The Week in Breach News: 12/15/21 – 12/21/21
Cryptocurrency handlers continue to get pounded as cybercriminals steal an estimated $135 million from a blockchain game developer, Brazil’s Ministry of Health was creamed by ransomware two times in one week, new sales and marketing focused assets for MSPs and must-see buyer sentiment data in our deluxe top 10 list: 10 Things MSPs Need to Know About SMB IT Priorities in 2022.
Help your clients start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>
Virginia Museum of Fine Arts
https://www.securityweek.com/virginia-museum-shuts-down-website-amid-it-breach
Exploit: Ransomware
Virginia Museum of Fine Arts: Art Museum
Risk to Business: 2.822=Moderate
A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware risk is rising for organizations in every sector including non-profits and cultural institutions.
ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>>
McMenamins
Exploit: Ransomware
McMenamins: Hotel and Restaurant Chain
Risk to Business: 1.612=Severe
Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Companies that may be holding financial data and PII for clients will be attractive targets for ransomware groups.
ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>
The Oregon Anesthesiology Group (OAG)
Exploit: Ransomware
The Oregon Anesthesiology Group (OAG): Medical Care Provider
Risk to Business: 1.717= Severe
The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.
Risk to Business: 1.802=Severe
The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Medical centers and providers can have big scores of data that are attractive to cybercriminals.
ID Agent to the Rescue: Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>>
The Computer Security To-Do Checklist helps keep the bad guys out of businesses and data in! GET IT>>
Superior Plus
https://www.darkreading.com/attacks-breaches/propane-distributor-hit-with-ransomware
Exploit: Ransomware
Superior Plus: Propane Distributor
Risk to Business: 2.229 = Severe
Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted:
How it Could Affect Your Customers’ Business Infrastructure targets have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.
ID Agent to the Rescue: The majority of ransomware arrives at businesses as the rotten cargo of a phishing attack. Our eBook The Phish Files can help you gain a strategic edge against phishing. GET THE BOOK>>
Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>
Brazil – Ministry of Health (MoH)
Exploit: Ransomware
Ministry of Health (MoH) – National Government Agency
Risk to Business: 1.107= Extreme
Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Getting hit with multiple attacks in a short period of time could be a death blow to many organizations.
ID Agent to the Rescue Every client is at risk of ransomware trouble. Learn to mitigate the risk of a ransomware attack and build strong defenses in Ransomware 101. DOWNLOAD FREE EBOOK>>
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
Ireland – Coombe Hospital
Exploit: Hacking
Coombe Hospital: Medical Center
Risk to Business: 2.711 = Moderate
The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis. The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Targets in the medical sector have been getting absolutely pounded by ransomware since the start of the global pandemic.
ID Agent to the Rescue Employees are the most likely cause of a cybersecurity incident in any business. See how to spot and stop insider risks in our new Guide to Reducing Insider Risk. DOWNLOAD IT NOW>>
Greece – VulcanForged
Exploit: Ransomware
VulcanForged: Cryptocurrency Gaming Company
Risk to Business: 1.7684 = Severe
Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Any operation that handles or stores cryptocurrency is at a very high risk for trouble. This is the third cryptocurrency outfit to be hit by hackers this month
ID Agent to the Rescue Learn 4 highly effective ways to protect your clients from ransomware now and set them up for future defensive success in one fun, educational webinar! WATCH NOW>>
See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>
Australia – Finite Recruitment
https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/
Exploit: Ransomware
Finite Recruitment: Staffing Firm
Risk to Business: 2.223 = Severe
IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.
Risk to Business: 2.015 = Severe
An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cybercriminals are always on the hunt for big troves of personal and financial information and companes that store it are at a high risk for ransomware.
ID Agent to the Rescue Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Data Feeding Frenzy Drives Holiday Ransomware Risk Up Sharply
- Human Error Can’t Be Stopped, But the Risk Can Be Mitigated
- Non-Malicious Insiders Are Security Risks Too
- What Will Nation-State Threat Actors Be Doing in 2022?
- The Week in Breach News: 12/08/21 – 12/14/21
Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>>
See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>
These 2 Awesome Resources Can Help MSPs Start 2022 Off Right
Are you resolved to have a profitable, growth-focused 2022? Here are 2 new resources to show you how ID Agent can help you keep that resolution.
