The Week in Breach News: 08/28/24 – 09/03/24
This week: A breach at USAA exposes data for 32K customers; student data is snatched in Toronto; seven new phishing simulation kits just dropped; and how to mitigate rising insider threat risk.
JAS Worldwide
Exploit: Ransomware
JAS Worldwide: Trucking Company
Atlanta-based JAS Worldwide, a global freight forwarder, confirmed a ransomware attack that caused technical disruptions affecting its operations and customer service. The company has not disclosed the extent of the impact on its customers, but its email system and website remain secure. No ransomware group has claimed responsibility yet.
How It Could Affect Your Customers’ Business: Cyberattacks on critical infrastructure pose a severe threat, potentially disrupting essential services and endangering public safety on a massive scale.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
USAA
https://www.jdsupra.com/legalnews/usaa-data-breach-affects-over-32k-8748195/
Exploit: Misconfiguration
USAA: Insurance
On August 27, 2024, the United Services Automobile Association (USAA) reported a data breach that may impact 32K users. USAA pointed to a system update error that occurred during an update on April 30, 2024, as the culprit. The incident exposed sensitive consumer information to unauthorized users. The compromised data likely includes names, addresses, Social Security numbers and insurance details. USAA has notified affected individuals of the breach.
How It Could Affect Your Customers’ Business: Data stolen from insurers is highly valuable, as it often includes sensitive personal and financial information that can be exploited for identity theft, fraud,
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Dick’s Sporting Goods
Exploit: Hacking
Dick’s Sporting Goods: Retailer
Dick’s Sporting Goods suffered a cyberattack, discovered on August 21, 2024, resulting in the theft of sensitive company data. While the company confirmed that confidential information was accessed, it did not disclose specifics. In response, Dick’s shut down its email systems, locked employees out of their accounts and required IT to manually validate employee identities via cameras before restoring access. The BlackSuit ransomware gang has claimed responsibility.
How It Could Affect Your Customers’ Business: Ransomware can cause major damage by encrypting data and halting operations, potentially leading to significant financial losses and reputational harm.
Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Young Consulting
https://www.securityweek.com/950000-impacted-by-young-consulting-data-breach/
Exploit: Ransomware
Young Consulting: Software Company
Young Consulting, a medical software provider, reported that attackers accessed its network between April 10 and April 13, stealing files containing personal information like names, dates of birth, Social Security numbers and insurance details. The compromised data affects Blue Shield of California and other entities. The company has begun notifying the 954,177 individuals impacted.
How It Could Affect Your Customers’ Business: A HIPAA breach can be incredibly expensive, leading to hefty fines, ballooning legal fees, and spiraling costs for remediation and compliance measures
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Canada – Toronto District School Board
https://therecord.media/toronto-school-district-board-ransomware
Exploit: Hacking
Toronto District School Board: Regional Education Authority
The Toronto District School Board confirmed that a ransomware attack discovered in June involved student data from the 2023/2024 school year. The affected information includes student names, grades and birthdates. Initially thought to only affect a testing environment, the LockBit ransomware gang later claimed responsibility, giving the school system 13 days to pay an undisclosed ransom.
How it Could Affect Your Customers’ Business: The exposure of student data in a school cyberattack puts vulnerable individuals at risk of identity theft, privacy violations, and long-term security threats.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
U.K. – Tracelo
https://hackread.com/tracelo-location-tracker-data-breach-user-records-leak/
Exploit: Hacking
Tracelo: Location Tracking Service
A breach of the smartphone geolocation tracker service Tracelo on September 1, 2024, exposed data from over 1.4 million individuals, including customers and their targets. A hacker using the alias “Satanic” leaked 264 MB of allegedly stolen data, including three CSV files containing personal information such as full names, phone numbers, email addresses and bcrypt password hashes. The breach also revealed details like phone carriers, Google ID numbers and subscription types.
How it Could Affect Your Customers’ Business: When bad actors obtain people’s location data, it poses a serious danger by enabling stalking, targeted attacks and the invasion of personal privacy.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
U.K. – The Big Issue
https://tfn.scot/news/big-issue-apologises-for-personal-data-breach-after-ransomware-attack
Exploit: Ransomware
The Big Issue: Media
The Big Issue, a street newspaper, has apologized for a recent data breach. A ransomware attack in March 2024 led to data exposure for an unspecified number of individuals. The compromised data included personal data like addresses and bank account details. The UK Information Commissioner’s Office and law enforcement have been informed. The group engaged cybersecurity experts to contain the incident and recover systems.
