The Week in Breach News: 12/26/23 – 01/02/24
This week: Bad actors obtained court recordings in Australia, operations are snarled by ransomware at a major apparel company, three bright spots of good news for MSPs and Datto’s Global State of the MSP Report: Trends and Forecasts for 2024 is here.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
Fidelity National Financial
https://therecord.media/fidelity-national-financial-subsidiary-breach-disclosure
Exploit: Hacking
Fidelity National Financial: Insurer
Risk to Business: 1.617 = Severe
Major insurer Fidelity National Financial has reported a data breach after a November 2023 cyberattack struck one of its subsidiaries. A successful cyberattack at LoanCare, one of the U.S.’s largest providers of loan sub-servicing, led to data exposure for 1,316,938 people. The company said that the attack took place around November 19, 2023. Clients may have had personal data exposed including their name, address, social security number and loan number. Victims are being offered two years of identity protection services from Kroll.
How It Could Affect Your Customers’ Business: In today’s interconnected business world companies can unwittingly provide a back door into a sister company or client’s network.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
National Amusements
https://techcrunch.com/2023/12/26/cbs-paramount-owner-national-amusements-hacked/
Exploit: Hacking
National Amusements: Entertainment Conglomerate
Risk to Business: 1.691 = Severe
National Amusements, the corporate parent of major entertainment companies including Paramount and CBS has disclosed that it experienced a data breach in December 2022 in a filing with the Maine Attorney General. The conglomerate says that it discovered the incident in August 2023, which resulted in hackers snatching the personal information of 82,128 people including employees and former employees. The filing specified that the hackers also stole financial information, such as banking account numbers or credit card numbers in combination with associated security codes and passwords.
How It Could Affect Your Customers’ Business: Bad actors don’t have to steal a company’s customer data to get a treasure trove of sensitive information.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Xfinity
Exploit: Zero Day
Xfinity: Communications Company
Risk to Business: 2.703 = Moderate
Xfinity has announced that it experienced a data breach in late October 2023 because of the Citrix Bleed vulnerability. The company said that hackers breached one of its servers and obtained customer information, resulting in data exposure for an estimated 35,879,455 people. The stolen data includes usernames and hashed passwords as well as customer names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. The Citrix Bleed vulnerability first surfaced in August 2023.
How It Could Affect Your Customers’ Business: Growing reliance on business applications and similar technology means that companies will face a continually growing flood of zero-day threats.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Mint Mobile
https://securityaffairs.com/156295/data-breach/mint-mobile-data-breach-2.html
Exploit: Hacking
Mint Mobile: Mobile Virtual Network Operator
Risk to Business: 1.840 = Severe
Mobile telephone provider Mint Mobile has sent customers a notice of a data breach. The December 22 notice stated that bad actors had obtained access to customer data. That resulted in the exposure of customers’ names, phone numbers, email addresses, SIM serial number and IMEI, and service plan information. That information can be used for SIM-swapping operations. The company was quick to assure customers that other sensitive data was not impacted, saying that it does not collect credit card numbers, social security numbers, dates of birth, driver’s license data or other government-provided identifiers.
How It Could Affect Your Customers’ Business: SIM swapping or a SIM hijacking attack is a lucrative operation for bad actors.
Kaseya to the Rescue: Read our case studies to see how MSPs and businesses have overcome their cybersecurity challenges with the solutions in Kaseya’s Security Suite. EXPLORE CASE STUDIES>>
VF Corporation
https://therecord.media/vf-corp-cyberattack-filing-first-day-sec-incident-reporting-rules
Exploit: Hacking
VF Corporation: Apparel Company
Risk to Business: 1.423 = Extreme
Apparel giant VF Corporation, owner of big brands including North Face, Vans, Timberland and Jansport, is one of the first companies to report a data breach under the new rules set by the U.S. Securities and Exchange Commission (SEC). The company declared that it detected unauthorized activity on a portion of its information technology systems on December 13, 2023, forcing it to shut down some systems. Bad actors encrypted some of VF Corporation’s IT systems and helped themselves to the personal data of employees. The company said that it is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations. Its retail stores are open, but online sales and wholesale operations have been snarled.
How it Could Affect Your Customers’ Business: The business effects of a cyberattack like this can have a wide ripple effect leading to customer irritation and loss of revenue.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
United Kingdom – Xeinadin
https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html
Exploit: Ransomware
Xeinadin: Accounting Firm
Risk to Business: 1.736 = Severe
The LockBit ransomware gang is claiming responsibility for a ransomware attack that hit London-based accountancy shop Xeinadin. The threat actors claim to have obtained 1.5 terabytes of Xeinadin’s sensitive internal and customer data including internal databases, customer financial reports, passport scans, client legal information and account balances. In addition, the cybercriminals claim to have gained access to “personal accounts of Companies House customers”. Several screenshots were posted on LockBit’s dark web leak site as proof of the hack.
