The Week in Breach News: 09/11/24 – 09/17/24
This week: Up-and-coming ransomware groups score big hits; T. Rowe Price and 4 other major players face supply chain trouble; a tale of victory over a cyberattack with RocketCyber; and a deep dive into the surge of ransomware threats hitting U.S. schools.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
Kemper Sports Management
https://www.securityweek.com/data-breach-at-golf-course-management-firm-kempersports-impacts-62000/
Exploit: Hacking
Kemper Sports Management: Hospitality
Kemper Sports Management, a golf course management and hospitality company, has disclosed a data breach affecting the personal information of over 62,000 individuals. The breach involved unauthorized access to systems containing names and Social Security numbers, which was discovered in April 2024. The breach primarily impacted current and former employees. Affected individuals will receive one year of complimentary credit monitoring and identity restoration services.
How It Could Affect Your Customers’ Business: Employee data is just as valuable and just as endangered as customer data, necessitating strong protection.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
T. Rowe Price
Exploit: Supply Chain Attack
T. Rowe Price: Financial Services
A data breach at Infosys McCamish Systems affected over 6 million customers of T. Rowe Price Retirement Plan Services and New York Life Group Benefits Solutions. The Infosys McCamish Systems breach also impacted Principal Life, Prudential and Oceanview Life. The incident resulted in bad actors gaining access to consumers’ sensitive information. T. Rowe Price has notified affected individuals. The Infosys McCamish Systems breach has so far impacted at least five companies.
How It Could Affect Your Customers’ Business: A data breach can impact a company’s reputation and make consumers hesitant to do business with that company again.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Slim CD
https://therecord.media/payment-processing-company-data-breach-slim-cd
Exploit: Hacking
Slim CD: Business Services
Slim CD, a provider of electronic payment processing software, reported that nearly 1.7 million credit card records were exposed to an unauthorized actor in mid-June. The compromised data included names, addresses, credit card numbers and expiration dates. An investigation revealed the intruder accessed systems as early as August 2023, with the breach occurring on June 14, 2024, and lasting about a day. Slim CD has notified law enforcement, engaged a security specialist, and reviewed its policies to prevent future incidents.
How It Could Affect Your Customers’ Business: Credit card numbers and consumer data are catnip for bad actors, drawing their attention to credit card processors.
Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Fortinet
https://www.darkreading.com/cloud-security/fortinet-customer-data-breach-third-party
Exploit: Supply Chain Attack
Fortinet: Technology
Cybersecurity giant Fortinet confirmed that a hacker had obtained and subsequently leaked a small amount of their data from a third-party cloud-hosted storage site, The hacker, who posted under the cheeky name, “Fortibitch,” leaked 440GB of data, claiming Fortinet refused a ransom demand. The hacker claimed to have obtained the data from an Azure SharePoint site. Fortinet stressed that the incident did not involve any data encryption, deployment of ransomware or access to Fortinet’s corporate network The breach involved unauthorized access to files on a third-party cloud drive and affected less than 0.3% of its 775,000 customers. Fortinet reports no significant operational or financial impact from the incident.
How It Could Affect Your Customers’ Business: Every company needs to be concerned about how their partners and service providers are securing their data.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>
UK – Charles Darwin School
https://insight.scmagazineuk.com/biggin-hill-school-closes-due-to-ransomware-attack
Exploit: Ransomware
Charles Darwin School: Education
Charles Darwin School in Bromley, England, notified parents on September 6 that the “IT issues” were actually a ransomware attack. With 1,320 students, the school will be closed from September 9 to 11 while IT staff wipe devices and teachers reorganize lessons. Internet, email, and other systems are expected to be down for about three weeks. The school has reported the breach to the UK Information Commissioner’s Office and is working with a cybersecurity firm for a forensic investigation. The BlackSuit group has claimed responsibility.
How it Could Affect Your Customers’ Business: Schools can’t afford downtime, a fact that bad actors seek to exploit for fast ransom payoffs.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
China – Industrial and Commercial Bank of China (ICBC)
https://www.theregister.com/2024/09/11/hunters_ransom_icbc_london
Exploit: Ransomware
Industrial and Commercial Bank of China (ICBC): Financial Services
Up-and-coming ransomware gang Hunters International claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service corporation. The gang set a deadline of September 13 for ransom payment. The fledgling ransomware group says it swiped 6.6 TB of the bank’s data. ICBC is the world’s largest bank by assets, boasting $6.3 trillion in assets as of mid-2024, with an annual revenue of $113 billion.
