--- title: "Cybersecurity Updates For The Week 42 of 2021 | Phish Protection" description: "Here are the latest updates on the major hacks and attacks this week that will keep you abreast of the recent threat factors and help plan your phishing." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-42-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42-of-2021/" --- Quick Answer Here are the latest updates on the major hacks and attacks this week that will keep you abreast of the \[recent threat\](/tags/announcements/) factors and help plan your \[phishing prevention\](/) strategies. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/10/phishing-email-prevention-4662.jpg) Here are the latest updates on the major hacks and attacks this week that will keep you abreast of the [recent threat](/tags/announcements/) factors and help plan your [phishing prevention](/) strategies. ### Conti Ransomware Gang Attacks Sandhills Global _US-based information processing firm Sandhills Global recently underwent a ransomware attack_ that [disrupted its business](https://heimdalsecurity.com/blog/sandhills-shut-down-by-ransomware-attack/) operations and brought down all hosted websites. Its trade magazines include Truck Paper, TractorHouse, RentalYard, Machinery Trader, AuctionTime, Machinery Trader Auction Results, Charter Hub, Controller, and Executive Controller. Users who visited the Sandhills website during this downtime received a Cloudflare Origin DNS error page. In the interim, Sandhills Global’s phones were un-operational as well. It is suspected that the Conti ransomware gang is responsible for the attack. _To [protect against phishing](/) and prevent the malware from spreading_, the firm had to bring down its IT systems. The Conti gang operators usually steal files before encrypting systems; however, its approach in the Sandhills attack remains undisclosed. _Sandhills shared its data breach notification to customers_ where it mentioned that it had employed cybersecurity experts to look into the matter and help restore operations at the earliest. Further, the company apologizes for any delay in responses and reassures customers that their safety is a priority to Sandhills Global, and they’d do anything to keep that intact. ### MoneyLion Informs Customers of Credential Stuff Attack _Famous fintech company MoneyLion is sending out breach notification letters to customers informing them of **credential stuffing attacks** that took place in June-July this year_. The company is quite sure that its systems were not attacked and believes that [the attack was targeting](https://www.bleepingcomputer.com/news/security/moneylion-locks-customer-accounts-after-credential-stuffing-attacks/) many user accounts, the details of which were probably leaked from another online site where the customers must have used the same password. ![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2021/10/phishing-email-prevention-4662.jpg) However, MoneyLion immediately began an investigation which revealed that account compromise attempts were made twice between 13-16th July and 27-30th July. These _compromise attempts did not apply to all MoneyLion customers_, and MoneyLion’s systems at large remain unaffected. Further, there is no evidence of the leak of the driver’s license numbers, social security numbers, bank, and other details of the targeted users. As part of its measures to ensure [protection from phishing](/) attacks, MoneyLion enabled multi-factor authentication for all customer accounts and forced them to reset their passwords. ### Cyberattack Hits Two Indiana Hospitals _Cyberattacks hit two Indiana hospitals last week, which affected their IT systems_. Consequently, the hospitals had to delay procedures or direct patients to other hospitals, but both managed to provide uninterrupted healthcare services to patients amidst their security crisis. Franklin-based Johnson Memorial Health and Seymour-based Schneck Medical are the [two hospitals](https://www.govinfosecurity.com/cyberattacks-disable-networks-at-2-indiana-hospitals-a-17671) targeted by this (suspected) [ransomware attack](/resources/ransomware-attack-why-organizations-pay-ransom/). Johnson Memorial Health is working with external **cybersecurity experts** and the FBI to investigate the breach and posted about the same on their website. The hospital has adopted all necessary [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/) and is trying its best to restore the computer operations at the earliest. The hospital further updated that no surgeries or appointments had to be canceled, but it asked the patients with appointments to arrive early so that the slowed-down procedures do not harm anyone’s schedule. On the other hand, Schneck Medical Center learned about the unauthorized access of its servers on 29th September and brought down all its IT applications as a [phishing attack prevention](/) measure. The medical center has hired external security experts to investigate the breach and restore its systems ASAP. ### Ransomware Hits Marketing Firm Fimmick _Hong Kong-based marketing firm Fimmick recently underwent a ransomware attack that brought down its website_. Some of Fimmick’s popular clients include Coca-Cola, Asus, McDonald’s, and Shell. Investigations into the [breach revealed](https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/) that the REvil ransomware gang was responsible for the attack where several Fimmick databases were stolen and encrypted. These databases stored details of some popular global brands such as Kate Spade, Coca-Cola, Cetaphil, and Hana-Musubi. Researchers suggest that attackers frequently target