---
title: "Cybersecurity Updates For The Week 9 of 2020 | Phish Protection"
description: "Cybersecurity Updates For The Week 9 of 2020: Cybersecurity has become an issue of concern in recent years. Every day thousands of attacks are launched on."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-9-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2020/"
---

Quick Answer

Cybersecurity has become an issue of concern in recent years. Every day thousands of attacks are launched on companies and organizations that cannot always be stopped via phishing prevention measures. Here’s a list of the major attacks that took place this week:

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%209%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-9-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/02/what-is-phishing-5869.jpg) 

Cybersecurity has become an issue of concern in recent years. Every day thousands of attacks are launched on companies and organizations that cannot always be stopped via phishing prevention measures. Here’s a list of the major attacks that took place this week:

### Attackers Store Card Details In Barcodes

_The U.S. Secret Service recently found that attackers now use barcodes affixed to fake reward cards to hide the stolen credit card details_. This was revealed when a **fake club membership card** in Texas was found with a barcode, card expiration date, and CVV [printed below the barcode](https://cyware.com/news/cybercrooks-conceal-stolen-credit-card-data-on-barcodes-to-make-fraudulent-purchases-238b8254). This was immediately reported to law enforcement.

This technique goes undetected by cashiers who believe it to be a new payment method to be used at specific stores. _The adversaries can evade anti-phishing measures through these schemes because the transaction gets recorded under the card-not-present category_. It was further revealed that these barcodes could also store the victim’s cell phone number.

### Windows 7’s Vulnerability To Malware Increases

The [Webroot Threat Report for 2020](https://www.helpnetsecurity.com/2020/02/19/2020-webroot-threat-report/) revealed some _serious cybersecurity statistics based on a study of over 37 billion URLs, 4 billion I.P. addresses, 842 million domains, and 31 million active mobile apps_. The report revealed that **phishing URLs grew by 640%** in the past year, with around _8.9 million URLs hosting some cryptojacking script_.

![What is phishing](https://media.mailhop.org/phishprotection/images/2020/02/what-is-phishing-5869.jpg) 

Facebook, Microsoft, Apple, Google, PayPal, and Dropbox were among the leading sites [impersonated emails](/products/email-impersonation-protection/) in attacks. However, the statistics for Windows 7 devices were the most alarming. _The study revealed that 93.6% of the detected malware was unique to a single P.C._, the highest rate ever observed. _Exploits of Windows-related I.P. addresses grew by 360 percent_, and they primarily targeted the operating systems without the latest updates.

Commenting on the findings of the 2020 Webroot Threat Report, Hal Lonas, Senior V.P., and CTO, SMB, and Consumer, OpenText said that consumers of the internet must adopt proper measures to ensure [protection from phishing](/).

### Ryuk Attacks Port Lavaca City Hall

In a failed **phishing email prevention** scheme, the [Port Lavaca City Hall lost $50,000 to attackers](https://cyware.com/news/ryuk-ransomware-operators-target-port-lavaca-city-hall-0c3e9ab9). Although they are resisting the full ransom payment of $200,000 demanded by attackers, the city has undergone much already.

_The city’s billing systems and auto-pay systems, along with the government server, were brought down by the attacks_. However, the water, sewer, and police department’s systems were marked safe.

_Mayor Jack Whitlow claimed that no data was compromised in the attack and that they are now working to restore all systems_. The city is purchasing new servers, routers, and computers to replace the infected software. They are determined to enter information manually if required but are certainly not ready to pay the ransom.

### Smishing Emotet Goes Viral

IBM X-Force researchers recently found that _SMS messages seemingly from local U.S. numbers are used to impersonate renowned banks_ and notify users about a locked account. The message leads the user to shabon\[.\]co, a domain well known for [distributing Emotet](https://securityintelligence.com/posts/emotet-smishing-uses-fake-bank-domains-in-targeted-attacks-payloads-hint-at-trickbot-connection/).

This phishing page impersonates that of a bank’s mobile banking page. It is an old trick used by adversaries to evade [phishing protection](/) measures. _Researchers assume that this attack might also be a campaign designed to spread the **TrickBot Trojan**_.