6 Power-Ups That Will Make You a Sales Superhero – See the sales-boosting secret weapons that our partners can access. DOWNLOAD IT>>
5 Ways to Make Marketing Magic – Get the word out about the benefits of choosing your MSP quickly and easily with these tools! DOWNLOAD IT>>
Empower Your Clients to Spot & Stop Insider Threats
In our new eBook the Guide to Reducing Insider Risk take a deep dive into insider risk and explore ways to combat it DOWNLOAD IT NOW>>
The infographic 5 Red Flags That Point to a Malicious Insider at Work details 5 things to watch for that can expose malicious insiders. DOWNLOAD IT NOW>>
The Building a Strong Security Culture Checklist helps clients find security flaws that you can help fix! DOWNLOAD IT NOW>>
Did you miss…? Help your clients start the year with their best foot forward with the Reboot Your Cybersecurity Practices checklist. GET IT>>
Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>
10 Things MSPs Need to Know About SMB IT Priorities in 2022
Look at Business IT Priorities to Inform Your 2022 Strategy!
The new year is almost upon us, and many folks are putting together their new year’s resolutions, getting ready to make life changes with a “new year, new me” attitude. Businesses often do the same thing, putting things off until “after the holidays”. Many organizations use Q1 as the time to launch new yearlong projects and take care of loose ends with a fresh budget. Technology priorities will be on that list of things to take care of in 2022.
Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>
These Are the 10 Things That MSPs Need to Know About SMB IT Priorities in 2022
For MSPs, Q1 2022 will be a great time to connect with clients to see how they can help those clients implement IT changes and tighten security. What can MSPs expect to see clients gravitating toward, and how can they meet those needs while growing their own businesses? Get a head start on preparing for those conversations with these 10 facts to keep in mind about SMB IT priorities in 2022
1. Buyers are moving fast when making new software decisions
Everything is moving a little faster these days, including the business software purchasing process. An estimated 54% of company software buyers need 3 months or less to reach a software purchase decision of $20,000 or more. Bigger buyers are sometimes working even faster with 17% of enterprise-scale companies saying that they require less than one month to make a decision about a new software purchase.
However, making a purchase decision requires an okay from more people than in the past, and it may be a shifting cast of characters. Overall, 25% of enterprise buyers say the number of people involved in each decision has increased. During the process of making a software purchase, one third of buyers say that the people involved in the process change frequently and may include IT security specialists as well as executives. Additional stakeholders are also likely to become part of the process. 63% of mid-market companies and 64% of enterprise companies frequently or always add additional stakeholders during the buying process. Altogether, buyers say that the average number of people involved in a single software purchasing decision has increased by 20% over the past year and they don’t expect it to go down – over a quarter of companies expect the number of people involved to increase in the next year.
What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>
2. C-suite executives are confident that they’re ready for ransomware.
Ransomware has been a newsmaker in 2021 and business executives are thinking about what a ransomware attack might do to their organization. By and large they believe that their organization is ransomware-ready – 71% of C-suite execs are confident that their organization is ready to face a ransomware attack.
Executive Confidence That Their Organization is Protected from Ransomware
2020 2021
Very Confident 26% 30%
Somewhat Confident 42% 40%
Neutral 15% 14%
Somewhat Unconfident 12% 11%
Very Unconfident 4% 4%
Source: (ISC)² https://www.isc2.org/
They do have concerns about the impact of a possible ransomware attack though, chiefly how that attack would impact the company legally and subsequently financially. The top concern among leaders, cited by 38% of respondents, is exposure to regulatory sanctions in the event that their organization is hit by a ransomware attack. This is a major worry for 41% of UK executives and 36% of US executives.
The second biggest concern for executives (34%) is possible loss of data or intellectual property as a result of a ransomware attack. 34% are worried about that. In third place, executives are equally concerned about four outcomes after a ransomware incident. More than 30% are worried about loss of confidence among employees, loss of business due to systems outage, uncertainty that data could still be compromised even after paying a ransom W(Which may be illegal) and reputational harm.