marketing firms as they contain a lot of information on their clients, usually big enterprises themselves. _Hacking into one marketing firm is the gateway to many other firms_, and therefore marketing firms must always have a robust plan to [prevent phishing](/content/spear-phishing-prevention/how-to-prevent-phishing/) attacks. ### Former Employee Launches Attack on Secondary School Leicestershire, _UK-based secondary school Welland Park Academy recently wiped out its data and system passwords changed by a malicious former employee_. The 29-year-old IT technician of the school - Adam Georgeson, had a lot of resentment towards his former employers, and therefore, he used his admin rights to change the school systems’ passwords and wipe data. This [inconsiderate action](https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/) of Georgeson disrupted pupils’ remote learning during the Covid-19 pandemic. Georgeson launched the retaliatory attack on the school on 16th January. Shortly after, he was employed by a Rutland-based IT company where, once again, he used his privileged access to change passwords and lock users out of the system in his new workplace. Consequently, _he was arrested and pleaded guilty to two cybercrimes_. He might now be sentenced to up to 10 years in prison. This decision awaits to be taken next year on 27th January. Georgeson’s attacks on the two institutions are proof that organizations need to adopt [phishing prevention best practices](/resources/top-10-phishing-prevention-practices/) and closely monitor employee access to systems and files. ### Google Sends Attack Warnings To 14k Gmail Users Google’s head of the Threat Analysis Group (TAG), Shane Huntley, recently _pointed out that Russian government-sponsored hackers might have accessed the user accounts of **over 14,000 users**_. The company released several warnings for users but nowhere did it call the incident a [compromise of information](https://www.vice.com/en/article/93yxe3/google-blocked-russian-government-phishing-emails-targeting-14000-users). Huntley specified that the Russian state-sponsored hacker group APT 28 targeted many Gmail users using spam emails. Gmail could trace these malicious emails and immediately sent attacker warnings to the targeted users. ![Phishing protection](https://media.mailhop.org/phishprotection/images/2021/10/phishing-protection-5314.jpg) Google often detects such emails from APT groups, and warnings are regularly sent to targeted users, but this time, 14,000 users were targeted by a single group, which is a cause of concern. In addition, this attack attempt wasn’t confined to a particular place or region; it targeted people across the globe, including NGO members, journalists, and think tanks. This incident suggests two things, the Russian government hackers are spying on people irrespective of their stature, and Google is on the right path towards ensuring [phishing protection](/blog/how-to-achieve-the-best-phishing-protection/) for users. ### Cyberattack Hits Engineering Firm Weir _The Glasgow, Scotland-based engineering firm Weir recently underwent a cyberattack that brought down its IT systems and cost it millions_. Consequently, some of its [operations were interrupted](https://www.bbc.com/news/uk-scotland-scotland-business-58801753), delaying shipments **exceeding £50m** in revenue. So far, Weir has not found any evidence of the loss or encryption of any personal data. Instead of negotiating with the adversaries, Weir is working with regulators and cybersecurity experts to respond to this sophisticated attack. The company has adopted necessary [anti-phishing protection](/products/advanced-threat-defense/) measures and is striving hard to restore all affected systems on a priority basis. Several disruptions in manufacturing, engineering, etc., have emerged because of the attack and the recovery process, but Weir knows better than to comply with ransom demands. ### LockBit 2.0 Ransomware Hits EMIT Aviation Consulting Ltd. _EMIT Aviation Consulting Ltd. is an Israeli Aerospace & Defense firm recently hit by the LockBit 2.0 ransomware gang_. The adversaries are now [threatening to leak](https://securityaffairs.co/wordpress/122892/cyber-crime/e-m-i-t-aviation-consulting-ransomware.html) the data stolen from the firm on the dark web if it doesn’t comply with the ransom demands. So far, _the adversaries haven’t leaked any files as proof-of-the-attack_. The roots of the attack also remain unidentified. From its looks, LockBit 2.0 used a [ransomware-as-a-service](/blog/threat-actors-using-phishing-as-a-service-phaas/) model, like all of its other attacks. Since ransomware ads were removed from hacking forums, the LockBit operators have set up their site to advertise the LockBit 2.0 affiliate program. Customers and associates of EMIT Aviation Consulting Ltd. are advised to _adopt measures to protect themselves from phishing attacks_ since the extent of the attack is yet to be investigated. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 42 of 2021","description":"Here are the latest updates on the major hacks and attacks this week that will keep you abreast of the recent threat factors and help plan your phishing.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42-of-2021/","datePublished":"2021-10-15T07:40:30.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-10-15T07:40:30.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1315,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/10/phishing-email-prevention-4662.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 42 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42-of-2021/"}]} ```