MSP cybersecurity news digest, April 8, 2024

Premier Technology is an MSP that provides proactive IT strategy, systems design as well as ongoing support to optimize your business operations efficiency, increase productivity, and maximize profitability.  Its main focus is small and medium-sized businesses, so they of course were an attractive target to Play ransomware gang, that successfully compromised them in March. These bad guys stole private and personal confidential data, clients' documents, budgets, payroll, taxes, IDs, financial information, etc. 

That’s not the first or the last case in the United States, where MSPs are being heavily attacked. Overall, Acronis threat intelligence shows a high level of cyberthreats in the U.S., with 30.9% of users experiencing at least one malware detection during the month and 19.7% trying to visit a malicious URL at least once.

Regina Dental Group a group of dental offices located at Normanview Crossing, Grasslands Dental and Southland Mall. It was attacked by the Medusa ransomware gang, presumably by a phishing email.

While Canada has relatively low threat level according to Acronis threat intelligence, we are still talking about 11.2% of users experiencing at least one malware detection during March and 6.1% trying to visit a malicious URL at least once.

GFAD Gruppe is an IT solutions and services provider, that sells Sophos and Veeam products. With revenue of more than €10 million, they were hit by BlackBasta ransomware in the beginning of March.

Presumably compromised through vulnerability they lost 455 GB of data including source codes, user data, company data, financial documents and so on.

Acronis threat intelligence sees 25.6% of users experiencing at least one malware detection during the month and 16.2% trying to visit a malicious URL at least once in Germany.

Intersport France distributes sporting goods. The company offers apparel, footwear, equipment and health and wellness products. Intersport France serves clients worldwide and had an impressive $3.4 billion in revenue in 2023.

A ransomware gang named Hunters International hit them in the first dates of April, stealing more than 50 GB of data consisting of around 26,000 files, including passports, personal details, confidential information, etc. The site of Intersport France was at least a few days after the attack, which added to the huge losses we can estimate in the dozens of millions of dollars the company lost after this attack.

In March, France had quite a high level of cyberthreats, with 24% of users experiencing at least one malware detection during the month and 21% trying to visit a malicious URL at least once.

VanderHelm Logistics is a logistics service provider serving the B2B and B2C sectors with a revenue of more than $22 million in the last year. It was confirmed on March 8 that they were attacked by DoNex ransomware — most likely via a leaked password. Attackers exfiltrated 39 GB of data, including miscellaneous documents such as invoices, agreements, personal documents and other financial data.

In March, the Netherlands had a high level of cyberthreats with 25.9% of users experiencing at least one malware detection during the month and 18.8% trying to visit a malicious URL at least once.

Federchimica (Italian Federation of the Chemical Industry) encompasses 1,450 companies with approximately 94,000 employees. The 8Base ransomware gang revealed that it hacked Federchimica on March 12. These bad guys stole data including invoices, receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements, personal files and more.

Italy was also heavily targeted in March, with 27.9% of users experiencing at least one malware detection during the month and 15.1% trying to visit a malicious URL at least once.

Tamura Corporation was founded in 1924 and is headquartered in Tokyo, Japan. Tamura is a manufacturer of electronic components. On April 3, it was confirmed the company had been attacked by 8base. The attackers stole invoices, receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, personal files and others.

Manufacturing companies in Japan are quite often hit by ransomware; but while the overall threat level is not that high when compared to most other countries, during March, 15.7% of users experienced at least one malware detection and 18.2% tried to visit a malicious URL at least once.

Regency Media / Five Mile is a manufacturer of optical discs and VHS and audio cassettes for film, entertainment and music companies. The Five Mile division is a huge book publisher.

On March 26, it was confirmed that they were attacked by LockBit3.0. The exfiltrated amount of data is unknown, but it may include financial, IT, personal users’ folders, confidentiality, nondisclosure documents, etc.

According to Acronis threat intelligence, during March, 20.4% of users experienced at least one malware detection and 15.2% tried to visit a malicious URL at least once.