The top concerns that C-suite execs are bringing to the IT department are focused on restoring operations in the wake of a ransomware incident. An estimated 38% are concerned with ensuring data backup and restoration plans were not impacted by ransomware, 33% want to know that there’s a procedure in place to restore minimal operations in the event of an attack and 32% want to know how prepared the organization is to engage with law enforcement as part of their incident response.
We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>
3. Businesses are ready and willing to buy software
While no one is splashing out cash these days, businesses know that they need to regularly update and upgrade their solutions to stay competitive, and they’re willing to make necessary purchases. That’s great news for MSPs. Almost 65% of companies plan on buying five or more software tools in 2022— and for big companies with more than 1,000 employees, that number shoots up to about 75%.
On average, 64% of all companies say that they buy five or more pieces of software per year to keep up with constant changes in technology and threats. Big companies buy more, with just over 70% of enterprise businesses saying they buy five or more solutions. For mid to enterprise segments companies, $100,000-$149,999 was the average software purchase over the last 12 months.
4. Buyers prefer multipurpose software solutions
Just because they’re ready to spend money doesn’t mean that business software buyers are ready to buy a lot of solutions with a narrow focus. They want to get as much value for their money as they can, and the vast majority are looking for solutions that come with value baked in. 80% of buyers prefer to buy a product that solves multiple business problems. They’re relying on online opinions from other buyers to make sure that new solutions will fit their company’s needs as well. Over 85% of software buyers for organizations of every size use peer review sites for research when buying software.
5. Business executives grossly underestimate their organization’s risk
Unfortunately, many business executives don’t have a solid grasp on the realistic risk for their organizations, and that may complicate the process of closing sales. IBM recently reported that in a survey, over 65% of senior-level decision-makers said they didn’t believe their organizations would ever fall victim to a cyberattack. The CNBC /Momentive Small Business Survey expands on that dangerous conclusion. Even with skyrocketing data breach increases, a stunning 56% of the SMB owners surveyed said they are “not very concerned” about being the victim of a cyberattack in the next 12 months, and among those, 24% said they were “not concerned at all.” Many also dismissed the seriousness of today’s biggest risks. The SMB owners polled were generally quite confident (59%) that even if they were hit with a cyberattack, they’d quickly resolve it. Only 37% were “not very confident” and only 11% were “not confident at all.”
Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>
6. Companies may not be considering all of their options
While about 60% of companies conduct research and consider new alternatives when a product is up for renewal, many companies prefer to stick with what they know when it comes time to renew their commitment to a solution. An estimated 40% of business IT buyers aid that their organizations don’t consider another option when a product is up for renewal. That can be a mistake if the solution that they’re using is outdated or unable to perform a function efficiently, and it can also be a very dangerous proposition when it comes to cybersecurity. For companies that do compare all of their options before making renewals, 70% of buyers say that their company has a formal review process for software renewals and 20% have no formal process in place for considering software renewals.
7. Security is a top priority
There’s a good bit of variance between what businesses at every level are making a priority, but they all agree on one thing: security is an essential consideration when choosing a new solution. Enterprise companies are especially focused on security as the top factor in their decision-making process with 89.4% of enterprise buyers considering security very important or important.
Software Buying Priorities by Business Size
Small Medium Enterprise
Priority 1 Integrations Security Security
Priority 2 Scalability Scalability Integrations
Priority 3 Security 1 Year ROI Scalability
8. Remote and hybrid workforce management is still a pain point
As the global pandemic continues to unfold, businesses are continuing to feel its effects on their day-to-day operations, including continuing support for remote and hybrid workers. Current estimates say that 32% of workers are remote right now, up 7% from May 2021. Even after more than a year of practice, remote working is still creating a host of headaches for companies’ IT departments. IT admins at every level agree that managing remote workers is very tricky, with 57% of IT admins citing managing and securing remote workforce needs as the biggest challenge that they faced in 2021.
Security is the top concern in remote and hybrid workforce IT. The top three concerns that IT administrators cited when asked about the difficulties that they’d faced with remote workforce management are software security exploits (37%) ransomware (35%), and use of unsecured networks (33%).
