---
title: "Cybersecurity Updates For The Week 52 of 2020 | Phish Protection"
description: "Experts estimate that COVID 19 related cyberattacks would escalate in 2021, and there is no effective phishing prevention measure to help evade those attacks."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-52-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2020/"
---

Quick Answer

CybelAngel didn't have to use any \[hacking tools\](https://www.theregister.com/2020/12/15/dicom\_45\_million\_medical\_scans\_unsecured/?&web\_view=true) to access the files, and there has been evidence of \_cyber adversaries accessing and infecting the servers with malware\_. While the discovered data belongs to healthcare providers worldwide, 23k images of data belong to UK patients. CybelAngel believes that the use of DICOM medical data transmission protocol (infamous for its security limitations) and unsecured NAS storage resulted in this massive \*\*data breach\*\*, which exposed the PII (Personally Identifiable Information) of patients. Hence,

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/12/anti-phishing-protection-3857.jpg) 

_Experts estimate that COVID 19 related cyberattacks would escalate in 2021_, and there is no effective [phishing prevention](/) measure to help evade those attacks. Hence, it becomes pivotal for us to be responsible netizens and stay abreast of the latest hacks and cyber incidents.

### \*\*\*\* Cybelangel Discovers 2k Unprotected Servers Online

_Digital Risk Protection Platform CybelAngel recently found 2,000 unprotected servers online_. These servers contained **over 45 million images** related to patients and medical records from an array of healthcare providers. It was concluded that the data was lying out in the open, without security protection for a year now.

![Anti phishing protection](https://media.mailhop.org/phishprotection/images/2020/12/anti-phishing-protection-3857.jpg) 

CybelAngel didn’t have to use any [hacking tools](https://www.theregister.com/2020/12/15/dicom%5F45%5Fmillion%5Fmedical%5Fscans%5Funsecured/?&web%5Fview=true) to access the files, and there has been evidence of _cyber adversaries accessing and infecting the servers with malware_. While the discovered data belongs to healthcare providers worldwide, 23k images of data belong to UK patients. CybelAngel believes that the use of DICOM medical data transmission protocol (infamous for its security limitations) and unsecured NAS storage resulted in this massive **data breach**, which exposed the PII (Personally Identifiable Information) of patients. Hence, CybelAngel advises healthcare providers to take measures for [protection from phishing](/), lest the attackers compromise and misuse their data.

### \*\*\*\* Ransomware Hits Sonoma Valley Hospital, California

A Russian threat actor had launched a **ransomware campaign** back in October, which impacted California based Sonoma Valley Hospital (SVH). Though _the hospital was quick to respond to this broad attack on hospitals_, it’s only now that they have notified patients about it. The hospital says that [67,000 patients’](https://www.infosecurity-magazine.com/news/svh-notifies-67k-patients-of-data/?&web%5Fview=true) data was compromised in the attack. These included their names, DOB, addresses, subscriber numbers, insurer group numbers, diagnosis codes, amount of claim, secondary payer information, etc. There is no evidence of misuse of any patient data as _SVH had shut down its systems immediately to stop the malware from spreading_.

The hospital collaborated with external cyber experts to ensure [anti-phishing protection](/products/advanced-threat-defense/). However, the attackers may still have managed to delete a subset of data from their system. While some diagnostic tests were impacted, emergency care, surgeries, and SVH’s patient portal (Follow My Health) remain operational.

### \*\*\*\* New IRS Form Scam Extracts Sensitive Personal Data

_Though no malware traces are detected so far, a new IRS form scam is creating much havoc among [Google’s G Suite users](https://www.darkreading.com/attacks-breaches/new-irs-form-fraud-campaign-targets-g-suite-users/d/d-id/1339743?&web%5Fview=true)_. **Over 50,000 executives** have already been affected by this PII extraction centered IRS form campaign. The campaign entails an IRS W-8BEN form in PDF format, which asks users for information far more personal than what’s ideally needed for a W-8BEN form. The W-8BEN form is a requisite to maintain a nonresident tax-exemption status and hence necessary.

Anybody who falls for this scam and gives out the asked credentials would bequeath the cyber adversaries with the power to launch malicious **phishing attacks**. Hence, _it is advised to protect yourself from phishing_ by always assessing the authenticity of the data, forms, documents, or intimations that reach you.

### \*\*\*\* Worst Cyber Attack In Years Hits Lithuania On The Eve Of Government’s Transition

_With the government transition hours away, the Baltic state of Lithuania underwent a sophisticated cyber-attack_, which seems like the worst in recent times. The adversaries compromised several content management systems to **gain access** to 22 public-sector managed websites. They then posted [fraudulent news](https://www.infosecurity-magazine.com/news/lithuania-cyberattack/?&web%5Fview=true) on these sites to create panic among users. Some of these fake news were:

- The detainment of a Polish diplomat at the Lithuanian border for carrying illegal drugs, weapons, and money (shared on the State Border Guard Service’s website).
- Discovery of corruption at the Šiauliai airport.
- Portraying that more Lithuanians were admitted in the military.