How it Could Affect Your Customers’ Business: The cyber component of the Russia-Ukraine war has been fast and furious with a great deal of strategic action.
Kaseya to the Rescue: Learn how Datto EDR with Ransomware Rollback helps organizations including medical centers recover from ransomware faster. REGISTER NOW>>
Germany – Katholische Hospitalvereinigung Ostwestfalen (KHO)
Exploit: Hacking
Katholische Hospitalvereinigung Ostwestfalen (KHO): Healthcare Provider
Risk to Business: 1.301 = Extreme
A Christmas Eve ransomware attack caused emergency care disruptions at three German hospitals owned by Katholische Hospitalvereinigung Ostwestfalen (KHO). The LockBit ransomware group has claimed responsibility for the cyberattack on Katholische Hospitalvereinigung Ostwestfalen (KHO). The ransomware attack knocked out emergency services and impacted operations at Franziskus Hospital Bielefeld, Sankt Vinzenz Hospital Rheda-Wiedenbrück and Mathilden Hospital Herford, all facilities with more than 600 beds. KHO officials said that it has already restored its patient data from backups and regular patient care and clinic operations are ongoing with minimal technical disruptions. No ransom demand was made public.
How it Could Affect Your Customers’ Business: Cybercriminals love to make the most of holidays by launching a flurry of cyberattacks to take advantage of reduced staffing.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
Australia – Court Services Victoria (CSV)
Exploit: Ransomware
Court Services Victoria (CSV): Government Agency
Risk to Business: 1.433 = Extreme
A cyberattack on Court Services Victoria (CSV) has resulted in bad actors gaining access to the court system’s audio-visual archive. A spokesperson for CSV confirmed that threat actors may have accessed or stolen recordings of hearings held between November 1 and December 21, 2023, including witness testimony from highly sensitive cases. The attack came to light on December 21 when staff members were locked out of their computers with the onscreen message “YOU HAVE BEEN PWND”. CSV said County Court cases had been most severely affected. Recordings from the Supreme Court were also exposed including recordings from the Court of Appeal, the Criminal Division, the Practice Court and two regional hearings in November 2023. Some committal hearings from the Magistrates Court were affected, but the attackers were unable to access any recordings from the Children’s Court.
How it Could Affect Your Customers’ Business: Cybercriminals don’t just want data; sensitive videos, court records or transcripts can also be profitable on the dark web.
Kaseya to the Rescue: Learn more about what cybercriminals are looking for and how they make a profit in our infographic 5 Ways the Dark Web Endangers Businesses. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
New Graphus-Autotask ticketing integration
The Graphus team is excited to announce its newest innovation: Integrated Service Ticketing with Autotask. Now, you can connect Graphus with Autotask and have tickets created automatically in Autotask for each of the Graphus alert types you select: Quarantine, EmployeeShield and Phish911.
Integrating Graphus with Autotask allows you to use Autotask as your central ticketing hub where you can monitor Graphus alerts from within Autotask. You will no longer need to rely on Graphus email notifications or monitor alerts from within Graphus.
This integration provides you with the following benefits:
- Manage tickets for all your organizations and customers in one central location in Graphus.
- Set ticket attributes in Graphus for each alert type or continue to manage attributes in Autotask via Ticket Categories.
- Allow Graphus to close tickets in Autotask automatically. This keeps Graphus alerts and Autotask tickets in sync and prevents tickets from being left open for alerts that have been closed within Graphus.
- Provide an easier workflow for your technicians. When a ticket is created in Autotask, a URL in the ticket leads to a dedicated alert investigation page in Graphus.
Note that you must have subscriptions to both Graphus and Autotask to enable this integration. For more details and integration setup instructions, check out this Knowledge Base article.
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Datto’s Global State of the MSP Report: Trends and Forecasts for 2024
Datto surveyed more than 1,500 managed service providers (MSPs) worldwide to learn more about who they are and what they care about. The result: A wealth of data and insights from a diverse sample of MSPs on how they run their business, the solutions they use to serve clients, and their predictions for 2024.
