The Week in Breach News: 06/26/24 – 07/02/24
This week: The Snowflake fallout continues to land on companies; 1 million users have their data exposed in a hospital data breach; we explore the adoption of artificial intelligence (AI) in cybercrime; and Meircom’s analysis of Datto AV and Datto EDR is in.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Evolve Bank & Trust
https://www.securityweek.com/evolve-bank-data-leaked-after-lockbits-federal-reserve-hack/
Exploit: Hacking
Evolve Bank & Trust: Bank
Risk to Business: 1.801 = Severe
After claiming to have breached the Federal Reserve last week, which experts doubt, LockBit has published 33 TB of data on its dark web leak site. This data appears to have originated from Evolve Bank & Trust. On Wednesday, Evolve Bank & Trust informed its retail customers and financial technology partners that it is investigating a potential personal information breach. The bank had recently faced an enforcement action by the Federal Reserve over its anti-money laundering, risk management, and consumer compliance programs, which may have led the gang to believe they had breached the agency when obtaining this data.
How It Could Affect Your Customers’ Business: Bad actors are finding creative ways to strike organizations like backdoors and supply chain attacks.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Neiman Marcus
https://therecord.media/neiman-marcus-snowflake-breach-thousands
Exploit: Third-Party Cyberattack
Neiman Marcus: Retailer
Risk to Business: 2.856 = Moderate
Famed luxury department store chain Neiman Marcus has disclosed that it has had a data breach related to the recent troubles at cloud data platform Snowflake. The venerable retailer said that the dark web exposure of sensitive data about more than 64,000 people was traced back to the company’s account. In a regulatory filing, Neiman Marcus said that the attackers had snatched customers’ names, contact information, dates of birth and Neiman Marcus/Bergdorf Goodman gift card numbers. In a post that has since been removed from a notorious dark web forum, up-and-coming threat actor Sp1d3r claimed to have been behind the theft and offered the data for $150,000.
How It Could Affect Your Customers’ Business: When service providers have cybersecurity trouble, it can have a devastating ripple effect on their customers.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Geisinger Health
Exploit: Third-Party Data Breach
Geisinger Health: Healthcare Provider
Risk to Business: 1.721 = Severe
Geisinger Health, a Pennsylvania-based healthcare provider, has disclosed a data breach affecting approximately 1M people. The breach occurred on November 29, 2023, when a former employee of Nuance Communications, a technology services vendor, accessed patient information two days after being terminated. Nuance quickly shut down the employee’s accounts and launched an investigation, revealing that personal details such as birth dates, addresses, medical record numbers, and contact information were accessed. Geisinger was quick to reassure the public that no claims, insurance details, financial information or Social Security numbers were compromised.
How It Could Affect Your Customers’ Business: Employees are one of the biggest security threats that a company has to manage, and mitigating insider risk must be a priority.
Kaseya to the Rescue: In our Guide to Reducing Insider Risk you’ll find the information that you need to take a deep dive into the problem of insider risk and explore ways to combat it. GET THE GUIDE>>
Mass General Brigham
Exploit: Hacking
Mass General Brigham: Healthcare Provider
Risk to Business: 1.303 = Extreme
.Mass General Brigham announced a data breach caused by two malicious insiders, potentially exposing patients’ personal information. The health system discovered the issue on April 4, 2024. The breach, involving unauthorized access for an unauthorized person that was facilitated by two now former employees, occurred between February 26, 2023, and April 2, 2024. Hospital officials say that patients’ names, addresses, medical record numbers, birthdates, email addresses, phone numbers, health insurance policy numbers, and clinical records, including visit details and diagnoses, may have been exposed in this incident. The employees involved have been fired.
How It Could Affect Your Customers’ Business: Insider risks can plague any business, from malicious employees to genuine employee errors, with potentially disastrous results.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
UK – Cambridge University Press & Assessment
Exploit: Ransomware
Cambridge University Press & Assessment: Publisher
Risk to Business: 2.312 = Moderate
The INC ransomware group claims to have deployed ransomware in the network of Cambridge University Press & Assessment. On June 24, 2024, the group published stolen documents on their disclosure blog as proof of the intrusion. Cambridge University Press & Assessment has not released an official statement regarding the incident. Founded in 1534, Cambridge University Press is the world’s oldest publishing house.
How it Could Affect Your Customers’ Business: A ransomware attack is a possibility that every organization must face and be ready for.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Germany – TeamViewer
Exploit: Hacking (APT)
TeamViewer: Software Company
Risk to Business: 1.896 = Severe
TeamViewer, the German remote management software company, announced a recent hacking incident by the Russia-linked APT group Midnight Blizzard. On June 26, 2024, TeamViewer’s security team detected an irregularity in its internal corporate IT environment. The company reassured clients that this environment is entirely separate from the product environment, and there is no evidence that customer data or the product environment was affected.
