---
title: "Cybersecurity Updates For The Week 46 of 2020 | Phish Protection"
description: "Cybersecurity Updates For The Week 46 of 2020: The world of phishing is an ever-evolving one . There are measures and countermeasures that keep coming back."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-46-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2020/"
---

Quick Answer

Phishers have adopted a new \[technique\](https://www.bleepingcomputer.com/news/security/sneaky-office-365-phishing-inverts-images-to-evade-detection/?&web\_view=true) to lure Microsoft Office 365 users. This \[Office 365 phishing\](/office-365-phishing-protection/) campaign has a unique way of avoiding getting flagged using inverted images as backgrounds, \*\*disrupting the flagging mechanism\*\*. This way, those \_threat actors evade the internal process of identification\_.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-4523.jpg) 

_The world of phishing is an ever-evolving one_. There are measures and countermeasures that keep coming back and forth. Cybersecurity specialists are always on the lookout for newer methods to create a firewall against such malicious events; [anti-phishing](/) is one of the major drives that cyber specialists undertake to safeguard their systems. However, the regular consumers of the technology can’t always take up those sophisticated measures to keep their information systems safe, which is why _it is crucial to stay abreast of the latest modus operandi undertaken by these malicious actors_. Here are the weekly news headlines to keep you informed of the same.

### Phishing Hits Office 365: Inverts Images, Evades Detection

Phishers have adopted a new [technique](https://www.bleepingcomputer.com/news/security/sneaky-office-365-phishing-inverts-images-to-evade-detection/?&web%5Fview=true) to lure Microsoft Office 365 users. This [Office 365 phishing](/office-365-phishing-protection/) campaign has a unique way of avoiding getting flagged using inverted images as backgrounds, **disrupting the flagging mechanism**. This way, those _threat actors evade the internal process of identification_.

The inverted method is a usual way to clone legitimate login pages. _It is done to capture the login credentials of bona fide users by tricking them into thinking it to be the real website_. Users are advised to be careful while using the official pages of Microsoft Office 365.

### Spoofed Emails: An Iranian Connection

The US presidential election is turning out to be a test for not just the incumbent and the contender but also for law enforcement agencies. An [Iranian](https://cyware.com/news/iranian-hackers-using-spoofed-emails-to-steal-election-data-81036fd7) hacking group has been making repeated attempts to **steal voter information** from various election-related sites. The Federal Bureau of Investigation is trying to identify the various TTP that are being used for these activities.

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-4523.jpg) 

On October the 30th, a joint CISA, and FBI advisory had warned of such an attempt by the same groups. It also mentioned that there would be countless phishing activities and that [robust anti-phishing](/products/advanced-threat-defense/) measures need to be put into place.

### Cryptocurrency Services And Exchange: The New Malicious Battleground

[Cryptocurrency](https://cyware.com/news/cybercriminals-siphoning-funds-from-cryptocurrency-services-and-exchanges-eea23e9d) has gained fame in a short period. It has illustrated how technology can be used to store money and enable transactions digitally.

However, it has also been in the crosshairs of cybercriminals. Recent reports suggest that _funds (amounting to several millions of dollars) have been siphoned off by cybercriminals from the cryptocurrency services and exchanges_, such as **stealing approximately $24 million** worth of cryptocurrency assets from Harvest Finance.

### Strategies To Prevent Fraud: A Future Proof Journey

Newer standards have been established, and protocols changed to counter the ongoing coronavirus pandemic. However, the threat of [fraud](https://www.darkreading.com/vulnerabilities---threats/fraud-prevention-strategies-to-prepare-for-the-future/a/d-id/1339172?&web%5Fview=true) has remained largely unchanged. _Online tricksters have been able to whisk away almost **$156 million** from January to October, in COVID-19, related fraudulent activities_.

This has prompted CXOs from organizations worldwide to think of ways to stand up to the menace. There is also a thinking that focuses on continuing with the present protocols once the situation improves. To begin with, a process of understanding them and then categorizing them is currently underway.

### Ransomware False Promises: Data Still Being Held By Cyber Adversaries

More and more companies are falling prey to **ransomware attacks**. [Research](https://www.bankinfosecurity.com/blogs/data-exfiltrating-ransomware-gangs-pedal-false-promises-p-2965?&web%5Fview=true) has shown that there has been an _increase of nearly 20% over year on year basis_. However, what’s worrisome is the false promises made by threat actors, which has kept every ransomware victim on their tenterhooks. While companies have been paying to keep their data out of public view, Ransomware gangs are not deleting them after getting the payment.