How it Could Affect Your Customers’ Business: Unfortunately, bad actors are happy to attack non-profits too, creating the need for robust security.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Ireland – Fota Wildlife Park
https://www.rte.ie/news/ireland/2024/0830/1467516-fota-cyberattack/
Exploit: Hacking
Fota Wildlife Park: Zoo
Fota Wildlife Park reported a cyberattack and urged customers to cancel credit and debit cards used on its website between May 12 and August 27. Park officials that they recently became aware of illegal activity on the park’s website and that it has taken immediate steps to investigate and identify what information had been accessed in order to carry out containment measures. The park has removed access to user accounts and is working with external cybersecurity experts to investigate and contain the incident.
How it Could Affect Your Customers’ Business: Bad actors often steal credit card data, leading to unauthorized transactions and potential long-term damage to victims’ credit and financial stability.
Kaseya to the Rescue: There is a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
7 New phishing simulation kits just dropped
Just in time for planning your next round of cybersecurity awareness training, these seven fresh phishing simulation kits have been added to the BullPhish ID portal.
- Reddit – Someone just followed you!
- Reddit – Verify your Reddit email address
- Reddit – Your Account Has Been Banned
- DocuSign – Payroll Update
- Monzo Bank – Account Closure Notice
- Monzo Bank – Some Features Have Been Disabled
- Monzo Bank – Update Your Account
Learn more about these kits and other updates to BullPhish ID in the Release Notes. READ IT>>
Level up your company’s IT defense fast with RocketCyber
In our infographic Secure Your Business with RocketCyber’s Leading MDR Solution, you’ll discover how our managed detection and response (MDR) platform, combined with the superior efficacy of Datto AV and Datto EDR, offers IT professionals complete visibility across endpoints, networks and cloud infrastructure, ensuring no threat goes unnoticed. DOWNLOAD IT>>
Did you miss… A Comprehensive Guide to Email-Based Cyberattacks? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
9 Tips for Overcoming Insider Risk Challenges
As cybersecurity threats are often linked to external actors, the growing risk of insider threats is drawing increasing concern. Insider threats are particularly dangerous because they originate from individuals who already have trusted access to critical systems and data, eliminating the need to breach a company’s network. A study by Cybersecurity Insiders highlights this alarming trend, with reported insider attacks rising from 66% to 76% between 2019 and 2024. As organizations confront these challenges, the demand for effective insider threat detection and prevention measures has become more urgent and complex.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Insider threats to data climbed 15% in one year
Data breaches related to insider actions, both malicious and accidental, are growing more frequent. The Verizon Data Breach Investigations Report 2024 showed that internal actors are responsible for 35% of data breaches, a sharp rise from 20% in 2023. This rise can be attributed to a variety of factors including time pressure on employees, complexity of data handling rules and lack of training with no one clear cause. Digging deeper, 73% of insider threats to data they noted could be attributed to human error, with half of those errors classified as Misdelivery.
Top 5 Industries for Data Breaches Caused By Errors 2024
Industry | % of breaches caused by errors |
Healthcare | 22% |
Public Administration | 19% |
Education | 16% |
Finance | 10% |
Professional Services | 8% |
Source: Verizon
Insider threats can easily run under the radar
Insider threats, whether they’re caused by a malicious employee or someone’s careless action, are fiendishly difficult to sniff out. These factors complicate the picture for businesses.
Challenges in discovering insider attacks
Detecting insider attacks is a problem for the vast majority of businesses. In a 2024 survey, 90% of respondents said that detecting insider attacks is just as challenging, if not more so, than external ones. While 16% of organizations feel they’re doing a good job handling insider threats (an improvement from 11% in 2019), there’s still plenty of room to grow in terms of effective threat management.
Detection and dwell time
The time it takes to detect and contain an insider threat is a critical factor in the overall impact. On average, it takes 86 days to identify and address an insider threat incident, and only 13% of these incidents are resolved within 31 days. The longer the detection period, the higher the costs, with incidents taking over 91 days to detect costing organizations around $18.33 million annually.
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
The cost of insider threats is high
A cybersecurity incident caused by an insider is no less expensive or dangerous than a cyberattack. This is especially evident when you follow the money. The financial impact of insider threats has surged dramatically. Between 2018 and 2023, the average cost of an insider threat incident nearly doubled, with North American organizations experiencing an average cost increase from $11.1 million to $19.09 million. This cost includes direct expenses such as mitigation and remediation, as well as indirect costs like lost opportunities and reputational damage.
