--- title: "Cybersecurity Updates For The Week 13 of 2022 | Phish Protection" description: "Cybersecurity Updates For The Week 13 of 2022: Phishing attacks and social engineering tactics are only the first steps involved in a threat actor" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-13-of-2022.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-13-of-2022/" --- Quick Answer Phishing attacks and social engineering tactics are only the first steps involved in a threat actor's modus operandi, which are deployed to lure the end-user into divulging a crucial piece of information, which malicious actors can misuse for nefarious purposes. Thus, if only you stay abreast of the latest phishing hacks and adopt measures for \[protection against phishing\](/resources/protection-against-social-engineering-phishing-and-ransomware/), you would be able to thwart a significant portion of cyberattacks on your business. To this end, here are the top phishing Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-13-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2013%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-13-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-13-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-13-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2013%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2013%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-13-of-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/04/what-is-phishing-6175.jpg) Phishing attacks and social engineering tactics are only the first steps involved in a threat actor’s modus operandi, which are deployed to lure the end-user into divulging a crucial piece of information, which malicious actors can misuse for nefarious purposes. Thus, if only you stay abreast of the latest phishing hacks and adopt measures for [protection against phishing](/resources/protection-against-social-engineering-phishing-and-ransomware/), you would be able to thwart a significant portion of cyberattacks on your business. To this end, here are the top phishing headlines this week. ### Data Breach Hits Jefferson Dental and Orthodontics, Texas **Over a million Texans** may have their data exposed owing to a breach at Jefferson Dental and Orthodontics, one of Texas’s largest dental care providers. Jefferson Dental has around 72 offices across Texas, and the latest breach has reportedly compromised the details belonging to **1,026,820 Texans**. As part of its measures for [phishing attack prevention](/content/phishing-prevention/phishing-attack-prevention/), the dental care provider reported the incident to the Texas Attorney General’s Office. The episode also made it to the state’s website. This breach is significant because it is the _largest cyber-attack reported to the Texas Attorney General_ since the new notification law was implemented in September 2021. The new law mandates organizations to _report data breaches impacting over 500 individuals_ to the Texas Attorney General’s Office, and the state then publishes the list of these data breaches online. Jefferson Dental and Orthodontics also sent out breach notifications to its affected patients, informing them that there is no evidence showing the misuse of the exposed information. The notice also mentioned the type of patient information disclosed, including driver’s license numbers, Social Security numbers, financial information, health insurance information, etc. The malware attack was first discovered on 9th August 2021, and Jefferson Dental began its investigation soon after. The breach notification was released after the analysis was complete in [January 2022](https://dfw.cbslocal.com/2022/03/18/million-texans-impacted-dental-care-data-breach/?&web%5Fview=true). ### Iranian Hackers Leak Personal Details of Mossad’s Director Israel’s national intelligence agency (Mossad) director David Barnea recently became the target of a **Telegram scam** where Iranian hackers claimed to publish videos, photos, and documents obtained from a phone used by Barnea’s wife. The adversaries posted the said files on an anonymous Telegram channel which had less than a hundred followers and was created just a day before the Barnea dump. Later reports confirmed that the video was posted on a Telegram channel called ‘Open Hands’ and was part of a lengthy **intelligence operation** against Barnea (who became the head of Mossad in June 2021) that started in 2014\. A post on the channel read, “We’ve got a small gift for the Mossad; ‘With LOVE for David.’ Happy Purim.” The Mossad continues to investigate the incident. It further mentioned that the [information leaked](https://www.jns.org/iranian-hackers-leak-mossad-chiefs-personal-information/?&web%5Fview=true) is old (hence irrelevant), but the leak exposed information on Barnea, including a copy of his ID card, plane tickets, tax documents, satellite pictures of his home in central Israel, photos from one of his family vacations at Copenhagen in 2014 and a video with captions in English, Arabic, and Hebrew. ### Electoral Services Department of Wandsworth Council Exposes Residents’ Email IDs The electoral services department of Wandsworth Council in the southwest of London recently sent out a routine email to registered voters but exposed their personal details in the process. This negligence by the council culminated in sending voter identity details to the wrong recipients. Resultantly, around **13% of local residents** (43,000 voters) received the names, voting instructions, and addresses of people outside their households. The council sent an apology email to affected victims and assured them that _no electoral fraud could be conducted using the exposed data_. In a follow-up email, the council asked recipients to delete the erroneously sent email and justified its own negligence by saying that the leaked data was available on a public electoral register anyway. This concluding comment does nothing to address the concerns and fears of voters and instead evokes the unreliability of the Conservative majority council, opines Fleur Anderson (Labor MP for Putney). ![What is phishing](https://media.mailhop.org/phishprotection/images/2022/04/what-is-phishing-6175.jpg) At this point, we can only hope that [such incidents](https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/?