The Week in Breach News: 06/19/24 – 06/25/24
This week: Take a look at the cyberattack that has crippled thousands of car dealers around the world, a big data leak for Accenture, Datto EDR and Datto AV are lauded in a new Meircom report and a look at using artificial intelligence (AI) to reduce stress on security teams.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
CDK Global
https://www.washingtonpost.com/business/2024/06/21/car-dealers-cyberattack-cdk-global
Exploit: Ransomware
CDK Global: Technology Service Provider
Risk to Business: 1.201 = Extreme
Thousands of car dealers are facing disruptions due to two cyberattacks on CDK Global, an industry software provider. The BlackSuit ransomware group claimed responsibility. The attack led to ongoing outages in sales, financing and payroll systems, forcing some dealers to revert to manual operations. The first attack occurred last Tuesday evening, prompting CDK to shut down systems as a precaution on Wednesday. Although some systems were restored by Wednesday afternoon, a second incident occurred that evening, continuing to affect many dealers by Friday. Experts suggest CDK may have prematurely restored systems without fully resolving the issue, which could take weeks to fix.
How It Could Affect Your Customers’ Business: Bad actors have been increasing the pressure on businesses by hitting key points in the supply chain to create urgency that brings payment.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
The Federal Reserve of the United States
https://hackread.com/lockbit-ransomware-us-federal-reserve-data-ransom/
Exploit: Hacking
The Federal Reserve of the United States: Government Agency
Risk to Business: 1.856 = Severe
The LockBit ransomware group claims that it has stolen 33 TB of data from the U.S. Federal Reserve for ransom. The group says they breached the Federal Reserve Board (Federalreserve.gov). In a statement on its new dark web leak site, LockBit says they have “33 terabytes of juicy banking information” containing “American banking secrets.” The group also infers that they are negotiating with the U.S. government for payment, an unlikely circumstance.
How It Could Affect Your Customers’ Business: The banking and financial services sector is one of the top three sectors for hackers to attack.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Disability Rights Wisconsin (DRW)
Exploit: Hacking
Disability Rights Wisconsin (DRW): Non-Profit
Risk to Business: 1.721 = Severe
The Wisconsin Department of Health Services reported a cyber incident at Disability Rights Wisconsin (DRW) that may have exposed the private health information of nearly 19,150 Medicaid members. The breach was detected through unusual activity on a DRW email account. DRW is notifying affected individuals by mail and offering one year of free credit monitoring along with access to a dedicated call center.
How It Could Affect Your Customers’ Business: It’s critical that every organization conduct regular security awareness training to mitigate its risk of trouble from threats that can lead to a data breach.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Financial Business and Consumer Solutions (FBCS)
Exploit: Hacking
Financial Business and Consumer Solutions (FBCS): Debt Collector
Risk to Business: 1.803 = Severe
Financial Business and Consumer Solutions (FBCS) experienced a data breach affecting approximately 3 million Americans. The breach occurred in February 2024. FBCS says that it notified affected individuals in late April but only filed the result of their investigation until now. The leaked data may include names, addresses, birthdates, Social Security numbers, driver’s licenses, state ID data and medical information.
How It Could Affect Your Customers’ Business: Cybercriminals can make a hefty profit from stolen personal and financial data that facilitates identity theft.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of cyberattacks fast. This checklist helps you find the right one. DOWNLOAD IT>>
Newberg-Dundee School District
Exploit: Ransomware
Newberg-Dundee School District: Government Agency
Risk to Business: 1.312 = Extreme
On June 12, 2024, the Newberg-Dundee School District in Oregon announced via district-wide email a suspected ransomware attack on their computer network. A separate email informed the community that the district’s phones and computer network were down. It was unclear at press time if any data had been stolen.
How it Could Affect Your Customers’ Business: Schools are a top target for ransomware and cybercriminals may expect less security staffing in the off season.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Canada – The Toronto District School Board (TDSB)
https://therecord.media/toronto-school-board-ransomware-attack
Exploit: Hacking
The Toronto District School Board (TDSB): Government Agency
Risk to Business: 1.896 = Severe
Hackers targeted a technology testing environment of the Toronto District School Board (TDSB) to deploy ransomware on the main network. The board discovered unauthorized activity in a system used for testing programs. This environment is separate from official networks. The cybersecurity team promptly secured data and protected critical systems. Due to the ongoing investigation, officials can’t provide more details but will notify victims if personal information was accessed.
