--- title: "Cybersecurity Updates For The Week 46 of 2021 | Phish Protection" description: "Ransomware gangs continue to target organizations worldwide, leaking users" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-46-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2021/" --- Quick Answer Ransomware gangs continue to target organizations worldwide, leaking users' personal information only, which could be used to launch further \[phishing attacks\](/resources/phishing-attacks-and-content-protection/), \[identity thefts\](/blog/understanding-business-identity-theft-and-what-makes-businesses-vulnerable-to-these-identity-thefts/), and other cyber attacks. Here is this week's \[phishing news\](/tags/announcements/) to help you learn how threat actors operate and the importance of adopting \*\*anti-phishing measures\*\*. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2046%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-46-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/11/office-365-email-protection-4521.jpg) Ransomware gangs continue to target organizations worldwide, leaking users’ personal information only, which could be used to launch further [phishing attacks](/resources/phishing-attacks-and-content-protection/), [identity thefts](/blog/understanding-business-identity-theft-and-what-makes-businesses-vulnerable-to-these-identity-thefts/), and other cyber attacks. Here is this week’s [phishing news](/tags/announcements/) to help you learn how threat actors operate and the importance of adopting **anti-phishing measures**. ### Data Breach Hits Electronic Warfare Associates The popular US defense contractor Electronic Warfare Associates (EWA) recently notified clients of a [data breach that exposed](https://www.bleepingcomputer.com/news/security/us-defense-contractor-electronic-warfare-hit-by-data-breach/) a database containing users’ personally identifiable information (PII). _The adversaries accessed the email system of the company and stole the files containing sensitive information_. EWA first discovered the breach on 2nd August 2021 and notified the Montana Attorney General’s office soon after. The attack came to the notice of EWA when the adversaries attempted wire fraud. Therefore the company believes that stealing PII was perhaps not the attackers’ intention, but they ended up doing that anyway. Since EWA makes products for highly sensitive customers like the Department of Justice, and Homeland Security (DHS), this breach is bad news. The compromised user information includes names, driver’s license numbers, and social security numbers. Details about the nature of the attack and whether it affects only EWA employees are yet to be known. However, the attack is said to have had a limited impact. As part of its measures to [prevent phishing](/) attacks, the company is offering two years of complimentary **identity theft monitoring** to victims. The breach notification further instructs victims to look out for suspicious activities in their financial accounts. ### Black Shadow Group Attacks CyberServe [The Iranian hacking group](https://www.infosecurity-magazine.com/news/iranian-hacking-group-leaks/), _Black Shadow group recently targeted an Israeli LGBTQ site called CyberServe_. Consequently, the personal information of hundreds of thousands of CyberServe members was compromised. The Black Shadow group had demanded a **ransom of $1 million** for the decryption key, but the website kept refusing to pay. This resistance, while a good move in itself, caused the _public release of the medical records of around 290,000 patients_. ![Office 365 email protection](https://media.mailhop.org/phishprotection/images/2021/11/office-365-email-protection-4521.jpg) Patients of Israel’s Machon Mor institute were the victims of this unfortunate attack. The compromised information included their blood test reports, CT scans, ultrasounds, vaccinations, and colonoscopies. In addition, an entire database containing the PII of the users of an Israeli LGBTQ dating service called Atraf was compromised. The exposed details of these dating service members included their names, locations, and even their HIV status. _The breach was quite massive as it also affected other customers of CyberServe_, like transportation companies, museums, and tourism firms. The adversaries reportedly leaked the user details on a Telegram channel. As it turns out, the Israel National Cyber Directorate has given multiple warnings to CyberServe to work on its [anti-phishing solutions](/products/advanced-threat-defense/). Although the site had resisted the ransom demands, there is never an assurance that the adversaries would have kept their promise of not exposing their data later. ### Cyberattack Hits Colleton County School District _South Carolina-based Colleton County School District recently underwent a cyberattack that affected hundreds of its staff computers_. The attack took place on 4th October when some of the school’s [networks stopped functioning](https://www.infosecurity-magazine.com/news/cyber-incident-south-carolina/). The district’s IT staff detected the attack and immediately began its investigation and measures for [protection against phishing](/). The school also hired a third-party Incident **Response and Recovery team** to quicken the recovery process. As per Colleton County’s breach notification, communication systems for the community remain unaffected by the breach. Although the breach details remain undisclosed, the district did mention that the physical **security measures** remain intact. The school district has kept three cybersecurity companies (Dell Support Services, Carbon Black, and Red Cloak) on the payroll to investigate the