---
title: "Cybersecurity Updates For The Week 18 of 2020 | Phish Protection"
description: "Phishing prevention cannot be assured with a single security measure, especially in recent times, when hundreds of cyberattacks take place every day."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-18-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2020/"
---

Quick Answer

\[Phishing prevention\](/) cannot be assured with a single security measure, especially in recent times, when \_hundreds of cyberattacks take place every day\_. The following headlines from the past week in cybersecurity prove precisely why you need to strengthen your organization's \*\*anti-phishing solutions\*\*.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2018%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2018%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2018%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/04/anti-phishing-service-6457.jpg) 

[Phishing prevention](/) cannot be assured with a single security measure, especially in recent times, when _hundreds of cyberattacks take place every day_. The following headlines from the past week in cybersecurity prove precisely why you need to strengthen your organization’s **anti-phishing solutions**. 

### NCSC Develops Email Reporting Service

The UK’s National Cyber Security Centre launched a Cyber Aware Campaign called [Suspicious Email Reporting Service](https://ciso.economictimes.indiatimes.com/news/covid-19-uks-new-cyber-crime-service-reports-over-5000-suspect-emails-in-one-day/75320392) on 22nd April, in which over **5,000 suspect emails** were reported within a day. 

This reporting service was launched to ensure [anti-phishing protection](/products/advanced-threat-defense/) against fake coronavirus-related messages. Within just a day of its launch, the NCSC could suspend **83 web scams**. 

Apart from ensuring [email phishing prevention](/), the Reporting Service will also assist the UK policing with live time analysis of reports and identification of new patterns in cybercrime. It encourages people to report any suspicious emails to [report@phishing.gov.uk](mailto:report@phishing.gov.uk).

![Anti phishing service](https://media.mailhop.org/phishprotection/images/2020/04/anti-phishing-service-6457.jpg) 

### Zoom Becomes The Attack Hotspot

Off late, Zoom attacks have created serious security concerns. A recent [Cisco Talos report](https://www.securityweek.com/flaw-could-have-allowed-hackers-identify-all-zoom-users-company?&web%5Fview=true) states that _attackers can attain a complete list of Zoom users within an organization_. 

Although Zoom has now taken measures for [protection against phishing](/office-365-phishing-protection/), the server vulnerability allowed any user to find all Zoom users in a network. 

Based on the XMPP standard, Zoom’s **flawed server setting** enabled random users to request the contact information of users. Details compromised in such attacks include the auto-generated XMPP username and the user’s first and last name, email address, and phone number. These details could, in turn, be used for launching **spear-phishing attacks**. 

### UniCredit Employee Data Breach

A Romania based hacker has put up the records of around [3000 UniCredit employees](https://www.infosecurity-magazine.com/news/unicredit-workers-data-for-sale/?&web%5Fview=true) on the dark web for sale. He is selling each row of **150,000 records for $10,000** and claims that he exfiltrated into the UniCredit system and stole the credentials.

_It is suspected that the attacker used a malicious code insertion technique to steal the employee data_. The compromised details include an employee’s name, email address, phone number, and encrypted password.

### Payment Processor Leaves Database Unprotected

Security researcher Anurag Sen found a [massive database left unprotected online](https://techcrunch.com/2020/04/22/paay-unencrypted-credit-card-data/). This database belonged to the New York-based card payments processor, Paay and contained **2.5 million card transaction** records. Each exposed record contained the full plaintext credit card number, expiry date, and amount spent. Although the database didn’t include the cardholder names or card verification values, _it still shows Paay’s failure at ensuring [protection from phishing](/)_.

### Ransomware Behind Torrance Attack

A recent post by DoppelPaymer hints at the seemingly false [assurance Torrance has been giving its citizens](https://www.scmagazine.com/home/security-news/cybercrime/online-leak-undermines-citys-claim-that-no-personal-data-was-affected-by-cyberattack/?web%5Fview=true) after the breach it went through in late February. DoppelPaymer’s online post included a **probation violation** form from the Torrance City Attorney’s Office, a declaration in support of access to juvenile records filed with the Superior Court of California, County of Los Angeles, and a budget import audit listing. All of these suggest that their claims of zero damage to public personal data might not have been valid after all! 