### Big Brands Beware Of Phishing Attacks

The Malware Hunter Team recently discovered a **phishing attack** scheme wherein the\_ attackers are targeting twenty-seven renowned companies using SLK attachments\_. The [attackers wish to gain access to the corporate networks](https://www.bleepingcomputer.com/news/security/targeted-phishing-attack-aims-for-well-known-corporate-brands/) of these companies mainly to launch their many malicious attacks later.

The attackers impersonate the company’s vendor or client and try to trap the victim company in an **email phishing** campaign. Some of the vulnerable companies are Columbia Sportswear, J.C. Penney, Glad, and Hasbro.

_The attackers make the victim download NetSupport Manager on their computers, which enables them to control the victim’s computer_. It also lets the adversaries attack other hosts on the network. To [prevent phishing](/) attacks of this kind, every company must contact the sender at their corporate number to cross-check.

### U.S. And Ransomware Attacks

Perhaps a result of inadequate **anti-phishing tools**, [ransomware attacks have been a constant problem](https://www.forbes.com/sites/leemathews/2020/02/16/ransomware-damage-to-us-healthcare-industry-passes-150-million-in-four-years/#1c58c0f6d7e0) in the health sector of the United States for over three decades. A Comparitech report states that the healthcare industry in the U.S. **lost over $157 million** to ransomware attacks in the last four years. However, only 11% of this amount was paid in ransom; the rest was used to restore systems.

All five U.S. states have been attacked; however, _California underwent the highest number of attacks_, followed by Texas. The study indicates that over 6.6 million records have been compromised because of these attacks.

### Security Breach By Photosquared

The photo printing app, PhotoSquared, was [recently found with a security flaw](https://techcrunch.com/2020/02/14/photosquared-shipping-labels-exposed/) that exposed the customer photos, addresses, and orders details of many users. High-resolution user-uploaded photos and shipping labels were compromised because of their **misconfigured AWS** storage bucket.

![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2020/02/what-is-a-zero-day-attack-3857.jpg) 

The exact duration of the bucket being publicly available isn’t yet known, but PhotoSquared authorities have assured that they have now adopted [anti-phishing protection](/) measures.

### Italians Beware Of Dharma

Known for the severe damages it does, the [Dharma Ransomware was recently found](https://www.bleepingcomputer.com/news/security/dharma-ransomware-attacks-italy-in-new-spam-campaign/) in circulation among Italian users. Security researchers JAMESWT, T.G. Soft, and reecDeep were the first ones to report the spam emails sent by attackers spreading Dharma. These emails pretended to contain an invoice and were written in Italian with subjects like ‘Fattura n. 637 del 14.01.20’.

Although no **phishing attack prevention** measure can retrieve files encrypted by Dharma, _yet it is wise to have backups, lest you wish to spend millions on ransom payment_.

### Data Of 69,000 Public Servants Compromised

The Phoenix pay system fiasco has compromised the [personal details of over 69,000 public servants](https://www.cbc.ca/news/politics/phoenix-pay-system-privacy-breach-1.5466855). This was induced by an accidental email of the employee details to the wrong federal departments. _The faulty electronic payroll system has overpaid several employees and underpaid many for years now_. The department assured its adoption of measures for **protection against phishing**. They are determined to stop such mishaps from happening again.

### Is Your WordPress Theme Safe?

[Attackers have been infecting WordPress sites](https://www.bleepingcomputer.com/news/security/over-20-000-wordpress-sites-run-trojanized-premium-themes/) with trojan versions of premium themes and plugins for over three years now. Over **20,000 WordPress sites** have been attacked from different unofficial marketplaces, promoting fake WordPress components.

_Once a victim falls into the vicious trap and uploads a compromised component to the web server_, the attacker can add an administrative account and launch the various stages of an attack. _Over 30 websites are promoted by the attacker, which contains two malicious PHP files_, ‘class.theme-module.php’ and ‘class.plugin-modules.php’. Hence, it is always advisable to rely on [anti-phishing solutions](/products/advanced-threat-defense/) before downloading any random thing found online.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 9 of 2020","description":"Cybersecurity Updates For The Week 9 of 2020: Cybersecurity has become an issue of concern in recent years. Every day thousands of attacks are launched on.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2020/","datePublished":"2020-02-27T14:18:50.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-02-27T14:18:50.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1122,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/02/what-is-phishing-5869.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 9 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-9-of-2020/"}]}
```