breach and recover all compromised networks. Unlike other school districts which do not make their cybersecurity measures known, Colleton County has disclosed its plan of **investing $200,000** on engaging these _three cybersecurity firms for around 480 hours to work on fixing the issue_. ### Phlebotomy Training Specialists Leaves Amazon S3 Bucket Unsecured Online _The Los Angeles-based medical training school, Phlebotomy Training Specialists recently left an unsecured bucket exposed online_, which [affected the PII](https://www.zdnet.com/article/medical-school-exposes-personal-data-of-thousands-of-students/) of thousands of students. The database contained **157 GB of data** (around 200,000 files), including the names, DOBs, phone numbers, email addresses, addresses, ID cards, driver licenses, CVs, genders, photos, educational and professional summaries of students. In addition, the database contained more than 27,000 tracking forms which included student transcripts, training certificates, and the last four digits of their Social Security numbers. Phlebotomy Training Specialists has branches across Arizona, Texas, Michigan, Utah, and California, and this breach affected at least 27,000 to 50,000 of its course applicants and attendees. The breach was first discovered by researchers at vpnMentor, who found that the database contained data backed up from and before September 2020\. Of the two buckets found online, one has been recovered, and perhaps the medical school is incorporating [phishing prevention](/) measures to secure the other bucket as well. ### Ransomware Hits Las Vegas Cancer Center _The Las Vegas Cancer Center (LVCC) recently underwent a data breach that affected the personal information of its current and former patients_. The adversaries compromised the center’s servers on the Labour Day weekend and [accessed its encrypted data](https://www.ktnv.com/news/ransomware-attack-targets-las-vegas-cancer-center-patients-personal-information). The breach was discovered on 7th September when LVCC’s staff returned to work after the holiday. While LVCC has a multi-layered [anti-phishing protection](/) scheme that uses firewalls and [anti-malware software](/products/malware-and-ransomware-protection/), the adversaries may still have been able to access patients’ personal information. The compromised patient data includes their names, DOBs, addresses, social security numbers, insurance details, medical records, etc. Fortunately, the hospital could restore all compromised information, and _there is no evidence of the misuse of this data_, but there is always the risk of the data being sold or used later. LVCC has not received any ransom demands so far, but it still advises patients (present or past) and employees to monitor their financial statements closely. ### Conti Ransomware Targets High Society Jeweller Graff The high society jeweler Graff, which has world leaders, tycoons, and actors like Donald Trump, Sir Philip Green, David Beckham, Samuel L Jackson, Tom Hanks, and Alec Baldwin as its customers, was [recently targeted](https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html) by the Conti ransomware gang. Now the threat actors are demanding a **multi-million-dollar ransom** in exchange for not leaking the sensitive information of these renowned Graff customers. _The Russian threat actor has already leaked 69,000 confidential documents belonging to Graff_. This vast expanse of data involves the personal information of **over 11,000 Graff clients**, and the ransomware gang claims that this is just one percent of all the stolen files. This breach is a threat to the reputation of Graff customers. ![Zero day attack prevention](https://media.mailhop.org/phishprotection/images/2021/11/zero-day-attack-prevention-4125.jpg) As part of its [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/), Graff has sent out breach notifications and advisories to all victims and informed the British authorities and the ICO about the incident. The company is trying hard to recover its systems, but even if it decides to pay off the ransom, there is no way to ensure that the adversaries won’t misuse the stolen information, especially in this case where many distinguished world figures are involved. ### Ransomware Hits Toronto Transit Commission _The Toronto Transit Commission (TTC) was recently hit by a ransomware attack_ that [brought down its computer](https://www.cbc.ca/news/canada/toronto/ttc-ransomware-attack-1.6231349) systems. An internal investigation by TTC reveals that the attack did not lead to significant disruptions in its transit service or pose a threat to employees and the public. Further, they have informed that the breach impacted only computer displays and apps of route information; transit vehicles continue to service their routes. TTC is yet to provide an estimated time frame for the recovery process, but it is in constant touch with cybersecurity experts and law enforcement. _It is adopting the recovery measures to get systems restored at the earliest_. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 46 of 2021","description":"Ransomware gangs continue to target organizations worldwide, leaking users' personal information only, which could be used to launch further phishing attacks.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2021/","datePublished":"2021-11-13T13:42:44.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-11-13T13:42:44.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1295,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/11/office-365-email-protection-4521.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 46 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-46-of-2021/"}]} ```