Though without evidence currently, if DoppelPaymer’s post proves authentic, then the city’s government will come out as unworthy of upholding [phishing protection](/) protocols. In times of an attack, all that the public expects is honesty, and _the government’s reluctance to share information on the ransomware behind the attack is just not acceptable_.

### Stock Market Attacks Rise

_The adversaries have now jumped from the government and banking systems to the stock market_. They are creating [fraudulent websites](https://m.economictimes.com/tech/ites/hackers-are-now-targetting-stock-markets/articleshow/75290192.cms?&web%5Fview=true) impersonating some of the leading brokerages.

Many customers have reported receiving **phishing emails** offering free brokerage during the lockdown period. _Any unsuspecting user who clicks on the attached link unknowingly gives away details_ such as his user name, password, personal identification number, or date of birth. These details are then used to login to the investor’s trading account and buy or sell transactions on illiquid penny stocks, to the benefit of the attacker.

Such attacks have increased significantly, and hence brokerages are taking [phishing email prevention](/products/advanced-threat-defense/) measures to ensure minimal losses to their investors.

### Attack on Rotorua Lakes Council

[Rotorua Lakes Council](https://www.nzherald.co.nz/rotorua-daily-post/news/article.cfm?c%5Fid=1503438&objectid=12326709&web%5Fview=true) is dealing with the _rampant problem of phishing emails_, which has been reported by some external contacts. With the most recent attack on the Council’s staff, the adversaries are impersonating their Accounts department and sending emails to the victims.

However, the Council is taking [anti-phishing measures](/office-365-phishing-protection/) and _urging the public to remain cautious and report suspicious emails_. One fundamental way to distinguish between genuine and fake emails is to **analyze the sender’s email** address.

### Security Breach At Renowned Institutions

Attackers have posted over [25,000 email addresses and passwords](https://www.msn.com/en-us/news/us/nearly-25000-email-addresses-and-passwords-allegedly-from-nih-who-gates-foundation-and-others-are-dumped-online/ar-BB130we5?&web%5Fview=true) online. The compromised details belong to the National Institutes of Health, World Health Organization, Gates Foundation, and other groups who are leading the war against COVID 19\. Australian security expert Robert Potter confirmed the authenticity of the WHO email addresses and passwords and _noted that they used passwords as simple_ as “password,” their names, or “changeme.”

SITE Group’s findings show that NIH was the most affected with **9,938 compromised email** addresses and passwords. It was followed by 6,857 records from the Centers for Disease Control and Prevention, 5,120 records from the World Bank, and 2,732 records from the WHO.

![Anti phishing service](https://media.mailhop.org/phishprotection/images/2020/04/anti-phishing-service-6458.jpg) 

### Ransomware Attacks On US Decline

_The only silver lining of the pandemic COVID 19 is the surprisingly less number of ransomware attacks on the United States_. Emsisoft researchers have estimated the attacks in 2020 to be as intense and frequent as in 2019, if not worse. But owing to COVID 19 and Work from Home, the [number of attacks has declined](https://www.infosecurity-magazine.com/news/us-ransomware-attacks-plummet/?&web%5Fview=true), with only 89 reported attacks in the Q1.

But on the downside, _attacks continue targeting the private sector despite attempts to [prevent phishing](/) attacks_.

### Chinese Hackers Target Gravity Co. Ltd

The Chinese Winnti Group of hackers has recently targeted [South Korean video gaming company Gravity](https://www.securityweek.com/chinese-hackers-target-south-korean-gaming-company?&web%5Fview=true). They have launched attacks on several organizations in the immediate past. _A public online malware scanning service analyzed a Winnti dropper and could extract the malware’s configuration file_. They revealed that the adversaries had probably used this sample to target the video game company Gravity Co. Ltd., which is renowned for the massive multiplayer online role-playing game (MMORPG) Ragnarok Online.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 18 of 2020","description":"Phishing prevention cannot be assured with a single security measure, especially in recent times, when hundreds of cyberattacks take place every day.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2020/","datePublished":"2020-04-30T05:26:16.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-04-30T05:26:16.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1044,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/04/anti-phishing-service-6457.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 18 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2020/"}]}
```