How it Could Affect Your Customers’ Business: The financial services and banking sector has been a top target for cybercriminals looking for valuable data.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
Japan – Toyota Motor Corporation
Exploit: Hacking
Toyota Motor Corporation: Manufacturer
A hacker group called ZeroSevenGroup is claiming that they snatched 240GB of data from Toyota. The stolen information runs the gamut including employee and customer records, contracts, network infrastructure data, credentials, contacts, financial data, schematics, photos, databases and emails. The data appears to be from 2022. Toyota first said the hack was limited in scope and did not impact their systems, later pivoting to saying that the data was stolen from an unspecified third party. The company provided no further details.
How it Could Affect Your Customers’ Business: Cybercriminals aren’t just on the hunt for personal and financial data, they can also profit from corporate data like schematics, plans and contracts.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
Japan – Kawasaki Motors
https://therecord.media/kawasaki-europe-cyberattack-operations-restored
Exploit: Hacking
Kawasaki Motors: Manufacturer
The RansomHub ransomware group has leaked 487 GB of sensitive data allegedly stolen from Kawasaki Motors Europe (KME) following a recent cyberattack. The breach includes critical business documents, financial data, banking records, dealership information, and internal communications, raising cybersecurity concerns for global companies. Kawasaki publicly acknowledged the attack last week, stating that the breach had not achieved its intended goals. KME has since informed its customers about the data exposure.
How it Could Affect Your Customers’ Business: A mixed bag of corporate proprietary and financial information can be a profitable haul for bad actors.
Kaseya to the Rescue: A bewildering array of acronyms are used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Embed YouTube videos in custom BullPhish ID training courses
Enhance your BullPhish ID training campaigns by adding videos perfectly suited to any industry. We’ve made it easy!
- When creating a custom training course, you can now add a content item for a YouTube video from your YouTube account.
- Just add your URL to the provided field and you get a video enhancement for your course.
- When you add a YouTube video, a notification will appear to let users know that you’ve added it.
Learn more in the BullPhish ID release notes. LEARN MORE>>
Learn how RocketCyber stopped Akira ransomware for ITPartners+
In this fascinating whitepaper, you’ll hear the whole story of how RocketCyber’s Managed Detection and Response (MDR) service thwarted an Akira ransomware attack at ITPartners+ during a crucial holiday weekend. The whitepaper details:
- The timeline and response of the dangerous ransomware attack.
- How RocketCyber’s MDR helped ITPartners+ quickly isolate affected systems within minutes of the attack.
- Insights from ITPartners+ on their experience and the effective collaboration that ensured a successful resolution.
Did you miss…The Comprehensive Guide to Email-based Cyberattacks eBook? GET IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Ransomware Crisis Hits U.S. Schools Hard
In recent years, U.S. schools and colleges have become prime targets for ransomware attacks, a trend that has escalated to alarming levels. Since 2018, Comparitech has documented 491 such attacks on schools and colleges across the country, compromising over 6.7 million individual records. These breaches have cost the education sector an estimated $2.5 billion in downtime alone These cyberattacks are not just disrupting classroom instruction—they’re wreaking havoc on entire educational systems, exposing sensitive student data and incurring staggering recovery costs.
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
A surge in ransomware attacks batters schools and school districts
The pace of ransomware attacks against U.S. educational institutions, including K-12 schools and higher education, has accelerated dramatically. In 2023, researchers recorded a record 121 ransomware incidents, a dramatic increase from the 71 attacks reported in 2022. Geographically, California and New York have experienced the highest number of attacks, with 43 and 42 incidents respectively. This correlation with high-population states may reflect a trend of attackers choosing to maximize efficiency by concentrating on larger schools and school systems with substantial budgets and data.
Ransom demands – No school or its studens can afford a prolonged disruption from learning, and bad actors know that. From 2018 to July 2024, 8,054 schools and colleges were potentially affected by ransomware, with ransom demands wildly varying, ranging from $5,000 to $40 million. Despite the variation, the average ransom demanded is nearly $1.4 million.
