The Week in Breach News: 11/29/23 – 12/05/23
This week: Two worrying cyberattacks on aerospace agencies, ransomware hits another utility, a fresh feature in Datto EDR and a look at business cybersecurity spending.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Staples
https://www.cybersecuritydive.com/news/staples-cyberattack-cyber-week/701287/
Exploit: Ransomware
Staples: Office Supply Retailer
Risk to Business: 1.617 = Severe
A Cyber Monday attack on office supply retailer Staples threw a wrench in the company’s business on one of the busiest shopping days of the year. Staples said that it was forced to take many of its systems offline, disrupting staples.com processing and delivery capabilities, communications channels and customer service lines. Most services were restored by the end of the week, and there was no word about data theft at press time.
How It Could Affect Your Customers’ Business: Retailers can’t afford downtime at any time, but it is especially damaging during the holiday season.
Kaseya to the Rescue: Learn about how Datto EDR with Ransomware Rollback helps companies recover from ransomware faster. REGISTER NOW>>
Blue Shield of California
https://sfstandard.com/2023/12/01/blue-shield-of-california-hacked-member-data-stolen/
Exploit: Hacking
Blue Shield of California: Insurer
Risk to Business: 1.691 = Severe
Blue Shield California is the latest company to fall victim to a MOVEit-related hack by the Cl0p ransomware gang. Data was stolen from a Blue Shield server managing vision care data on May 28 and May 31, 2023. The insurer said that it became aware of the problem on September 1, 2023. The stolen data may have included names of members, their dates of birth, social security numbers and information related to their vision health care. The company said it has brought in a third-party cybersecurity company and law enforcement for the investigation.
How It Could Affect Your Customers’ Business: The interconnection of businesses means that cybercriminals will continue to find new zero-day exploits.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
WeMystic
https://securityaffairs.com/155102/security/wemystic-website-data-leak.html
Exploit: Misconfiguration
WeMystic: Astrology Website
Risk to Business: 2.703 = Moderate
WeMystic, a website that offers its users astrology, spiritual well-being care and fortune telling has experienced a data breach caused by a server misconfiguration. Experts discovered an open server with 34 gigabytes of data about 1. 3 million people. The exposed data includes users’ names, email addresses, dates of birth, IP addresses, gender, horoscope signs and other user system data.
How It Could Affect Your Customers’ Business: Human error is the number one enemy of data security, but security awareness training can change that.
Kaseya to the Rescue: Our Guide to Reducing Insider Risk offers tips for mitigating accidental insider risk and spotting malicious insiders. DOWNLOAD IT>>
North Texas Municipal Water District (NTMWD)
https://therecord.media/north-texas-water-utility-cyberattack
Exploit: Ransomware
North Texas Municipal Water District (NTMWD): Utility
Risk to Business: 1.840 = Severe
A north Texas water utility that serves more than 2.3 million people in 13 cities has fallen victim to a ransomware attack. North Texas Municipal Water District (NTMWD). Officials said that the attack only impacted its phone system and the systems in its business office, assuring the public that the attack did not impact its core water, wastewater and solid waste services. The cybercrime group Diaxin has claimed responsibility for the attack.
How It Could Affect Your Customers’ Business: Ransomware attacks against utilities have been ramping up, and everyone should be worried about that.
Kaseya to the Rescue: Ransomware is a major threat to all organizations, not just businesses. Learn more about ransomware and get tips to mitigate risk in Ransomware 101. DOWNLOAD IT>>
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
China – Yanfeng Automotive Interiors
Exploit: Ransomware
Yanfeng Automotive Interiors: Auto Parts Manufacturer
Risk to Business: 1.673 = Severe
The Qilin ransomware group has claimed responsibility for a cyberattack on one of the world’s largest automotive parts manufacturers, Yanfeng Automotive Interiors (Yanfeng). This attack forced the car company to stop production at its North American plants. The threat actors published multiple samples as proof of the hack including financial documents, non-disclosure agreements, quotation files, technical data sheets and internal reports.
How it Could Affect Your Customers’ Business: Manufacturers of all kinds have been experiencing increased cyber risk as operational technology (OT) comes under fire.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
India – National Aerospace Laboratories (NAL)
https://techcrunch.com/2023/11/28/lockbit-india-national-aerospace-laboratories-ransomware-attack/
Exploit: Ransomware
National Aerospace Laboratories (NAL): Government Agency
Risk to Business: 1.736 = Severe
The notorious ransomware group LockBit has added India’s space agency National Aerospace Laboratories (NAL) to its dark web leak site. The gang claims to have snatched a wide variety of data including confidential letters, an employee’s passport and other internal documents. NAL’s website also experienced an outage.
