationships between companies to conduct sophisticated cyberattacks.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Australia – Tangerine
Exploit: Third-Party Risk
Tangerine: Telecom
Risk to Business: 1.802 = Severe
Officials at Tangerine say that the compromise of a contractor’s credentials is to blame for a cyberattack that has resulted in a data breach. The incident came to light last Tuesday. Approximately 232,000 customers have been affected. Exposed customer data includes names, birthdates, mobile numbers, email addresses, postal addresses and Tangerine account numbers. The telecom said that no credit or debit card numbers, driver’s license numbers, ID documentation details, banking details or passwords have been exposed as a result of this incident.
How it Could Affect Your Customers’ Business: Third-party and supply chain risks are becoming an ever more complex web of threats for businesses.
Kaseya to the Rescue: Get tips for mitigating risk created by business relationships in our eBook The Comprehensive Guide to Third-Party and Supply Chain Risk. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Three updated phishing kits are available now!
Cybercriminals update their schemes all the time. So, it’s time for you to update your phishing simulations. These three popular phishing kits have been updated and are ready for your next round of training.
- Norton – Free Offer
- Xfinity – You’re Receiving a Credit
- World Health Organizations – Safety Measures
Learn more about these new phishing simulation kits LEARN MORE>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
New: “The Educator’s Handbook to Network Pen Testing”
Download our guide now to gain insights into proactive defense strategies like network penetration testing. Arm yourself with the knowledge needed to guard K-12 educational institutions against cyber threats! This eBook is designed to demystify the penetration testing process for a non-technical audience. It is ideal for sharing with educators, faculty and administrators of schools and school districts.
Download The Educator’s Handbook to Network Pen Testing GET THE GUIDE>>
Did you miss… The Guide to Reducing Insider Risk? DOWNLOAD IT>>
You’ll Be Shocked at Some of the Security Gaps Pen Tests Uncover!
Cyber threats are evolving and growing faster than ever before. That means defenders need every advantage they can get to stay one step ahead of the bad guys. Network penetration testing, or pen testing, is an IT professional’s secret weapon for preventing cyber trouble. Pen testing, sometimes referred to as ethical hacking, is a systematic process of evaluating the security of a computer system, network or web application by simulating real-world attacks. In a pen test, authorized security professionals, known as penetration testers, attempt to locate and exploit vulnerabilities in an organization’s infrastructure, just as a malicious attacker would. The goal is to identify weaknesses before they can be exploited by cybercriminals – and you’ll be surprised at some of things a pen test turns up.
Excerpted in part from The Network Penetration Testing Buyer’s Guide DOWNLOAD IT>>
Why should businesses engage in penetration testing?
Some companies may think that because they already do vulnerability scanning, they don’t need to do pen testing. But that’s not the case. Pen testing and vulnerability scanning are not the same thing. Vulnerability scanning is an automated process that scans systems and networks for known vulnerabilities, providing a broad overview of security weaknesses. But it doesn’t assess the exploitability or impact of these findings in a real-world context. In contrast, pen testing is an in-depth, hands-on approach that simulates real-world attacks to identify and exploit security vulnerabilities in systems, applications and networks, aiming to understand the potential impact of an attack on an organization’s resources. Here are some of the reasons why pen testing is essential
- Identifying Vulnerabilities: Penetration testing helps businesses identify vulnerabilities in their systems, networks, and applications that could be exploited by cyber attackers. By uncovering these weaknesses proactively, organizations can take remedial actions to strengthen their security posture.
- Protecting Sensitive Data: Businesses handle vast amounts of sensitive data, including customer information, financial records, and intellectual property. Penetration testing helps identify vulnerabilities that could lead to data breaches, protecting sensitive information from falling into the wrong hands.
- Maintaining Regulatory Compliance: Many industries are subject to regulatory requirements regarding data security and privacy. Penetration testing is often a mandatory component of compliance frameworks such as PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act). Engaging in regular penetration testing ensures businesses meet these compliance obligations.
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
- Preventing financial losses: Cybersecurity incidents can result in significant financial losses for businesses, including costs associated with data breach remediation, regulatory fines, legal fees, and reputational damage. Penetration testing helps mitigate these risks by identifying and addressing vulnerabilities before they are exploited by malicious actors.
