---
title: "Cybersecurity Updates For The Week 15 of 2020 | Phish Protection"
description: "Cybersecurity in these tough times is essential to ensure phishing prevention and to keep the money in your bank accounts safe to survive the global economic."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-15-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-15-of-2020/"
---

Quick Answer

Cybersecurity in these tough times is essential to ensure \[phishing prevention\](/) and to \_keep the money in your bank accounts safe to survive the global economic\_ fall that's ahead of us. The following headlines from the past week in cybersecurity shall help you \*\*strengthen your security\*\* measures:

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-15-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2015%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-15-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-15-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-15-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2015%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2015%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-15-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/04/what-is-phishing-8246.jpg) 

Cybersecurity in these tough times is essential to ensure [phishing prevention](/) and to _keep the money in your bank accounts safe to survive the global economic_ fall that’s ahead of us. The following headlines from the past week in cybersecurity shall help you **strengthen your security** measures:

### FIN7’s Gift Card Trap

The FBI has recently found the threat actor group [FIN7 guilty of luring victims](https://cyware.com/news/newly-discovered-rubber-ducky-attacks-use-free-gift-cards-to-trick-users-into-using-malicious-usb-sticks-fe36b267) with fake gift cards to steal their personal information. This time, they are _sending out emails informing victims that the retail chain ‘Best Buy’ is extending a $50 gift card to its loyal customers_. To increase credibility, they also included a USB drive claiming to list the items purchasable through the gift card.

To [prevent phishing attacks](/products/advanced-threat-defense/), refrain from opening the USB drive because it silently **steals information** from a device by displaying a message of USB Malfunction on the screen. The information accessed via this method includes the username, hostname, user’s system privilege, computer model, memory capacity, OS serial number, language code, number of users, OS build, OS version, free memory available, etc.

### Phishers Create Fake RBFCU Login Page

The adversaries have created a [phishing page](https://blog.sucuri.net/2020/04/multi-step-phishing-kit-targeting-credit-union.html?web%5Fview=true) impersonating the Texas-based financial institution Randolph-Brooks Federal Credit Union (RBFCU) to **extract personal details** of its 850,000 members.

_The page is indifferentiable and asks users for details in four steps_. On the first page, you need to enter your account username and password. While the second page **asks for security identification** information, the third asks for your email address and password. With all these details, the attackers also ask for personally identifiable information, such as debit card number, expiration dates, ATM PIN, account number, and social security number on the final identity verification page.

Giving these details to attackers doesn’t leave much for them to find out. But it speaks a lot about _the lack of phishing attack prevention measures with people which the attackers repeatedly keep exploiting_.

### Racoon Uses Drive To Avoid Detection

The [Racoon malware](https://securityaffairs.co/wordpress/100869/malware/raccoon-abuses-google-services.html?web%5Fview=true) was first spotted in April 2019, and _it has infected over 100,000 users_ since then. Working as a **malware-as-a-service** (MaaS), Racoon was designed to steal credit card data, email credentials, cryptocurrency wallets, and other sensitive data.

![What is phishing](https://media.mailhop.org/phishprotection/images/2020/04/what-is-phishing-8246.jpg) 

But the recently discovered trait of this malware is its use of Google Drive to evade detection by [anti-phishing services](/office-365-phishing-protection/). _After infecting a machine, the malware connects to a Google Drive URL to decrypt the actual C&C server_. Sixty-seven IP addresses that were used as C2 servers have been identified so far, and a lot of these were associated with Google Cloud Services. Organizations should take measures to **prevent phishing attacks** based on past attacks by malicious malware. 

### SOS Online Backup Leaks 135M User Records

California based [SOS Online Backup](https://www.infosecurity-magazine.com/news/secure-backup-company-leaks-135/?&web%5Fview=true) had left a **database unprotected** online recently. _This database contained details of over 135 million of its customers_. Although the company remained unresponsive both times it was contacted, they did fix the issue on 19th December 2019\. 

But this **breach exposed 70GB** of structural, reference, descriptive, and administrative metadata and personally identifiable information like names, emails, phone numbers, business details (for corporate customers), and account usernames.

Customers and employees of SOS Online Backup should anticipate an attack and adopt [phishing prevention](/) best practices well in advance.