SEE THE HIGHLIGHTS IN AN INFOGRAPHIC>>
Did you miss…our Keys to Selecting a Managed SOC infographic? DOWNLOAD IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
3 Spots of Good News for MSPs as We Kick Off 2024
In this ever-evolving technology landscape, managed service providers (MSPs) continue to play a pivotal role in supporting businesses worldwide. In 2023, we embarked on a journey to uncover the intricate narrative of MSPs by surveying 1,575 of these technology heroes globally. This survey aimed to learn more about their stories, understand their challenges and reveal their predictions for the year ahead. Datto’s Global State of the MSP Report: Trends and Forecasts for 2024 brings you the results of that survey, offering you key insight into the MSP business in 2024.
Explore the challenges and opportunities ahead for MSPs in Datto’s Global State of the MSP Report: Trends and Forecasts for 2024. DOWNLOAD IT>>
Revenue is rising for MSPs
Today’s MSPs aren’t merely surviving — they are thriving. As the industry witnesses an influx of new players and opportunities, especially in the area of cybersecurity, MSPs are harnessing this dynamism to innovate and grow at an unprecedented pace. There’s an encouraging narrative of increasing revenue across the industry. In fact, the majority of MSPs’ annual revenue increased by more than 10% year over year. In North America, 68% of MSPs experienced a revenue increase, and among them, 38% saw their revenue grow by more than 10%. Likewise, the revenue increase was also significant in Europe. Nearly two-thirds (64%) of MSPs in Europe experienced year-over-year revenue growth, and among them, 37% of those experienced an increase of more than 10%.
Source: Datto’s Global State of the MSP Report: Trends and Forecasts for 2024
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
The simple (work)life is trending
One resounding theme that echoed throughout the survey results was vendor consolidation. MSPs are increasingly looking to streamline their vendor relationships — a trend that not only promises to make their operations more efficient but also contributes to significant time and cost savings while preventing vendor fatigue. By utilizing one solution that offers a comprehensive suite of tools and services that cover a wide range of IT needs, MSPs can reduce the need to engage with multiple vendors and streamline the management of IT resources. Simplifying and unifying IT solutions makes the lives of IT professionals easier and more efficient.
Vendor consolidation is more than just reducing vendors — it’s about strategic partnerships. While having just one vendor may not be practical, strong relationships with a select few can boost efficiency, cut costs and yield lasting results. Dealing with fewer vendors results in a streamlined supply chain, improving procurement, delivery, deployment, asset management and services. The IT lifecycle becomes much easier to manage and enables fewer service level agreements (SLAs). Interestingly, when analyzing this data further, we found respondents with a higher percentage of recurring revenue are more interested in consolidating vendors and far less content with their current size. This supports the idea that MSPs that consolidate vendors are on their way to achieving higher overall revenue.
Source: Datto’s Global State of the MSP Report: Trends and Forecasts for 2024
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Cybersecurity is a major growth driver
Competition is undeniably stiff, with MSPs across the board citing it as their biggest challenge for the third consecutive year. However, the bright side of this heightened competition is that it isn’t just a hurdle but also a catalyst for growth and innovation. MSPs are harnessing this competition to drive innovation and are offering solutions to better meet their clients’ needs. In an industry marked by intense competition, MSPs are focusing on enhancing the customer experience. This newfound emphasis on customer experience is driven by the desire to stand out in a saturated market. It’s no surprise that improving the customer experience is now tied as the top overall strategic priority for MSPs along with revenue growth.
Competition remains a significant concern for MSPs, especially as a growing number of players continue to enter the field. For the third year in a row, MSPs across all regions said competition was their biggest challenge — 35%, up from 29% in 2022. The upside of this increased competition is that it is driving MSPs to innovate and differentiate themselves to compete. When asked about their biggest growth drivers, cybersecurity concerns and awareness were cited as the top new-business drivers (54%). Interestingly, even as competition steadily increases, so too does revenue.
Source: Datto’s Global State of the MSP Report: Trends and Forecasts for 2024
This is clearly not a race to the bottom. A growing understanding among business leaders of the critical role technology plays in a sustainable business and an awareness that this need cannot be filled with internal resources bodes well for continued growth for MSPs.
Find the solutions you need to grow your MSP in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Decoding Email Threats: Navigating the Spectrum of Spam and Phishing with Graphus
January 17 | 1 PM ET / 10 AM PT
Dive into the nuances that differentiate spam from phishing and gain a new understanding of the evolving tactics bad actors use in today’s sophisticated email threats. Discover how Graphus, equipped with advanced AI technology, provides robust protection against phishing attacks and efficiently manages the influx of unwanted spam. REGISTER NOW>>
January 28 – 30: Schnizzfest (Arizona) REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 – 13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!