While still a small subgroup of insider threats, malicious insider actions are often the most shocking and damaging insider threats. A malicious insider incident is financially painful for a company. Malicious insiders accounted for an average of 6.2 incidents at an average cost per incident of $701,500. But that’s not the only cost involved when a malicious insider threat comes to light. The shockwave that a malicious insider incident can send through a company’s ecosystem resonates negatively with employees, management, customers and business partners.
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
9 Essential tips for mitigating insider risk
Even though it is clear that insider threats should be a major concern for businesses, only 41% of organizations have even partially implemented insider threat programs, and just 29% feel they have the right tools to protect against these threats. This indicates a significant gap in many organizations’ security measures. Here are some essential tips for mitigating these risks and safeguarding your organization from potential insider breaches.
1. Implement a Comprehensive Insider Threat Program
Developing a robust insider threat program is the first step toward mitigating risk. This program should include policies and procedures for monitoring, detecting and responding to insider threats. Regularly update and review these policies to ensure they address current risks and are aligned with industry best practices. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), 90% of cybersecurity professionals believe their organizations are vulnerable to insider threats.
2. Conduct Regular Employee Training
Education is a critical component of insider threat mitigation. Regularly train employees on cybersecurity best practices, the importance of data protection and how to recognize suspicious behavior. Awareness programs can significantly reduce the risk of accidental insider threats by ensuring that all staff understand the potential consequences of their actions. Training ensures that everyone knows they play a vital role in maintaining security. 89% of respondents in a SANS Institute survey identified social engineering attacks as their primary, human-related concern.
3. Enforce Least Privilege Access Controls
Limit access to sensitive data and systems based on the principle of least privilege. Employees should only have access to the information and resources necessary for their roles. Regularly review and update access controls to ensure that permissions are appropriate and that former employees or contractors no longer have access.
4. Deploy Advanced Monitoring and Detection Tools
Utilize advanced monitoring tools to detect and respond to insider threats in real-time. These tools can identify unusual behavior patterns, such as unauthorized access attempts or data transfers, which may indicate an insider threat. Incorporating User and Entity Behavior Analytics (UEBA) commonly found in Endpoint Detection and Response (EDR) solutions can help in recognizing anomalies that deviate from normal user behavior.
5. Encourage a Culture of Transparency and Reporting
Fostering a culture of transparency and open communication can help in early identification of potential insider threats. Encourage employees to report any suspicious activities or concerns without fear of retribution. Creating an environment where employees feel safe to report mistakes or suspicious behavior can lead to early detection and prevention of insider incidents.
6. Regularly Review and Update Incident Response Plans
Your incident response plan should be regularly reviewed and updated to ensure it is effective against insider threats. This plan should outline clear procedures for responding to and mitigating the impact of an insider breach. Conduct regular drills and simulations to test your response plan and identify areas for improvement.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
7. Utilize Data Loss Prevention (DLP) Solutions
Implement Data Loss Prevention (DLP) tools to monitor and control data transfers across the organization. DLP solutions can help prevent the unauthorized sharing of sensitive information by monitoring email, cloud services and file transfers. By enforcing policies on data handling, these tools can prevent accidental or intentional data leaks.
8. Conduct Regular Background Checks and Monitor High-Risk Employees
Regular background checks can help identify potential insider threats before they become a risk. For employees in sensitive positions, consider ongoing monitoring for signs of financial stress, disgruntlement or other behaviors that may indicate an increased risk of malicious activity. The number one motiovator for malicious insiders is money.
9. Adopt a Zero Trust Security Model
A Zero Trust approach assumes that threats could come from both outside and within the organization. By enforcing strict verification of all users and devices, regardless of their location or level of access, you can reduce the risk of insider threats. This approach limits the ability of insiders to move laterally within the network, minimizing the potential impact of a breach.
As insider threats become more prevalent and sophisticated, organizations must take proactive measures to mitigate these risks. By implementing comprehensive security strategies, fostering a culture of awareness and utilizing advanced monitoring tools, businesses can better protect themselves against the growing threat of insider attacks. CISA also offers a wide variety of tools to support insider threat mitigation efforts. Staying vigilant and continuously updating your security posture is essential in safeguarding your organization’s critical assets.
ID Agent and RocketCyber Help Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages.
RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Learn more about our security products, or better yet, take the next step and book a demo today!
September 12: Kaseya+Datto Connect Local Milton Keynes, UK REGISTER NOW>>
September 17: Kaseya+Datto Connect Local Los Angeles REGISTER NOW>>
September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>
October 17: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!