How it Could Affect Your Customers’ Business: Government agencies need to be especially careful about protecting sensitive data.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Japan – Japan Aerospace Exploration Agency (JAXA)
Exploit: Hacking
Japan Aerospace Exploration Agency (JAXA): Government Agency
Risk to Business: 1.791 = Severe
The Japan Aerospace Exploration Agency (JAXA) has disclosed that it has experienced an unauthorized intrusion into its network. The agency was made aware of the break-in over the summer. It was quick to assure the public that it doesn’t believe that any data pertaining to rockets or satellites was accessed. The incident remains under investigation.
How it Could Affect Your Customers’ Business: This kind of highly sensitive data like schematics is very valuable for both garden-variety cybercriminals and nation-state threat actors.
Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>
Japan – Shimano
https://www.bicycling.com/news/a45974423/shimano-ransomware-attack-hackers-published-data/
Exploit: Ransomware
Shimano: Bike Parts Manufacturer
Risk to Business: 1.802 = Severe
Major Japanese cycling component manufacturer Shimano was the victim of a ransomware attack by the LockBit group. The gang claims to have stolen 4.5 terabytes of sensitive company data, including confidential employee details, financial documents, a client database and other confidential company documents. The group had placed a November 5 deadline on the publication of the purloined data, but only published a fraction of the data after the deadline passed.
How it Could Affect Your Customers’ Business: Ransomware risk has been steadily increasing and companies in every industry are in danger of an attack.
Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Datto EDR Update – Named Security Policies
Datto EDR’s latest update adds a new must-have feature: customizable security policies that can be applied across different organizations and locations. Now EDR will no longer be restricted to a single set of global policies, making it easier for MSPs to tailor their policies for unique client needs.
Key Functionalities:
- Create multiple named security policies
- Apply different named policies across organizations and locations
- Quickly edit, disable and apply policies
Learn more about the capabilities of Datto EDR now! LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
The Guide to Reducing Insider Risk 2023
In the latest edition of The Guide to Reducing Insider Risk, you’ll find the information that you need to take a deep dive into the problem of insider risk and explore ways to combat it, including:
- What the biggest factors are that influence insider risk
- How to spot a malicious insider before they strike
- What actions you can take to reduce insider risk fast
Did you miss… our Kaseya Security Survey Report 2023? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
Businesses Are Ready to Make New Security Investments
Every day, businesses are navigating an intricate landscape where safeguarding sensitive data has become paramount as well as increasingly difficult. As the frequency and sophistication of cyber threats continue to escalate, a promising trend is emerging— a significant upswing in businesses’ investments in cybersecurity. Recognizing the importance of fortifying their digital defenses, organizations across various industries are allocating substantial resources to bolster their cybersecurity infrastructure. This surge in financial commitment by business leaders underscores the recognition of the critical role cybersecurity plays in safeguarding networks and data as well as the necessity for new tools to make it happen. In the Kaseya Security Survey Report 2023, we polled 3,066 IT professionals from around the world to find out about their companies’ investments in cybersecurity in 2023 and beyond.
Find more exclusive data about how companies are approaching cybersecurity in the Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Many businesses need to improve the frequency of vulnerability assessments
IT security vulnerability assessments like penetration testing are a valuable tool for organizations to employ to find weaknesses in their security buildout, and most of our respondents are putting that tool to work for their organization in some capacity. Over half of our survey respondents (52%) said that their company conducts vulnerability assessments two to four times per year. Quarterly assessments are a requirement under some compliance standards and are considered a best practice. Another fifth (20%) said that their employer conducts assessments only once per year — well below the recommended standard. Even worse, 8% of respondents conduct assessments only every two to five years, allowing dangerous vulnerabilities that could translate into damaging cyberattacks to pile up.