How it Could Affect Your Customers’ Business: Every network that an organization maintains needs to be ready for cybercriminal incursions.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Ireland – Accenture
https://www.cyberdaily.au/security/10722-alleged-accenture-it-data-posted-on-breach-forums
Exploit: Hacking
Accenture: Staffing Firm
Risk to Business: 1.866 = Severe
A hacker named 888 recently leaked a file with the contact and personal details of 32,828 individuals, allegedly current and former Accenture employees. The data, including full names and email addresses, was posted on Breach Forums on June 19, 2024. Initially, Accenture denied the breach, later admitting only three people were affected before the full extent of the breach became apparent.
How it Could Affect Your Customers’ Business: Staffing firms can be a goldmine for bad actors because they hold large amounts of personal and financial data gathered from job seekers.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
The Philippines – Jollibee Foods Corp.
https://business.inquirer.net/464875/jollibee-probes-reported-data-breach-in-its-delivery-system
Exploit: Hacking
Jollibee Foods Corp.: Fast Food Chain
Risk to Business: 2.602 = Moderate
Fast-food giant Jollibee Foods Corp. is investigating an alleged data breach in its delivery service system. The company confirmed that its e-commerce platforms were unaffected and are still operational. A threat actor named “Sp1d3r” claims to have obtained the personal data of 32 million Jollibee customers, including names, addresses, phone numbers, email addresses, order histories, service details and sales records.
How it Could Affect Your Customers’ Business: Any organization can be a target of cybercrime, especially ransomware, in today’s volatile threat landscape.
Kaseya to the Rescue: Should you rely on a Managed SOC for MDR or build your own SOC? This whitepaper helps clarify the dollars and cents costs of both options. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Miercom analysts laud Datto EDR and Datto AV efficacy
In today’s digital world, cyberthreats are more sophisticated than ever. See how Datto EDR and Datto AV deliver unmatched cybersecurity performance in the latest efficacy report from Miercom, a global leader in cybersecurity testing. Their experts agree: Datto EDR and Datto AV have raised the standard of protection. Discover how Datto AV and Datto EDR perform against real-world threats in an analysis validated by Miercom, including:
- How Datto EDR and Datto AV offer unparalleled zero-day threat detection.
- How Datto EDR provides robust response mechanisms to protect your business.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Did you read our Midyear Cyber-Risk Report 2024?
Our Midyear Cyber-Risk Report 2024 is full of timely analysis and actionable threat intelligence to help you adjust your defensive strategy to combat today’s most prominent threats. In this year’s report, we’ll reveal:
- Explore AI-enabled cybercrime, supply chain risk and zero-day exploits.
- Look at 2024’s trends through the lens of seven impactful cyberattacks.
- Gain insight into the threats we expect to see in the second half of the year.
- Get tips to mitigate these dangerous threats.
Did you miss… our 10 Tips for Successful Employee Security Awareness Training infographic? DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Are AI & Automation the Key to Reducing Tech Burnout?
In the high-stakes world of cybersecurity, professionals are constantly on the front lines, defending against a relentless barrage of threats. The perpetual state of vigilance, coupled with the critical nature of their work, often leads to a high rate of burnout. A new study shows that UK and US enterprises may be throwing away as much as $756 million each year through lost productivity due to burned-out cybersecurity staff. Understanding the causes of burnout in this field and exploring how automation and AI can alleviate this burden is crucial for the well-being of cybersecurity experts and the overall effectiveness of security operations.
Understanding Burnout in Cybersecurity
As the threat landscape continues to evolve, embracing automation and AI will be crucial in maintaining robust and resilient cybersecurity defenses, ensuring both the security of organizations and the well-being of those who protect them. A study showed that technician burnout leads to an average of 3.4 hours of work lost per month, or 5.1 working days per year to poor mental well-being.