The adversaries did their homework well and even launched an [email spoofing attack](/products/email-fraud-protection/) by impersonating the Šiauliai Municipality Administration and the defense and foreign ministries to spread misinformation. Looking at the increasing cyber-attacks in the public sector, the NKSC has extended several [phishing prevention tips](/content/phishing-prevention/) to municipalities.

### \*\*\*\* Spin The Wheel Scams Back For The Festive Season Sales

With the ongoing hullabaloo related to the Festive Season sale on Flipkart Amazon, _a group of China-based threat actors used the “Spin the wheel” tactic to hack devices of Indian users_. While [Flipkart’s sale](https://ciso.economictimes.indiatimes.com/news/chinese-hackers-targeted-shoppers-during-flipkart-festive-sales/79797048) is called Big Billion Day, Amazon calls it the Great Indian Festival, but the hackers have created a Big Billion Day **Sale scam** for Flipkart and Amazon alike. They have used an OPPO F17 Pro smartphone as bait to lure unsuspicious users into participating in the so-called lucky draw.

Those who spin the wheel and ‘win’ are asked to share the lucky draw link with Whatsapp’s contacts. _The experts at New Delhi’s CyberPeace Foundation are investigating this scam targeting Indian online shoppers_. They found that all these domains were registered on Alibaba’s cloud computing platform from China’s Guangdong and Henan province. Surprisingly, the links are still operational and will probably fool many Indians before [anti-phishing solutions](/products/advanced-threat-defense/) are finally adopted!

### \*\*\*\* Beware Of Lottery Prize Winner Emails

It’s not just the COVID 19 pandemic, which is after our jobs and money; cyber adversaries are also on the list. The recent **phishing emails** come with [lottery prizes](https://hotforsecurity.bitdefender.com/blog/feeling-lucky-this-holiday-season-covid-19-google-and-microsoft-lotteries-are-out-for-your-info-and-money-24915.html?web%5Fview=true) for lotteries you probably didn’t buy tickets to. Clicking on the links and claiming the so-called prize money will provide attackers with the names, DOB, addresses, nationality, occupations, phone numbers, and sufficient information to conduct identity and bank fraud.

![Anti phishing service](https://media.mailhop.org/phishprotection/images/2020/12/anti-phishing-service-6894.jpg) 

_These lottery messages use names and logos of legitimate lotteries_ such as El Gordo and the Camelot group and companies like Google, Yahoo, and Mastercard to increase credibility. They mention the purpose of the lottery (to help those worst hit by the pandemic) to either **extract sensitive information** or inject malware into users’ devices. Taking [phishing protection](/) measures and being reasonable is the only way to evade such lottery scams.

### Data Breach Hits People’s Energy

_Edinburgh-based company People’s Energy recently underwent a data breach that **affected over 270,000** present and previous customers_. An entire database was compromised, which has exposed the names, DOBs, phone numbers, addresses, tariff, and energy meter IDs of their customers. However, the financial information of just 15 [small-business customers](https://www.bbc.com/news/technology-55350995?&web%5Fview=true) was exposed in the attack. While these _15 businesses have been notified, the rest have nothing to worry about financial loss_.

The Information Commissioner’s Office, the energy regulator Ofgem, the National Centre for Cyber-Security, and the police have been looping it. All People’s Energy customers should take measures for **protection against phishing** as the authorities continue their investigation on the breach.

### \*\*\*\* PLEASE\_READ\_ME Ransomware Hits Mysql Servers

_A new ransomware campaign by the name of PLEASE\_READ\_ME has emerged_, which targets MySQL servers. The ransomware was first spotted in January, and the involved [IP addresses appeared](https://www.tripwire.com/state-of-security/security-data-protection/please%5Fread%5Fme-ransomware-campaign-targeting-mysql-servers/?web%5Fview=true) to be from Ireland and the United Kingdom. Two variants of the attack were discovered, the first contained a ransom note with a bitcoin wallet address and an email address for queries. This variant _gave victims a time frame of ten days to pay the ransom_. The adversaries **collected 24,906 USD** through this variant.

The second variant redirected victims to a.ONION site that _collected infected tokens from victims and enabled them to buy 250k different databases with data of victims who refused to pay the ransom_. This ransomware strain is a reminder to netizens to adopt [phishing attack prevention](/) measures at the earliest.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 52 of 2020","description":"Experts estimate that COVID 19 related cyberattacks would escalate in 2021, and there is no effective phishing prevention measure to help evade those attacks.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2020/","datePublished":"2020-12-26T12:39:33.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-12-26T12:39:33.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1228,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/12/anti-phishing-protection-3857.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 52 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2020/"}]}
```