The market has got more lucrative over the years. A cursory look will tell the viewer that the amount extorted on an average has grown bigger. This is because the targets have become more prominent, and more massive amounts are now being asked for ransom.

### 1.1 Million Accounts Hacked, Alibaba-Owned Lazada In A Tizzy

Singapore based e-commerce firm [Lazada](https://www.reuters.com/article/us-alibaba-singapore-lazada/alibaba-owned-lazada-suffers-data-hack-of-1-1-million-accounts-idUSKBN27F25X?&web%5Fview=true) has had a major cyber breach. _1.1 million accounts have been hacked, and personal information and partial credit card numbers stolen_. This is a catastrophic event considering the city of Singapore has a population of only 5.7 million.

The information that has been accessed illegally are:

- names
- phone numbers
- email and mailing addresses
- encrypted passwords
- partial credit card numbers

It has moved immediately to **block access to the database** so that current operations are not hampered.

### SEC Hack Case: A Settlement Reached

_In 2016, the SEC’s corporate database was hacked by two traders who went on to make an enormous profit from it_. However, a settlement has now been reached whereby the two traders will be **paying $425,000** as regulatory claims. This amount is minuscule compared to the amount of money they were able to earn as profits.

![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-solutions-4125.jpg) 

_The hacking of the corporate database of the Security and Exchange Commission was a major embarrassment_. It had led to much soul searching and fact-finding. But a travesty of the law is also evident from the fact that no dire consequences were faced by the guilty. The [hackers](https://www.wsj.com/articles/traders-settle-case-tied-to-hack-of-secs-corporate-database-11604612970?&web%5Fview=true), who are citizens of Ukraine, continue to live free.

### Ransomware Against Hospitals: A New Reality

[Hospitals](https://www.scmagazine.com/home/security-news/ransomware/picture-this-cynergistek-ceo-paints-bleak-picture-of-ransomware-attacks-against-hospitals/?web%5Fview=true) have had a tough year so far. First, they had to deal with the dreaded virus and the ensuing pandemic, and now the **ransomware attacks**. _Late September saw hundreds of hospitals under the United Health Services get attacked by a Ryuk ransomware infection_.

This led to their systems getting disrupted. The existing [anti-ransomware solutions](/products/malware-and-ransomware-protection/) were grossly inadequate in dealing with the event. Such was the interruption that there was a joint threat assessment advisory issued by CISA, FBI, and the Department of Health and Human Services regarding the same. It has been envisaged that future events could be even **more catastrophic** if no steps are taken now.

### US Cyber Command Action Against Iran To Secure Election 2020

As part of its ongoing effort to secure the presidential elections, 2020, the US [Cyber Command](https://www.washingtonpost.com/national-security/cybercom-targets-iran-election-interference/2020/11/03/aa0c9790-1e11-11eb-ba21-f2f001f0554b%5Fstory.html?&web%5Fview=true) has undertaken cybersecurity measures to **counter cyber threats** that seem to be coming from Iran.

This was done in response to the action taken by hackers who worked for the Islamic Revolutionary Guard Corps. _Threatening emails were to the voters whilst posing as a far-right group_. A video was also sent to drive down confidence in the voting process. While no specifics were mentioned in the press conference, Gen. Paul Nakasone, who leads both the NSA and the military’s cyber command, was extremely pleased with the outcome of these operations while warning that many more were to come.

### Campari The Latest Victim To A Ransomware Attack

_The famed [Campari](https://www.zdnet.com/article/italian-beverage-vendor-campari-knocked-offline-after-ransomware-attack/?&web%5Fview=true) group was not spared by ransomware as a large part of its IT infrastructure was taken down_. This **ransomware attack** was linked to the RagnarLocker Ransomware gang.

The gang has been trying to extort ransom from the company, which has been dealt with firmly thus far. _The gang has threatened to release files into the public domain if their demands are not met_. Many of these files hacked by the ransomware gang include business deals which may affect their future business contracts.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 46 of 2020","description":"Cybersecurity Updates For The Week 46 of 2020: The world of phishing is an ever-evolving one . There are measures and countermeasures that keep coming back.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2020/","datePublished":"2020-11-14T06:03:52.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-11-14T06:03:52.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1182,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/11/anti-phishing-software-4523.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 46 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2020/"}]}
```