Burnout in cybersecurity is a significant challenge, but the integration of automation and AI offers a promising solution. AI-enabled cybersecurity tools have the power to reduce alert fatigue, automate repetitive tasks, enhance threat detection and support decision-making without input from technicians. That’s a big part of the reason why AI technology can alleviate the crushing weight of the burden on cybersecurity professionals, allowing them to focus on strategic and impactful work. By prioritizing the mental health of cybersecurity teams and leveraging advanced technologies, we can build a more sustainable and effective approach to defending against cyber threats.
What are the factors that contribute to burnout?
Burnout is a state of emotional, physical and mental exhaustion caused by excessive and prolonged stress. In cybersecurity, several factors contribute to burnout:
- Continuous Threat Landscape: Cyber threats are constantly evolving, requiring professionals to stay updated and adapt to new attack vectors continually. The numbers of threats annually recorded has grown by 600% since the pandemic.
- High-Stakes Environment: The implications of a security breach can be devastating, adding immense pressure on cybersecurity teams to perform flawlessly. Three-quarters of technicians in a study said that they have taken time off due to work-related mental well-being problems.
- Long Hours: The nature of cyber threats often necessitates long and unpredictable working hours, disrupting work-life balance. Over 40% of ransomware attacks involve bad actors deploying ransomware on a Friday or Saturday.
- Alert Fatigue: Security analysts frequently deal with an overwhelming number of alerts, many of which turn out to be false positives, leading to frustration and decreased efficiency. International Data Corporation (IDC) data shows that cybersecurity teams may ignore about one-quarter of the alerts they receive – or even more.
The Promise of Automation and AI
Automation and AI have emerged as powerful tools in the fight against cybersecurity burnout. AI is a game-changer for the investigation, response, mitigation and remediation of security incidents like phishing, helping IT professionals work more effectively and economically. In a Microsoft study, 82% of IT professionals said that AI improves their job efficiency. Here’s how they help:
- Reducing Alert Fatigue: AI-driven systems can intelligently filter and prioritize alerts, significantly reducing the number of false positives. By analyzing patterns and learning from past incidents, these systems ensure that only genuine threats reach human analysts, allowing them to focus on what truly matters.
- Automating Repetitive Tasks: Many cybersecurity tasks, such as log analysis, patch management, and threat hunting, are repetitive and time-consuming. Automation tools can handle these tasks efficiently, freeing up professionals to concentrate on more complex and strategic activities.
- Enhanced Threat Detection: AI can analyze vast amounts of data at incredible speeds, identifying anomalies and potential threats that might be missed by human analysts. This proactive approach enhances the overall security posture and reduces the likelihood of successful attacks.
- Continuous Monitoring and Response: Automation enables round-the-clock monitoring and rapid response to incidents. This ensures that threats are addressed promptly, even outside of regular working hours, reducing the burden on cybersecurity teams and improving incident response times.
- Supporting Decision Making: AI can provide valuable insights and recommendations based on data analysis, helping cybersecurity professionals make informed decisions quickly. This support can alleviate the pressure of decision-making in high-stress situations.
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
Smart organizations have successfully integrated automation and AI into their cybersecurity operations. Their investment is paying off. Microsoft says that for every $1 a company invests in AI it realizes an average return of $3.5X within just 14 months. Here are a few ways that AI is being used for cybersecurity.
- SIEM Systems: Security Information and Event Management (SIEM) systems powered by AI can collect, analyze, and correlate data from various sources, providing real-time threat detection and response capabilities.
- SOAR Platforms: Security Orchestration, Automation and Response (SOAR) platforms automate incident response workflows, enabling faster and more efficient handling of security incidents.
- Behavioral Analytics: AI-driven behavioral analytics can identify unusual patterns in network traffic or user behavior, flagging potential insider threats or compromised accounts.
- Phishing Detection: Machine learning algorithms can detect and block phishing attempts by analyzing email content and identifying suspicious patterns.
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Kaseya’s Security Suite Helps Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber-risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Datto AV – Safeguard businesses effortlessly against sophisticated cyber threats including Zero Days and ransomware with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See how our Security Suite can be put to work for you with a personalized demo.
- Book a demo of BullPhish ID, Dark Web ID, RocketCyber Managed SOC andGraphus. BOOK IT>>
- Book a demo of vPenTest BOOK IT>>
- Book a demo of Datto AV and Datto EDR BOOK IT>>
August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!