- Enhancing customer trust: In today’s digital age, customer trust is paramount. A data breach or security incident can erode trust and damage a business’s reputation irreparably. By demonstrating a commitment to cybersecurity through regular penetration testing, businesses can instill confidence in their customers and stakeholders.
- Improving incident response preparedness: Penetration testing provides valuable insights into an organization’s incident response capabilities. By simulating real-world attack scenarios, businesses can evaluate their ability to detect, respond to, and mitigate security incidents effectively, thereby enhancing their overall cyber resilience.
- Staying ahead of emerging threats: Cyber threats are constantly evolving, with attackers employing sophisticated tactics and techniques to breach defenses. Regular penetration testing allows businesses to stay ahead of emerging threats by identifying and addressing vulnerabilities before they can be exploited.
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
What are the most common types of pen test findings?
A pen test will reveal what attackers can actually do on a company’s network once access has been obtained. This is incredibly valuable information. Penetration testing can reveal a wide range of security vulnerabilities and issues, and the findings can vary depending on the specific system, network or application being tested. However, some common penetration test findings include:
Weak or Default Passwords: Penetration testers often discover weak, default or easily guessable passwords for user accounts, administrative access, or critical systems.
Unpatched Software: Outdated and unpatched software can lead to known vulnerabilities that attackers can exploit. Sometimes, those missed patches can translate into zero day attacks. This finding includes missing security patches and updates.
Misconfigured Security Settings: Improperly configured security settings, such as overly permissive access controls, misconfigured firewalls or unnecessary open ports, can provide opportunities for attackers.
Lack of Encryption: Failure to implement encryption for sensitive data in transit or at rest can expose data to eavesdropping or theft.
Inadequate Access Control: Weak access controls may allow unauthorized users to gain access to sensitive systems or data. This includes issues like missing or poorly configured authentication mechanisms.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
SQL Injection: Penetration testers often discover SQL injection vulnerabilities, which can allow attackers to manipulate a database by injecting malicious SQL queries.
Cross-Site Scripting (XSS): XSS vulnerabilities can enable attackers to inject malicious scripts into web applications, potentially compromising the data or sessions of other users.
Cross-Site Request Forgery (CSRF): CSRF vulnerabilities can trick users into performing actions without their consent or knowledge, often leading to unauthorized actions in web applications.
File Inclusion Vulnerabilities: These vulnerabilities can allow attackers to include malicious files or scripts on a server, leading to remote code execution.
Buffer Overflow Vulnerabilities: Buffer overflow issues can enable attackers to overwrite memory locations and potentially execute arbitrary code on a system.
Missing Security Headers: Failure to implement security headers, such as Content Security Policy (CSP) or HTTP security headers, can leave web applications vulnerable to various attacks.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Information Disclosure: This can include the exposure of sensitive information like system details, error messages or internal network configurations, which can aid attackers.
Insecure File Uploads: If a system allows file uploads without proper validation and security controls, it can lead to potential code execution or other attacks.
Security Misconfigurations: Misconfigured security settings can lead to vulnerabilities, including directory listings, unintended information disclosure, or insecure application logic.
Social Engineering Weaknesses: Penetration tests may uncover social engineering vulnerabilities, such as employees susceptible to phishing attacks or inadequate security awareness training.
Business Logic Flaws: Security tests may reveal issues in the underlying logic of an application, which may not be technical vulnerabilities but could pose risks to the business.
Third-Party Vulnerabilities: Dependencies on third-party libraries, frameworks, or services may introduce vulnerabilities that can be exploited.
Kaseya’s robust and affordable Security Suite includes must-haves like pen testing
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Practical Tips for Raising Cyber Resilience With Phishing Simulations
Wednesday, March 6 |1 PM EST / 10 AM PST
You won’t want to miss getting actionable advice on running an effective and easy-to-manage phishing simulation and security awareness training program from an expert! Phishing defense advisor Brian Doty will share his expertise including:
- Tips for setting up and running your phishing simulations for maximum effectiveness.
- How to use campaign reports to track progress and identify vulnerable users.
- Ways to reduce cyber risk with follow-up training for high-risk users and new hire training.
March 7: Kaseya + Datto Connect Local Symposium NJ REGISTER NOW>>
March 12: Kaseya+Datto Connect Local Security & Compliance Series Toronto REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!