&web%5Fview=true) do not happen again and that the council adopts necessary [phishing prevention](/) measures. It is unlikely that the Information Commissioner’s Office (ICO) will launch any formal investigation on this. ### Ransomware Hits Greek Postal Services ELTA The state-owned postal services provider in Greece, ELTA, recently underwent a **ransomware attack** that brought down most of its services. ELTA announced the attack soon after discovering it and mentioned that the organization could contain the attack’s spread by adopting immediate [phishing protection measures](/phishing-protection-best-practices-guide-thank-you/) and isolating the entire data center. ELTA eventually shared further details of the attack and claimed that the adversaries entered one of its workstations using an HTTPS reverse shell and exploiting an **unpatched vulnerability**. It is assumed that the adversaries wanted to encrypt systems critical to ELTA’s business operation. However, ELTA has not shared whether any ransom demands were made. Since cyberattacks usually involve data theft, ELTA has informed the Greek consumer data protection authority about the incident. Its services largely remain disrupted, and ELTA is uncertain when it can resume services again. Further, users have taken to the ELTA Facebook page to report their failed attempts at tracking parcels or accessing its web labeling services. ELTA’s IT team is currently working hard to scan its computers (over 2,500) for malware and is installing **security tools** to prevent such an incident from happening again. [ELTA recommends](https://www.bleepingcomputer.com/news/security/greeces-public-postal-service-offline-due-to-ransomware-attack/) that customers use its subsidiary ELTA Courier until all services are restored. ### Anonymous Targets Omega Company Omega Company is the in-house R&D unit of the Russian oil pipeline giant, Transneft. The ransomware gang Anonymous recently targeted Omega Company and stole its confidential data. The threat actor reportedly stole **79 GB of emails** belonging to Transneft, the largest global oil pipeline company. The stolen data was then published on a data leak site, _Distributed Denial of Secrets_. The data stolen from Transneft’s Omega Company contains the email accounts data of employees, technical equipment configurations, invoices, and product shipment information. An analysis of the leaked data revealed that _some of the emails were as recent as 15th March 2022_. On a somewhat surprising note, [Distributed Denial of Secrets](https://securityaffairs.co/wordpress/129276/data-breach/anonymous-transneft-data-leak.html?web%5Fview=true) said that it dedicated this breach to Hillary Clinton, who seemed to have made some comments in an interview in support of cyberattacks against Russia. ### Data Breach Hits HubSpot Customer relationship management (CRM) tool [HubSpot recently underwent a data breach](https://finance.yahoo.com/news/hubspot-hack-leads-data-breaches-043049723.html?) that affected some clients like Swan Bitcoin, BlockFi, NYDIG, and Circle. Companies commonly use HubSpot to onboard new users and manage marketing campaigns. Fortunately, the breach did not affect the operations of HubSpot’s clients in any significant way, and their treasuries remain risk-free. Clients use HubSpot to store their users’ details such as names, email addresses, phone numbers, etc. While the hack compromised these user details, the involved companies assured that _passwords and other internal information remained unaffected_. HubSpot claimed that the breach occurred because adversaries could access one of its employee accounts and used it to target around 30 stakeholders in the crypto industry. The list of these companies has not been released so far. As a result of this attack on HubSpot, some users are receiving an increased number of phishing emails leading them to a **fake credential-stealing website**. While HubSpot does its part in ensuring anti-phishing protection, users are recommended to do their bit for enhanced security. ### Cyberattack Hits National Rifle Association (NRA) ![What is phishing](https://media.mailhop.org/phishprotection/images/2022/04/what-is-phishing-6127.jpg) The National Rifle Association’s political action committee (PAC) recently submitted a filing to the Federal Election Commission (FEC) informing of a cyberattack it underwent last year. While this may seem like a measure to [prevent phishing attacks](/content/phishing-prevention/prevent-phishing/), this PAC filing comes after the organization _failed to resolve a financial discrepancy_ related to donations. A ransomware gang called **Grief** took ownership of this attack on the gun lobby’s servers in October 2021 and claimed to have stolen its sensitive internal documents. Grief actors also attached screenshots of the stolen data to prove its claim. When Grief disclosed the attack last year, the NRA did not comment on the issue, but now when things seem out of control, it has admitted the truth and accepted that it got [pwned on 20th October 2021](https://gizmodo.com/nra-confirms-hack-by-ransomware-gang-grief-1848673536?). ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 13 of 2022","description":"Cybersecurity Updates For The Week 13 of 2022: Phishing attacks and social engineering tactics are only the first steps involved in a threat actor's modus.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-13-of-2022/","datePublished":"2022-04-01T08:48:17.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-04-01T08:48:17.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-13-of-2022/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1379,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/04/what-is-phishing-6175.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 13 of 2022","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-13-of-2022/"}]} ```