How it Could Affect Your Customers’ Business: Every network that an organization maintains needs to be ready for cybercriminal incursions.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Japan – Kadokawa Group
https://kotaku.com/fromsoftware-ransomware-hack-elden-ring-bloodborne-2-1851564840
Exploit: Hacking
Kadokawa Group: Entertainment Company
Risk to Business: 1.866 = Severe
Kadokawa Group, a Japanese publishing house and entertainment company, has announced that it experienced a data breach. The conglomerate is the parent company of FromSoftware, the makers of the popular videogame Elden Ring, and video sharing platform Niconico, which experienced a data breach on June 8. A significant cyberattack, including ransomware, targeted Niconico and other services. The company stated that no credit card information is stored in its systems and has not disclosed whether any data was stolen. Kadokawa Group plans to provide an update on the incident in late July.
How it Could Affect Your Customers’ Business: A quick and organized response in case of trouble depends on a company having a formal, tested incident response plan.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Indonesia – National Data Center/Pusat Data Nasional (PDN)
https://www.theregister.com/2024/06/24/indonesia_datacenter_ransomware/
Exploit: Ransomware
National Data Center/Pusat Data Nasional (PDN): Government Agency
Risk to Business: 1.412 = Extreme
The Indonesian government has confirmed that its National Data Center (PDN), operated by the Ministry of Communication and Information Technology, was hit by ransomware on June 20. The identity of the attacker appears to be LockBit, although that is unconfirmed. The attack disrupted services for at least 210 institutions, including immigration services, impacting visa, passport, and residence permit processing. The attackers demanded a ransom of $8 million.
How it Could Affect Your Customers’ Business: Any government resource can be a target of cybercrime, especially ransomware, in today’s volatile threat landscape.
Kaseya to the Rescue: Should you rely on a Managed SOC for MDR or build your own SOC? This whitepaper helps clarify the dollars and cents costs of both options. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Don’t miss our upcoming Product Innovation webinars!
We’ve got a galaxy of exciting innovations and new automations in store for you, and we can’t wait to tell you all about them! Join us for our upcoming product update webinars to be among the first to know what’s cooking.
- ID Agent & Graphus Product Innovation Update: Join us on July 16, 2024, at 11 AM ET/4 PM GMT to see what today’s innovations and the road ahead look like for BullPhish ID, Dark Web ID, Passly and Graphus. REGISTER NOW>>
- RocketCyber, Datto AV & Datto EDR Product Innovation Update: Grab your spot early, this will be crowded. Join us on September 10, 2024, at 10 AM ET/3 PM GMT to take a look at the innovations to expect from Datto EDR, Datto AV and RocketCyber Managed SOC. REGISTER NOW>>
- Take a look at our schedule of upcoming Product Innovation Update webinars for other Kaseya solutions. SEE THE SCHEDULE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Download Raising the Bar on Security With Datto EDR and AV
With cybercrime rates skyrocketing, every business is at risk of costly cyberattacks. That’s why they need top-notch protection. Datto EDR and Datto AV have been designated Miercom Certified Secure, providing exceptional detection and response against zero-day attacks, malware and other threats. Check out the Miercom study results in our infographic to see their effectiveness. DOWNLOAD IT>>
Did you miss… our Midyear Cyber-Risk Report 2024? DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
The Dark Side of AI and Automation in Cybercrime
Just as AI and automation have revolutionized cybersecurity defenses, they have also been adopted by cybercriminals to enhance their attacks. Bad actors are leveraging these advanced technologies to conduct more sophisticated, efficient and damaging cybercrimes, including cyberattacks, phishing, ransomware and credential theft. In a survey by the International Information System Security Certification Consortium (ISC2), an estimated 80% of IT professionals said that they believe that their organization has already encountered email-based cyberattacks generated by AI. Understanding how these technologies are being misused is crucial for developing effective countermeasures.
AI has transformed cybersecurity
The AI revolution has made it easier for IT professionals to mount a strong defense with tools like AI-enhanced email security, antivirus and automated penetration testing. However, AI has also made it easier for bad actors to do their dirty work. Over the last year, the speed, scale and sophistication of attacks has increased thanks to the rapid adoption of AI by cybercriminals.
What are bad actors using AI for?
| To help hackers craft phishing messages | 53% |
| To help less experienced hackers improve their skills | 49% |
| To spread disinformation/misinformation | 49% |
| To create new malware | 48% |
| To increase the sophistication of attacks | 46% |
Source: Statista
Examples of AI-Powered Cyberattacks
Bad actors can leverage AI and automation technology to accomplish many of their goals. This has led them to deliver cyberattacks faster than ever before, especially phishing. These are just some of teh ways that cybercriminals can benefit from AI and automation.
New frontiers
How can AI power up rapidly evolving threats?
Advanced Persistent Threats (APTs)
- Automated Reconnaissance: AI can automate the process of gathering information about targets, identifying vulnerabilities, and mapping network infrastructures with remarkable speed and accuracy.
- Adaptive Attacks: AI-driven malware can adapt its behavior to evade detection by traditional security measures, such as changing its code structure or communication patterns in real time.
Exploits
- Vulnerability Scanning: AI tools can rapidly scan networks and systems for vulnerabilities, identifying potential entry points for exploitation.