Go deep into the cybercrime underworld in “Hacker Hotbeds and Malicious Marketplaces” WATCH THIS WEBINAR>>
9. Companies have money to spend
More than half of businesses at all levels have money to spend on the right solutions. Three-quarters of companies have increased their IT budget over the last year, and almost 55% of buyers say their company’s overall software and technology spending will increase in 2022. Major cyberattacks and new regulations are big contributors to the fact that much of that spending will be concentrated on security.
According to the latest survey from the Neustar International Security Council (NISC), 81% of organizations have committed to bolstering their cybersecurity budgets for 2022. Nearly one-quarter (24%) of businesses have increased their cybersecurity budget allocations between 31% to 50% over this past year, and more than four in ten (41%) are committed to devoting even more resources in 2022, raising their security budgets 11% to 30%.
Cybersecurity spending is expected to continue to increase. Tech research and advisory firm Gartner estimated that spending on information security and risk management will total $172 billion in 2022, up from $155 billion in 2021 and $137 billion the year before.
10. MSPs are valued partners that organizations rely on
Companies that have relationships with MSPs are generally happy with them and value the benefits that their businesses receive from those relationships. As has been the case all year, the vast majority of IT admins see MSPs as an important part of their department’s operations, with 87% of saying that they have already formed a relationship with an MSP or plan to engage an MSP in 2022. They also report seeing a wide range of benefits from their engagement of MSPs to handle technology concerns. 63% say that MSPs are up to date on the latest technologies, 60% say MSPs help them provide a better user experience, 54% say that MSPs are cost-effective, 47% think that MSPs help them better secure their users’ access and identity and 32% say that they benefit from the strong customer support that an MSP provides. All in all, 77% report that using an MSP has resulted in better security and 57% say that using an MSP results in a better employee experience.
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>
Now is The Time to Build Up Your Business Relationships
Are you ready to take advantage of the new opportunities to boost your revenue that are coming your way in 2022? Keeping your MSP top-of-mind for your clients and prospects is a big part of landing those deals – 67% of companies usually engage a vendor’s sales team after they have already made a purchase decision.
Offering the right smart- value-added solutions is also an essential part of bringing in new business and ensuring renewals from your existing clients. ID Agent’s digital risk protection platform has all the right components to wow clients and prospects, growing your sales and your customer satisfaction.
BullPhish ID maximizes your client’s training investment by offering lessons on topics like phishing, compliance, password safety, security hygiene and more. Choose from our plug-and-play complete training modules and phishing simulations or customize the content to reflect the unique industry risks that employees face daily.
Dark Web ID features 24/7/365 always-on monitoring that alerts businesses when their credentials appear on the dark web, reducing nasty third-party credential exposure risk. Automated alerts and reporting mean that your team doesn’t need to spend time staring at a dashboard to stay informed.
Passly is an incredible value, packing so much bang for the buck. Essentials like multifactor authentication, single sign-on and secure shared password vaults make remote management and access control easy, and automated password resets will make everyone happy.
See these solutions in action in short demonstration videos: https://www.idagent.com/learn-more
Don’t just take our word for it. ID Agent solutions help MSPs drive revenue fast. Hear what our partners have to say about the benefits of teaming up with ID Agent: https://www.idagent.com/case-studies/
Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to partner with ID Agent. BECOME A PARTNER>>
Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>
Security is a Top Priority for Businesses of Every Size
Did you know that a cyberattack is attempted every 39 seconds? The constant barrage of cyberattacks and never-ending escalation in cybersecurity risk has brought home an important fact for businesses of every size: cybersecurity has to be a top priority in 2022.
All companies, regardless of size or region have a 1 in 4 chance of being hit by a ransomware attack today. We’ve all seen the impact that one ransomware attack can have in the last two years. Even one event is expensive, disruptive and potentially ruinous for businesses. 60% of businesses that are hit by a successful cyberattack shutter within 6 months.
That’s why it is essential to take the time to review your organization’s cyber defenses and cybersecurity policies to ensure that you’re taking every possible precaution against ending up on a cybercriminal’s hit list. No business is too small for trouble. More than 50% of ransomware attacks last year struck SMBs with less than 100 employees.
Set up a meeting now to talk to the experts you trust with your company’s IT to make sure that your company’s cybersecurity solutions are really meeting your needs and look at ways to boost your cyber resilience before you have to navigate a new round of cyberattack threats in 2022.
Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!