--- title: "Cybersecurity Updates For The Week 10 of 2022 | Phish Protection" description: "Cybersecurity Updates For The Week 10 of 2022: Threat actors are leveraging the ongoing Russian-Ukrainian tensions to launch cyberattacks worldwide." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-10-of-2022.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2022/" --- Quick Answer Threat actors are leveraging the ongoing Russian-Ukrainian tensions to launch cyberattacks worldwide. \_Organizations need to be more vigilant than ever to keep their information assets from falling into the hands of cyber adversaries\_. Here are this week's \[phishing and data breach updates\](/tags/announcements/) from around the world. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/03/what-is-a-zero-day-attack-5443.jpg) Threat actors are leveraging the ongoing Russian-Ukrainian tensions to launch cyberattacks worldwide. _Organizations need to be more vigilant than ever to keep their information assets from falling into the hands of cyber adversaries_. Here are this week’s [phishing and data breach updates](/tags/announcements/) from around the world. ### Avast Release Free Decrypter For Files Encrypted By The HermeticRansom _Avast has finally released a decryptor for the HermeticRansom_, which recently launched several attacks on Ukraine. The [free decryptor released by Avast](https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html) is one of the many attempts security firms make to _help Ukrainians recover their files from these attacks for free_. The HermeticRansomware attacks involved the HermeticWiper, HermeticWizard, and the HermeticRansom. However, the ransomware creators didn’t do a thorough job as experts at Crowdstrike could locate a **logic flaw in its encryption** which could easily be broken. This was probably because their primary intention behind ransomware creation was not encryption. While reporting the findings of Crowdstrike’s Intelligence Team, Avast mentioned that _HermeticRansom’s crypto schema could be decrypted for free_. Avast is helping people with the free decryptor on its websites. As part of its [phishing attack prevention](/content/protection-from-phishing/how-to-stop-phishing/) measures, Avast urges victims of HermeticRansom to use the same facility to recover their files. ### Data Stolen in T-Mobile Data Breach Circulating Online: Warn Law Enforcement Agencies In the aftermath of a cyberattack on T-Mobile in August 2021,\_ law enforcement officials from several states are now alerting people of the possible circulation of their data on dark web platforms\_. Letitia James, New York Attorney General, along with officials from Florida, California, and other states, recently announced that because of the **massive data breach** on T-Mobile last year, their personal information has fallen into the wrong hands and is now [circulating in cybercrime forums online](https://www.cyberscoop.com/t-mobile-breach-dark-web-warning-attorneys-general/). _This breach compromised the data of millions of former, current, and prospective T-Mobile customers_ and could easily be used for financial and [identity theft](/blog/understanding-business-identity-theft-and-what-makes-businesses-vulnerable-to-these-identity-thefts/), among other crimes. In August, the attackers announced that T-Mobile’s [phishing protection](/) measures were miserable, and law enforcement is prying into the matter for further details. The compromised data include customers’ names, social security numbers, DOBs, ID numbers, driver’s licenses, international mobile subscriber identities, international mobile equipment identities (IMEIs), etc. The last two from this list are unique to each device and cannot be reset, increasing the threat factor. **Identity protection services** have already notified affected customers, and despite the increased implementation of cybersecurity measures, data breaches continue happening. The states request people to remain vigilant and report any suspicious activity witnessed in their accounts. ### Data Breach Hits Monongalia Health System _A data breach recently hit the Monongalia Health System (Mon Health)_, which may have compromised data belonging to partners, employees, and patients. The attack was first discovered on 18th December when some of Mon Health’s IT **systems were disrupted**. Reportedly, the adversaries were inside the healthcare system’s network between 8th December and 19th December. However, the [data theft was spotted](https://www.securityweek.com/healthcare-company-mon-health-discloses-second-data-breach) much later, and fortunately, _the attackers could not access its health electronic records systems_. The affected data includes victims’ names, DOBs, addresses, social security numbers, medical record numbers, health insurance claim numbers, medical treatment information, patient account numbers, etc. As part of its measures to [prevent phishing attacks](/content/phishing-prevention/), Mon Health brought down and hardened its network, notified relevant authorities, and reset enterprise-wide passwords. So far, Mon Health has not disclosed the number of affected individuals, but it has begun notifying them of the **breach via email**. ![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2022/03/what-is-a-zero-day-attack-5443.jpg) ### Cyberattack Hits Logan Health Medical Center Following a sophisticated cyberattack on its IT systems, Logan Health Medical Center is notifying **213,543 patients**, business associates, and employees of the possible compromise of their personal and health data. _Logan Health first detected suspicious activity in one of its eight servers_ on 22nd November 2021\. These servers were used to store protected health information and conduct other business operations. It soon launched an investigation into the incident and found that certain files, including employee PHI, were [accessed by unauthorized third