Number of recorded ransomware attacks on schools and school systems
| Year | Number of attacks recorded |
| 2023 | 121 |
| 2022 | 71 |
| 2021 | 69 |
| 2020 | 85 |
| 2019 | 100 |
| 2018 | 11 |
Source: Comparitech
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
The financial toll on education targets is grim
In a time when schools and school systems must make every penny of their strained budgets count, big bills from a ransomware attack are disastrous. With a total estimated cost of $2.54 billion since 2018, the financial strain on educational institutions is immense. Notably, some schools and school systems have reported particularly hefty recovery costs:
- Buffalo Public Schools spent $10 million following an attack in March 2021
- Baltimore County Public Schools faced a bill of over $9 million after a November 2020 attack
- Morehead State University shelled out an estimated $4 million in the wake of a 2023 attack
The downtime experienced by affected institutions has also soared, averaging 12.6 days in 2023—up from just under nine days in 2021. This increase in downtime is a significant burden on schools, which are forced to halt operations, creating learning disruptions, facility closures and technology outages that impact students and staff alike. On average, U.S. schools and colleges face a staggering cost of $550,000 per day of downtime due to ransomware attacks.
Estimated cost of ransomware-related downtime for schools and school systems
| Year | Cost |
| 2023 | $766m |
| 2022 | $391m |
| 2021 | $298m |
| 2020 | $445m |
| 2019 | $447m |
| 2018 | $74m |
Source: Comparitech
10 practical tips for MSPs to help secure schools 7 school districts
Managed Service Providers (MSPs) can significantly enhance the resilience of schools against ransomware attacks and help safeguard their critical data and systems. Here’s a list of cybersecurity tips tailored for MSPs who are working with schools and school districts to protect them from cyberattacks including expensive ransomware attacks:
- Conduct comprehensive risk assessments: Regularly evaluate the school’s IT environment to identify vulnerabilities and potential security gaps that could be exploited by ransomware.
- Enhance backup solutions: Ensure that critical data is regularly backed up and can be quickly restored. Endpoint detection and response solutions that offer ransomware rollback to quickly restore everything to its pre-attack state
- Deploy advanced threat detection tools: Use advanced threat detection and response tools that leverage AI and machine learning to identify and mitigate ransomware threats in real time.
- Implement endpoint protection: Deploy robust endpoint protection solutions to secure all devices connected to the school’s network, including computers, tablets, and mobile devices.
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
- Provide ongoing security training: Offer continuous cybersecurity training and awareness programs for school staff and students to recognize phishing attempts and other common attack vectors.
- Monitor network activity continuously: Use network monitoring tools to continuously track and analyze network traffic for signs of suspicious activity or potential ransomware threats.
- Establish incident response protocols: Develop and regularly update an incident response plan specific to ransomware attacks, including clear procedures for containment, eradication and recovery.
- Perform regular security audits: Conduct routine security audits and penetration testing to identify and address potential weaknesses in the school’s IT infrastructure.
- Implement email filtering solutions: Use advanced email filtering solutions to detect and block malicious attachments and phishing emails that could deliver ransomware.
- Promote a security culture: Foster a culture of cybersecurity awareness within the school community, emphasizing the importance of proactive measures and vigilance.
The bottom line for schools: secure data and networks now
The escalating ransomware crisis underscores the urgent need for enhanced cybersecurity protocols within the education sector. As institutions grapple with the financial and operational fallout, it is clear that a proactive approach to cybersecurity and robust recovery plans are crucial to mitigating the impact of future attacks. Educational institutions and policymakers must prioritize cybersecurity investments and collaborative efforts to combat the growing ransomware threat. The resilience of our schools and colleges depends on it.
ID Agent and RocketCyber Help Businesses Mitigate All Types of Cyber Risk Affordably
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.
BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security might miss including Zero Days and AI-enhanced malicious messages.
RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Learn more about our security products, or better yet, take the next step and book a demo today!
Kaseya DattoCon Miami is just around the corner
October 28 – 30,2024 | Fontainebleau, Miami Beach, FL
Are you ready for Kaseya DattoCon in Miami? At this amazing event, you’ll get savvy about security and gain technical insights from industry experts. You will leave Kaseya DattoCon with real-world business strategies to implement the minute you’re back at the office. Here’s why you can’t afford to miss it:
- Hear from Kaseya’s very own CEO, Fred Voccola, industry experts and special guests.
- Unbeatable sessions on IT business, cybersecurity and defense, automation, sales and marketing.
- Leave the conference as a Kaseya Certified Administrator.
- Rub shoulders and swap stories with the best global MSPs in the industry.
- Party at the DattoCon Awards: Honoring Excellence and Innovation in IT.
Plus, we have an incredible announcement that you won’t want to miss. Join us in Miami! REGISTER NOW>>
September 19: Kaseya+Datto Connect Local The Netherlands REGISTER NOW>>
October 17: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!