- Exploitation Kits: These kits can use AI to automatically exploit identified vulnerabilities, spreading malware or gaining unauthorized access without manual intervention.
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Phishing & Social Engineering
How can AI power up phishing attacks?
Spear phishing
- Personalized Attacks: AI can analyze social media profiles, emails, and other data sources to craft highly personalized phishing messages that are more likely to deceive targets. In a study by the Institute of Electrical and Electronics Engineers (IEEE),60% of participants fell victim to artificial intelligence (AI)-automated phishing.
- Natural Language Processing (NLP): AI-driven NLP enables the creation of convincing and grammatically correct phishing emails that mimic legitimate communications from trusted sources.
Voice phishing (Vishing)
- Deepfake Technology: AI-generated deepfake audio can mimic the voices of trusted individuals, tricking victims into revealing sensitive information or authorizing transactions. In 2023, there was a tenfold increase in cybercrimes such as identity theft driven by deepfakes.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Ransomware
How can AI power up ransomware and malware attacks?
Automated Delivery
- Self-Propagation: AI-powered ransomware can autonomously spread through networks, exploiting vulnerabilities and encrypting data without manual intervention.
- Polymorphic Malware: This type of malware can continuously change its code to avoid detection by antivirus software, making it more difficult to identify and neutralize.
Dynamic Ransom Demands
- Tailored Ransom Amounts: AI can analyze a victim’s financial information to determine an optimal ransom amount, increasing the likelihood of payment.
- Negotiation Bots: Automated negotiation bots can handle ransom communications, making the process more efficient for cybercriminals.
Credential Theft
How can AI power up credential Theft schemes?
Credential Stuffing:
- Automated Attacks: AI can automate the process of credential stuffing, using large databases of stolen usernames and passwords to gain unauthorized access to multiple accounts across different platforms.
- Real-Time Adaptation: AI can adjust attack parameters in real-time based on the success rates, optimizing the attack strategy for maximum effectiveness.
Password Cracking:
- Machine Learning Algorithms: AI-driven machine learning algorithms can significantly speed up the process of cracking passwords by identifying common patterns and predicting likely combinations.
- Phishing Assistance: AI can enhance phishing attacks by automatically generating fake login pages that mimic legitimate sites, tricking users into entering their credentials.
The misuse of AI by bad actors must be countered by AI defensive tools
The misuse of AI and automation by cybercriminals represents a significant evolution in the threat landscape. As these technologies continue to advance, so too will the tactics employed by bad actors. By understanding the methods and strategies used in AI-driven cybercrime, organizations can better prepare and defend against these sophisticated threats. According to a Forrester report, 80% of cybersecurity decision-makers expect AI to increase the scale and speed of attacks and 66% expected AI “to conduct attacks that no human could conceive of.”
Sometimes the only way to fight fire is with fire. Defenders need AI-enabled tools to contend with the rising tide of cyberattacks they face every day. The ongoing development and implementation of AI-driven defense mechanisms, coupled with a proactive approach to cybersecurity, are essential in the fight against this new wave of cybercrime.
Kaseya’s Security Suite Helps Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber-risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — This automated anti-phishing solution uses AI and a patented algorithm to catch and quarantine dangerous messages. It learns from every organization’s unique communication patterns to continuously tailor protection without human intervention. Best of all, it deploys in minutes to defend businesses from phishing and email-based cyberattacks including Zero-Day, AI-created and novel threats.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Datto AV – Safeguard businesses effortlessly against sophisticated cyber threats including Zero Days and ransomware with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See how our Security Suite can be put to work for you with a personalized demo.
- Book a demo of BullPhish ID, Dark Web ID, RocketCyber Managed SOC and Graphus. BOOK IT>>
- Book a demo of vPenTest BOOK IT>>
- Book a demo of Datto AV and Datto EDR BOOK IT>>
Top Secrets of MDR Revealed
July 18, 2024 | 1 PM ET / 10 AM PT
Join us as we demystify Managed Detection and Response (MDR) We’ll reveal why it’s a must-have solution to your defense-in-depth security architecture.
- An insider’s view of how a world-class MDR service operates, from threat detection to incident response.
- Common misconceptions about MDR, including what it can and can’t do.
- Key factors to consider when selecting an MDR provider.
- The differences between MDR and managed Endpoint Detection and Response (EDR) and why these distinctions matter for your security posture.
This is a must-see webinar! REGISTER NOW>>
July 11: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>
July 16: Kaseya+Datto Connect Local Calgary REGISTER NOW>>
July 23: Discover Your Prospecting Secret Weapon REGISTER NOW>>
August 6: Kaseya+Datto Connect Local Atlanta REGISTER NOW>>
August 8: Kaseya+Datto Connect Local Perth (Australia) REGISTER NOW>>
August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>
August 22: Kaseya+Datto Local Symposium Long Branch REGISTER NOW>>
August 28: Kaseya+Datto Connect Local New York REGISTER NOW>>
September 19: Kaseya+Datto Connect Local the Netherlands REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!