---
title: "Cybersecurity Updates For The Week 51 of 2021 | Phish Protection"
description: "Cybersecurity Updates For The Week 51 of 2021: There is no end to cyberattacks as the world continues to shift towards an online environment. The best."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-51-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2021/"
---

Quick Answer

There is no end to cyberattacks as the world continues to shift towards an online environment. The best \*\*preventive measure\*\* against online threat actors is to keep yourself updated on how they plan their attacks and target their next victims. Here are this week's top phishing, ransomware, and \[data breach headlines\](/tags/announcements/).

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/12/spear-phishing-protection-3496.jpg) 

There is no end to cyberattacks as the world continues to shift towards an online environment. The best **preventive measure** against online threat actors is to keep yourself updated on how they plan their attacks and target their next victims. Here are this week’s top phishing, ransomware, and [data breach headlines](/tags/announcements/).

### BSI Warns Citizens of Increased Cyberthreats Ahead of Christmas

_The German cybersecurity authority BSI is sending out warnings of **ransomware threats** to organizations as Christmas and end-of-year holidays approach_. They suspect a return of the Emotet botnet and subsequent attacks on Microsoft Exchange servers. Because all employees are at home [during the holidays](https://securityaffairs.co/wordpress/125280/breaking-news/bsi-ransomware-attacks-christmas-holidays.html), threat actors have greater chances of surpassing office firewalls and security systems.

_BSI advises all German organizations to patch their systems and have backup files_. The revival of Emotet coincides with Conti recruiting more and more affiliates through its **ransomware-as-a-service** (RaaS) operations. BSI has joined CISA and FBI in releasing warning notifications to prepare organizations for [ransomware attacks](/resources/ransomware-attack-why-organizations-pay-ransom/) in the holiday season. While none of these security bodies have evidence of an oncoming threat, they make this speculation based on experience and current attack trends where attackers wait for holidays and weekends to compromise networks. Adopting [anti-phishing solutions](/content/anti-phishing/) at this time is the best act of preparedness organizations can engage in.

### Ransomware Hits Frontier Software, Affects South Australian Govt. Data

_Rob Lucas, the Treasurer of South Australia, recently announced that a ransomware attack hit its payroll provider Frontier Software_, and consequently, some [state employee data](https://www.zdnet.com/article/south-australian-government-employee-data-taken-in-frontier-software-ransomware-attack/) may have been compromised. Soon after detecting the attack, the breached organization informed the government of the same. It mentioned that data belonging to **around 38,000-80,000** government employees (which was published online) was possibly affected.

The employee data stored on the database include their names, home addresses, bank details, DOBs, payroll period, tax file numbers, date of joining, remuneration, and other payroll details. _Treasurer Lucas specified that no employee data from the Department for Education was compromised._

![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2021/12/spear-phishing-protection-3496.jpg) 

The South Australian government has been working with Frontier Software since 2001, and the organization is taking all measures for [protection against phishing](/) to assist the affected employees. The enterprise underwent an attack on 13th November and was able to restore its systems by the fourth day. It assured stakeholders that no customer data was stolen, but now Frontier Software is suggesting a possible data breach at its corporate systems.

### Ransomware Hits Atalanta

_Renowned North American food importer Atalanta recently announced that it underwent a ransomware attack back in July 2021_, which [led to a data breach](https://portswigger.net/daily-swig/us-food-importer-atalanta-admits-ransomware-attack) affecting its employees. Immediately after discovering the attack, Atalanta hired third-party experts to investigate the breach and **restore its systems**. Forensic investigation revealed that data belonging to some of Atalanta’s current and former employees and visitors were compromised. However, this finding isn’t supported by any evidence of the data being misused.

Atalanta claims to have adopted measures to [prevent phishing](/) attacks soon after enduring this unfortunate cyber-attack. The most prominent private North American specialty food importer is circulating advisories among customers and stakeholders to minimize the breach’s impact. Specific details about the incident are yet to be revealed, such as the exact number of records affected, the nature of personal information exposed, the attack vector, ransomware operator, etc.

### French Transportation Giant RATP Leaves HTTP Server Unsecured Online

Cybersecurity experts at vpnMentor recently found Régie Autonome des Transports Parisiens (RATP), a state-owned French transportation giant exposing the personal information of around **60,000 employees** through an [unsecured HTTP server](https://www.infosecurity-magazine.com/news/french-transport-giant-exposes/). The researchers first discovered the server on 13th October and informed RATP, the organization running public transport across France. When vpnMentor received no response from RATP, it approached the French CERT that took the matter seriously and shut down RATP.

