Cybersecurity threats and breaches in 2024 didn't slow down. But MSSPs have been there to detect issues, respond to incidents and protect organizations from cyber criminals.
In 2024, our Top 10 Most Read Stories at MSSP Alert reflect MSSP and security-focused MSPs' concentration on what matters most to the cybersecurity channel — vulnerabilities, breaches, business deals, the cybersecurity marketplace, top cybersecurity certifications and breach liability. Here's a round up of our top stories in 2024:
1. Top 10 Cyberattacks of 2023
Some of the largest and most damaging cyberattacks on record occurred in 2023 — and MSSP Alert covered them all.
These incursions into business and government’s most sensitive and critical information and data foreshadow a new year when we can expect even more ransomware, malware, phishing — you name it — attacks. More than ever, MSSPs, MSPs and all cybersecurity providers will need to raise their game to protect their customers, themselves included, from the endpoint and beyond.
2. Comcast Faces Lawsuits over Breach of 36M Accounts
Comcast already faces at least two class action lawsuits over a massive data breach that exposed nearly 36 million U.S. Xfinity accounts after cyber attackers broke into its systems in mid-October, 2023, by exploiting a vulnerability in Citrix software.
The cable wing of Comcast does business as telecom Xfinity. The lawsuits filed in Pennsylvania federal court this month allege that unidentified hackers exploited a “critical-rated, unpatched security vulnerability,” according to classaction.org, which reported the filings.
One lawsuit contends that "Comcast admittedly failed to safeguard the sensitive personal identifying information of millions of its consumers or implement robust security measures to prevent this information from being stolen.” Another alleges that the Xfinity customers would not have bought the service had they known their data was at risk.
Under new Security and Exchange Commission (SEC) rules that went into effect on December 18, 2023, public companies experiencing a “material” breach are required within four days to report the incident plus other associated information. So far, according to a review of Comcast SEC filings, the company had not made any related filings with the regulatory watchdog as of December 22, 2023.
3. Law Firm Sues MSP Over Black Basta Ransomware Attack
A managed service provider (MSP) has been slapped with a lawsuit by a prominent Sacramento, California law firm alleging that it failed to protect it from a ransomware attack that took down its systems.
The lawsuit, which has generated a significant amount of chatter in the channel community, filed by the law firm Mastagni Holstedt in Sacramento Superior Court, claims that LanTech LLC, a privately-owned Sacramento company, failed to adequately protect it from the attackers.
MSSP Alert has reviewed the complaint in which Mastagni is seeking more than $1 million in damages. The firm employs 42 lawyers.
4. UnitedHealth Group: A Cyberattack Timeline
The massive cyberattack that hit Change Healthcare on February 21, 2024 impacted hundreds of pharmacies worldwide, patient care included, and appears to have been the work of the infamous ALPHV/BlackCat ransomware crew. Change Healthcare is part of insurer UnitedHealth Group’s Optum healthcare business. In 2022, Change Healthcare merged with Optum.
Change Healthcare provides prescription processing services through Optum, which in turn supplies technology services for more than 67,000 pharmacies and care to more than 100 million individual customers. Change Healthcare processes 50% of all medical claims in the United States.
Optum listed more than 100 Change Healthcare services that were affected by the breach. Also disrupted were critical functions such as benefits verification, claims submission and status updates, remittance information transmittal and prior authorization, according to the Healthcare Financial Management Association.
5. Palo Alto Networks Buys IBM QRadar
For devoted customers of IBM Security’s QRadar cybersecurity product line, it was a bit of a seismic shock when Palo Alto Networks recently announced that it was buying the QRadar unit from IBM and changing how customers will get their QRadar services and support.
The May 15 deal came as a surprise because IBM has historically been active in improving and developing the QRadar product line, including a November 2023 announcement that it was retooling its QRadar security information and event management (SIEM) system to help users scale their hybrid cloud and artificial intelligence (AI) workloads.
That announcement also included plans from IBM to integrate generative AI capabilities within its QRadar threat detection and response products by tying in its watsonx data and AI platform. And in April 2023 IBM had announced the launch of its then-new IBM Security QRadar Suite, which was built to streamline security analyst experiences across the full incident lifecycle.
But now IBM is changing that earlier strategy by selling its SaaS-based QRadar line to Palo Alto Networks and moving to work with Palo Alto to provide AI-powered security consulting services to customers in the future, according to the companies.