parties](https://www.scmagazine.com/analysis/breach/logan-health-cyberattack-server-hack-leads-to-data-access-of-214k-people). Fortunately, the _electronic medical records were not affected by the breach._ Reportedly, the **data stolen** varied by individual and could include all or some of these, names, DOBs, social security numbers, email addresses, contact details, etc. To ensure [anti-phishing protection](/products/advanced-threat-defense/) for all, the medical provider is _extending one year of free identity monitoring service for all affected individuals_. Logan Health’s CEO, Craig Lambrecht, reminded employees of the importance of protecting patients’ PHI. He extended tips of the [phishing prevention best practices](/content/phishing-prevention/phishing-prevention-best-practices/) and will soon launch a program to [train employees](/products/phishing-awareness-training/) in cybersecurity. ### Cyberattack Hits Insurance and Professional Services Giant AON _A cyberattack recently hit the insurance and professional services giant AON_, which affected a limited number of its systems. AON provides a range of professional solutions, including reinsurance, business insurance, cybersecurity consulting, healthcare insurance, risk solutions, and wealth management products. With _operations in 120 countries and over 50,000 employees_, AON generated annual **revenue of $12.2 billion** in 2021\. The firm filed an 8-K form with the Securities and Exchange Commission (SEC) [reporting a cyberattack](https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/) that affected its systems on 25th February 2022. AON has not mentioned any significant details about the breach, such as the attacker details, and only stated that a limited number of systems were affected. Soon after detecting the attack, _AON launched its internal investigation and hired third-party cybersecurity experts_ for a detailed analysis and better deployment of [anti-phishing solutions](/content/anti-phishing/). Reportedly, the incident did not significantly impact the company’s operations. Because AON is a reinsurance company, meaning it insures the insurance companies (thereby receiving substantial data dumps of insurers’ clients), it becomes an attractive target for the adversaries. A thing to note about attacks on insurance companies comes from one of the interviews of the REvil gang where it called insurers _one of the tastiest morsels_ because they become a source of possible targets who can pay the ransom since they have cyber insurance policies. ### A Game of Attacks Between Lapsus$ and Nvidia Although there isn’t any evidence of it yet, many online security groups claim that the South American hacker group Lapsus$ had attacked Nvidia. They also reported that Nvidia responded to the Lapsus$ attack with an attack in return. Reportedly, Nvidia also encrypted the stolen data and ransomed back Lapsus$ machines. ![What is phishing](https://media.mailhop.org/phishprotection/images/2022/03/what-is-phishing-5443.jpg) Nvidia is investigating the attack, which supposedly compromised all of Nvidia’s internal systems. Around the same time, Lapsus$ confessed to stealing 1TB of data from Nvidia. The former is now threatening Nvidia to leak the stolen data (including Nvidia employees’ security details and passwords). Lapsus$ provided some screenshots to support its claims, but they cannot be considered concrete proof, and Lapsus$ may or may not have Nvidia’s data. Lapsus$ later confirmed that Nvidia had hacked it in return using a virtual machine it left enrolled in Nvidia’s mobile device management program, thereby enabling the latter to use it as a backdoor. It further mentioned that Nvidia remotely encrypted the data Lapsus$ had stolen and removed the latter’s access to the Nvidia network. Yet other sources claim that Lapsus$ had already circulated Nvidia employees’ security details on Telegram, but this information remains to be verified. But if the initial reports are accurate, then Nvidia probably had enough time to update its employees’ security details and dissolve the[ hacked data](https://www.techspot.com/news/93568-nvidia-allegedly-hacked-hackers-stole-data-back.html). ### Cyberattack Hits Camera Maker Axis A cyberattack hit the IT systems of the Swedish Camera maker Axis on 20th February. The attack was first detected by Axis’s cybersecurity and intrusion detection system, and soon after noticing the attack, the company shut down all its global services. So far, Axis has no reason to believe that customer or partner data was affected in the incident. They were able to stop and contain the attack before its completion. Axis has restored its high-priority external services and is in the process of restoring the rest without jeopardizing security. It apologized for the disruption in connection caused by the attack and justified it as a necessary measure to ensure minimal loss to everyone and adequate protection against phishing. While[ Axis tweeted](https://www.zdnet.com/article/swedish-camera-giant-axis-still-recovering-from-cyberattack/) about the attack, it did not respond to further comments and said that the Camera Station License System and its Case Insight tool in the US were dealing with the outages. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 10 of 2022","description":"Cybersecurity Updates For The Week 10 of 2022: Threat actors are leveraging the ongoing Russian-Ukrainian tensions to launch cyberattacks worldwide.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2022/","datePublished":"2022-03-12T19:58:47.000Z","dateModified":"2026-04-17T16:29:18.000Z","dateCreated":"2022-03-12T19:58:47.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2022/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1381,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/03/what-is-a-zero-day-attack-5443.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 10 of 2022","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2022/"}]} ```