_The transportation organization had left its server unprotected and publicly available online_, enabling anybody with basic web browsing skills to access it. The server contained an SQL database backup from 2018 with more than **3 million records** of over 57,000 RATP employees. This contained the details, including the cybersecurity team and senior executives, including their names, email addresses, MD5-hashed passwords, and login details for their RATP employee accounts. The problem is that converting plaintext passwords to MD5 hashes is a matter of seconds for any basic commercial laptop. Adversaries could easily use the data obtained from this unsecured server to launch targeted **phishing attacks**. Therefore, RATP employees are advised to adopt [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/) at the earliest.

### FBI Releases Notice Explaining Actions of the Cuba Ransomware Gang

_Cuba ransomware is creating havoc in the financial, manufacturing, healthcare, government, and IT sectors_. This has compelled the FBI to release a notice informing people of its malicious actions. The FBI informs that the [ransomware group had targeted](https://www.zdnet.com/article/fbi-cuba-ransomware-hit-49-critical-infrastructure-organizations/) **over 49 entities** in 5 sectors and made more than **$43.9 million** through ransom payments.

Cuba operators use the Hancitor malware to gain initial access to Windows systems. The FBI circular notes that all Cuba encrypted files come with the “.cuba” extension. Cuba attacks happen in two cycles, first, the deployment of the Hancitor malware, which uses [phishing emails](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/), compromised credentials, or Microsoft Exchange vulnerabilities. Second, the deployment of genuine Windows services like PsExec, PowerShell, etc., by Cuba operators to gain Admin access and infect the system with the ransomware.

The FBI notice informs that once Cuba compromises a device, _it installs ransomware and executes a CobaltStrike beacon_. It further downloads two executable files that attackers access passwords. Cuba attacks also use the MimiKatz malware to **steal data** and RDP to access the compromised network with a specific user account.

![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2021/12/prevent-spear-phishing-2485.jpg) 

Since Cuba has acquired a lot of money, surpassing that amount collected by several other prominent ransomware groups, the FBI warns organizations to take adequate [phishing prevention](/) measures.

### Gale Healthcare Solutions Leaves Database Unprotected Online

_Cybersecurity researcher Jeremiah Fowler and a team from Website Planet recently found an unencrypted online database exposing the personal information_ of **over 30,000** US healthcare workers. Further investigation revealed that the database belonged to [Gale Healthcare Solutions](https://www.zdnet.com/article/sensitive-information-of-30k-florida-healthcare-workers-exposed-in-unprotected-database/) and **exposed 170,239 records**, including the names, addresses, email IDs, photos, tax documents, and Social Security Numbers. The Tampa-based tech enterprise Gale Healthcare connects aspiring healthcare workers with prospective hirers or healthcare organizations.

Fowler’s research findings reveal that the database also contained additional information related to specific incidents, terminations, and disciplines. So far, the researchers’ team has reviewed only a sample of the exposed documents hosted on an **AWS cloud server**. While the image of workers only contained their faces, the URL revealed their names and SSNs. _When Fowler tried cross-checking the authenticity of these URLs and contacted the involved people, he found that the information was indeed genuine_.

Fowler concluded that someone at Gale probably thought that having all information about a worker in the URL would make things easier, but this employee clearly missed out on the security element. Gale Healthcare initially remained unresponsive to all comment requests but later responded to dispute some of the statements made by Fowler and the team. _Gale notified that the database was temporary and created for an internal system test in its defense_. It is unclear how long the database has been publicly available online, nor are Gale’s [phishing attack prevention](/) measures known.

### Threat Actors Steal $120 Million from DeFi Platform Badger

The decentralized platform Badger allows users to loan, borrow and predict cryptocurrency price variations. Recently, _attackers stole Badger’s **$120 million worth** of Ether and Bitcoin assets_. The platform announced the attack through a Tweet and [shut down its platform](https://therecord.media/hackers-steal-120-million-from-badger-defi-platform/) for investigation as part of its [anti-phishing protection](/) measures.

The hack was first discovered by the blockchain analysis organization PeckShield, which claims that _adversaries stole over 151 Ether and 2,100 Bitcoin from Badger users_. This amounted to **over $120.3 million** and one particular user lost over 900 Bitcoin ($50.5 million). While Badger has not responded to comment requests, its users claim adversaries gained access to user accounts through a platform vulnerability. This marks the third-largest cryptocurrency platform hack this year after Cream Finance and PolyNetwork.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 51 of 2021","description":"Cybersecurity Updates For The Week 51 of 2021: There is no end to cyberattacks as the world continues to shift towards an online environment. The best.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2021/","datePublished":"2021-12-16T14:02:22.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-12-16T14:02:22.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1355,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/12/spear-phishing-protection-3496.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 51 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2021/"}]}
```