6. IT Consulting Firm Blames MSP for Data Breach
An IT consulting firm being sued in federal court for a data breach says it is not at fault. Instead it is pointing the finger at a managed service provider (MSP) for failing to secure its network, exposing it to the breach that affected more than one million people.
Berry, Dunn, McNeil & Parker, a Portland, Maine-based IT and accounting consultancy that operates a medical data analytics business, blames Reliable Networks, an MSP based in Biddeford, Maine. At issue is the failure to protect 1.1 million individuals’ personally identifiable information (PII) stored by Reliable's Health Analytics Practice Group (HAPG). Some 3,100 Maine residents were affected in the security breach.
BerryDunn receives PII from its customers to conduct analytics services. However, it is BerryDunn, not Reliable, that is being sued in U.S. District Court in Portland, Maine by nine customers. Those customers are accusing BerryDunn of negligence, unjust enrichment, and breach of fiduciary duty owing to the data theft.
In the BerryDunn action, the plaintiffs hope to form a class-action lawsuit, complaining that it took BerryDunn seven months after the September 2023 breach to notify them of the theft. Whether BerryDunn intends to sue Reliable remains to be seen.
7. China-Backed Salt Typhoon Hack Into AT&T, Verizon Networks
Details of the work of the Chinese state-sponsored threat group Salt Typhoon, first discovered late last month targeting U.S. internet service providers (ISPs), are becoming clearer.
According to a report this week in the Wall Street Journal, the advanced persistent threat (APT) attackers breached the networks of such major broadband providers as AT&T and Verizon possibly by compromising systems used by law enforcement agencies for lawful wiretapping and other activities.
Citing unnamed sources, the news outlet said Salt Typhoon – also known as GhostEmperor and FamousSparrow – also infiltrated Lumen Technologies’ networks and targeted some organizations outside of the United States, according to the WSJ and Washington Post.
The goal of the threat group, which is believed to be part of the Chinese government’s foreign spy service – the Ministry of State Security – appears to be to gather information, possibly about Chinese nationals that the U.S. government may be targeting for surveillance. The hackers for months may have had access to the “network infrastructures used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk,” sources told the WSJ.
8. Microsoft Admits Code Stolen in Midnight Blizzard Attacks
In early January, Microsoft revealed that a Russian-backed cyber syndicate had lifted information from the email accounts of some of its senior leadership team and employees in its cybersecurity, legal and other functions.
The actual event had occurred the prior November. The company has yet to identify the affected employees or disclose which emails and attached documents had been exfiltrated. In that case, the Midnight Blizzard (aka Nobelium) hackers lurked in Microsoft’s systems for months.
Now, in a security update and an 8-K filing, Microsoft provides more information on the incident Midnight Blizzard carried out by the same crew that orchestrated the high-profile SolarWinds attack. It’s also the same perpetrators that the vendor warned about in December 2020 in a four-part blog series.
In what it called an “ongoing” attack, Microsoft acknowledged in the latest update that the Nobelium intrusion had led to some source code being stolen.
9. Cybersecurity Layoffs: Is the Market Quietly Contracting?
Following substantial layoffs in the security sector during 2023, new job cuts ushered in the new year. Now with the all-but-certain impact of AI on cyber thieves, defenders and growth, is the cybersecurity market expanding or is it quietly contracting?
How would either condition affect MSSPs and MSPs? Is the ever-increasing volume of cyberattacks enough to keep the market growing with the demand for trained security professionals? Ultimately, how will zero days, ransomware and data breach after data breach play out for the cyber protectors?
While most, if not all analyst projections point to cybersecurity growth and upward spikes in employment, there are some indicators that the market may instead be set up to shrink.
10. 5 Top-Paying Cybersecurity Certifications
The number of cybersecurity professionals trained to defend against cyberattacks keeps growing in what is commonly referred to as "the cyber skills talent gap."
It’s a worldwide problem, with the gap closing in on four million open jobs amid a shortage of trained and qualified people to fill them. What’s more, rapidly emerging technologies such as artificial intelligence (AI) are making divides in knowledge and experience more evident.
Finding the right people to fill job opportunities isn’t easy but looking for professionals with certifications from qualified bodies certainly helps. As for trainees, people new to the field are best suited to obtain certifications offered by major organizations because they’re readily recognized by hiring companies.