Approximately how frequently does your organization conduct IT security vulnerability assessments?
| Frequency of assessments | Response |
| Twice per year | 29% |
| 3 to 4 times per year | 23% |
| Once per year | 20% |
| More than 4 times per year | 15% |
| Once every 2 to 4 years | 6% |
| Once every 5 years or longer | 2% |
| Never | 2% |
| I don’t know | 2% |
Source: Kaseya Security Survey Report 2023
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Businesses are investing in security
Even in a time of strained budgets, companies recognize how important IT security is for their continued success — and they’re making investments in it. Cloud security (28%), cyber insurance (27%) and endpoint detection and response (EDR) (26%) are the top three areas in which respondents said they plan to invest in the next year. Surprisingly, only 17% of respondents are planning to invest in security awareness training, a low-cost way to reduce security incidents by up to 70%, and 3% of respondents said their companies will not be making any cybersecurity investments at all.
Which of the following cybersecurity investments do you anticipate making in the next 12 months?
| Investment | Response |
| Cloud security | 28% |
| Cyber insurance | 27% |
| Endpoint detection and response (EDR) | 26% |
| Dark web monitoring | 23% |
| Email/collaboration tool security | 23% |
| Network security | 20% |
| Managed SOC/MDR | 19% |
| Automated pen testing | 18% |
| Security awareness training | 17% |
| Secure remote access (SASE) | 15% |
| Vulnerability assessment | 13% |
| We do not anticipate investing in cybersecurity | 3% |
Source: Kaseya Security Survey Report 2023
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Security occupies up to half of IT budgets at most companies
Just like any other business asset, cybersecurity requires an investment, and a failure in upkeep can be disastrous. For the most part, business IT budget controllers are making security a priority and investing in cybersecurity technology. Just over three-quarters of our (76%) said that up to 50% of their company’s total IT budget is dedicated to security. Many IT professionals are looking at good news ahead in terms of budget.
Approximately what percentage of your overall IT budget is dedicated to security?
| Budget dedicated to security | Response |
| More than 50% | 5% |
| 26% to 50% | 30% |
| 11% to 25% | 46% |
| Less than 10% | 15% |
| I don’t know | 4% |
Source: Kaseya Security Survey Report 2023
This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>
Cybersecurity budgets aren’t decreasing
In a challenging economy, businesses are looking for ways to save everywhere in their operations. Fortunately, many business decision-makers understand that cybersecurity isn’t the place to cut corners. More than half of our survey respondents (60%) said that their IT security budget was unchanged in the past 12 months. 30% of companies pumped up their investment in 2023, giving them an edge to combat future trouble.
Did your company’s IT security budget increase, stay the same or decrease compared to 12 months ago?
| State of 2023 Security Budget | Response |
| Stayed the same | 60% |
| Increased | 29% |
| Decreased | 7% |
| I don’t know | 4% |
Source: Kaseya Security Survey Report 2023
Companies have more money to spend on security in 2024
Businesses are facing a myriad of cybersecurity challenges, and IT departments will need to be appropriately resourced to meet them. About three-quarters of respondents (75%) expect their budgets to stay the same or increase in the next year, and that’s good news for overstretched IT professionals looking ahead to new threats. However, just under one-third of respondents said they expect budget cuts.
Do you expect your company’s IT security budget to increase, stay the same or decrease in the next 12 months?
| Anticipated 2024 security budget | Response |
| Stay the same | 45% |
| Increase | 43% |
| Decrease | 7% |
| I don’t know | 4% |
Source: Kaseya Security Survey Report 2023
Companies are savvy to the need for cyber insurance
Cyber insurance has become a must-have for businesses. The majority of our respondents (79%) said that their organization has cyber insurance. Our respondents also indicated that if their company doesn’t have cyber insurance, they’re planning to invest in it soon. Nearly two-thirds of respondents (62%) said that their organization is at least somewhat likely to purchase cyber insurance in the next 12 months.
How likely is your organization to invest in cyber insurance in the next 12 months?
| Response | % of responses |
| We already have cyber insurance | 27% |
| Extremely Likely | 17% |
| Very likely | 25% |
| Somewhat likely | 20% |
| Not likely | 7% |
| I don’t know | 5% |
Source: Kaseya Security Survey Report 2023
Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Are You Ready for the 12 Days of Phishmas?
Phishing risk is greatly elevated during the winter holiday season. Join us on December 12, 2023, at 1 pm ET / 10 am PT for our exclusive webinar, The 12 Days of Phishmas, as we unwrap 12 cybersecurity disasters and provide insights on how to avoid the same fate. REGISTER NOW>>
December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!