### Dharma Source Code On Sale

The creators of [Dharma (Crysis)](https://cyware.com/news/source-code-of-dharma-ransomware-put-up-for-sale-on-russian-hacking-forums-46e3c72e) are selling their **source code for $2000**, _which shall enable attackers to create their versions of the ransomware_, thus intensifying the threat factor. Ever since its entry in 2016, the operators of _Dharma have made over $24 million from its victims_.

It has attacked systems in Russia, Japan, South Korea, North Korea, and Brazil and is one of the **biggest ransomware networks** in the world today. Even the [anti-phishing measures](/products/advanced-threat-defense/) adopted by larger enterprises are barely able to fight this giant malware, which came up with three new versions in the past week alone.

### Indians Do Not Back Up

A survey conducted by Avast and AVG on its users between February 20-March 25 revealed that [half of the Indians do not keep back up](https://ciso.economictimes.indiatimes.com/news/45-of-indians-do-not-back-up-their-data-files-survey/74894530) files of their data. _This is either because they don’t feel the need for it, don’t know how to do it, or are not aware that their files are being backed up in the background_.

Such a casual and ignorant approach to [phishing protection](/) makes them all the more **vulnerable to ransomware** and other malware, such as wipers attacks, which do not necessarily unlock data in spite of paying a ransom.

### 42 M Telegram Records Leaked

A trove containing [42 million records of Telegram users](https://www.infosecurity-magazine.com/news/privacy-snafu-exposes-42-million/?&web%5Fview=true) was found unprotected on an Elasticsearch cluster by security researcher Bob Diachenko and the Comparitech team on 21st March. Though deleted by 25th March, _the possibility cannot be eliminated that someone might have posted the data on a hacking forum by now_.

The exposed details included user account IDs, phone numbers, names, and hashes and secret keys. This information can be used by third-party hackers in financially motivated attacks, an example of which are the **SIM swap attacks**. Affected users are advised to take adequate [phishing prevention](/) measures to protect themselves from **potential phishing attacks**.

### Second Attack On Marriott International

A [second attack](https://www.verdict.co.uk/marriott-second-data-breach/) has been launched on the Marriott International hotel chain, and this time, _the attackers got using the login credentials of two employees at a group hotel operating as a franchise_. This attack exposed details (names, addresses, birth dates, gender, email addresses, and telephone numbers) of around **5.2 million guests**. _The authorities speculate that the attack began in and also exposed details_ like employer name, gender, room stay preferences, loyalty account numbers, etc.

![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2020/04/what-is-a-zero-day-attack-8436.jpg) 

Although the hotel says that passports, payment details or passwords weren’t exposed in the breach, it is only wise for people to take measures for [protection against phishing](/). Marriott is doing its part by notifying authorities and the affected people. They have also set up a website aimed at helping the affected people.

### Data Breach At Ozark Orthopaedics

In another attack on a medical facility, Arkansas-based [Ozark Orthopaedics underwent a data breach](https://ryortho.com/breaking/ozark-orthopaedics-data-breach-exposes-over-15000-patients/?web%5Fview=true) that exposed data belonging to 15,240 patients.

_Ozark Orthopaedics had seen some suspicious activity in its email system in late 2019_. After investigating and securing their email system, they found that four of their employee email accounts had been compromised. The information exposed because of this attack includes patient names, treatment, diagnosis, prescription, medication, and health insurance information along with Medicare/Medicaid identification numbers, social security numbers, and financial account information.

_Ozark Orthopaedics believes that no information has been misused so far_. However, we recommend taking [anti-phishing measures](/products/advanced-threat-defense/) well in advance.

### Security Issue With Zoom

Researchers have found [a security issue with the Zoom Windows](https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-run-programs-via-unc-links/), which allows attackers to steal the credentials of users. Zoom allows its clients to communicate via text messages. _If they happen to send any URLs on text, these get converted to the UNC path link_, which, when clicked, will send the user’s login name and NTLM password hash to the remote site. These password hashes can be easily cracked using **free tools like Hashcat**.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 15 of 2020","description":"Cybersecurity in these tough times is essential to ensure phishing prevention and to keep the money in your bank accounts safe to survive the global economic.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-15-of-2020/","datePublished":"2020-04-11T10:51:16.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-04-11T10:51:16.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-15-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1197,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/04/what-is-phishing-8246.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 15 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-15-of-2020/"}]}
```