--- title: "Cybersecurity Updates For The Week 42 of 2022 | Phish Protection" description: "While there are various types of data breaches, one can always attribute them to a vulnerability or a security posture gap that cybercriminals exploit to gain." image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-42-of-2022.png" canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-42-of-2022/" --- Quick Answer While there are various types of \*\*data breaches\*\*, one can always attribute them to a vulnerability or a security posture gap that cybercriminals exploit to gain access to the organization's systems. Here are this week's phishing-related news headlines, so you can plug the Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-42-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-42-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-42-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-42-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2042%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-42-of-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/10/how-to-prevent-phishing-7694.jpg) While there are various types of **data breaches**, one can always attribute them to a vulnerability or a security posture gap that cybercriminals exploit to gain access to the organization’s systems. Here are this week’s phishing-related news headlines, so you can plug the vulnerabilities and prevent cybersecurity breaches. ### A New Clicker Android Malware Infects over 20 Million Devices A newly discovered Android malware might have infected over 20 million users . Hackers sneaked the malware, called **Clicker**, into the Google Play Store through 16 different malicious applications. Researchers from[McAfee](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/)said that the malware was masquerading as legitimate utility tools to target Android mobile users. _The tools include QR readers, Flashlight (Torch), Camera, Task Managers and Unit Converters._ At first look, the apps look like genuine Android software. However, they contain ad fraud features, equipped with [Firebase Cloud Messaging (FCM)](https://firebase.google.com/docs/cloud-messaging) and remote configuration techniques. Once the victims download and open the malicious applications, they send an HTTP request to launch remote configurations, and the [Clicker Android malware](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/) gets downloaded. ![How to prevent phishing](https://media.mailhop.org/phishprotection/images/2022/10/how-to-prevent-phishing-7694.jpg) Researchers opine that Android malware disrupts the mobile advertising ecosystem and enables [threat actors](/blog/threat-actors-using-phishing-as-a-service-phaas/) to generate revenue by showing fraudulent ads on victims’ devices. Installing **security software** on mobiles helps prevent such mobile threats. Additionally, users must avoid using cracked software apps or downloading apps from unofficial sources to protect themselves from attacks. ### Wholesale Giant METRO Suffers IT Outage After Cyberattack International wholesale giant METRO recently experienced store payment issues and infrastructure outages following a recent cyberattack. METRO’s IT team is investigating the incident with external experts to discover the underlying cause of the ongoing outage. IT outages have affected stores in Austria, France and Germany since October 17 , according to a[Günter Born](https://borncity.com/win/2022/10/21/metro-gruppe-doch-opfer-eines-cyberangriffs/)report. Even though its stores are operating, METRO says that its online orders got delayed, and it set up offline payment systems. > \-“The company notified the authorities regarding the incident and is cooperating with investigations linked to the attack.” METRO is a global wholesale company for HoReCa (hotel, restaurants, catering) industry customers, employing over 95,000 people and operating in over 30 countries. As of September 30, 2022, 661 wholesale stores were operating under the METRO and MAKRO brands. > “We will continue intensive monitoring and analysis and provide updates as required. METRO apologizes for any inconvenience the security incident caused for any of its business partners and customers,” the wholesaler added. ### EnergyAustralia Hit by Cyber-Attack, Details of Hundreds of Customers Exposed According to[The Guardian](https://www.theguardian.com/australia-news/2022/oct/21/energyaustralia-latest-to-be-hit-by-cyber-attack-as-details-of-hundreds-of-customers-exposed?&web%5Fview=true)report, **EnergyAustralia** became the latest cyber-attack victim, exposing hundreds of its customers’ details. In its latest statement, the electricity giant said 323 small business and residential customers got affected by unauthorized access to My Account, their online platform. Details including customer names, email addresses, electricity and gas bills, addresses, phone numbers and the first and last three digits of their credit cards of those accounts might be compromised. However, EnergyAustralia maintained that there was ” no evidence ” suggesting customer details got transferred outside its online platform. It further said they did not store sensitive documents like passports or driver’s licenses on the forum.\_ “The information remains secure, and no other EnergyAustralia systems got affected.”\_ The company asked its customers to implement 12-character passwords, including a mix of upper-case and lower-case letters, special characters and numbers. Earlier, account passwords required only eight characters. The incident occurred on September 30, and EnergyAustralia contacted impacted users on October 2 and briefed government agencies and regulatory authorities. ### NY Watchdogs Make Insurance Firm Cough Up $4.5m For Healthcare Security Breach New York regulators continue to flag organizations with questionable computer security. It extracted $4.5 million from vision insurance firm\*\* EyeMed\*\*, which it accused of leaving many people’s sensitive health information that cyber criminals could access. Additionally, EyeMed agreed to conduct a thorough risk assessment of the IT systems and improve its network defenses after failing to comply with New York State’s Department of Financial Services cyber security rules. The data breach dates back to 2020, and[EyeMed](https://www.theregister.com/2022/10/19/eyemed%5Fdata%5Fbreach%5Fsettlement/?&web%5Fview=true)said it happened when its employee fell for the phishing campaign. In July 2020, the EyeMed team discovered a cybercriminal gaining access to a shared email account used by employees to process enrolment, potentially exposing Customers’ personal information. After discovering the breach, the vision insurer “immediately” blocked access to the inbox and hired experts. The investigators later found that the campaign continued from June 24 to July 1, 2020, during which [cybercriminals](https://edition.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html) read and stole emails and attachments containing customers’ non-public health information, including data related to minors, dating six years before the breach. ### The US Health System Data Breach Hits 3 Million Patients Advocate Aurora Health (AAH), a 26-hospital chain in Illinois and Wisconsin, notified its patients about a data breach exposing the personal data of 3 million patients. The incident occurred when AAH’s websites improperly used[Meta Pixel](https://www.bleepingcomputer.com/news/security/health-system-data-breach-due-to-meta-pixel-hits-3-million-patients/?&web%5Fview=true)on AAH’s websites, where patients logged in and entered sensitive medical and personal information. A JavaScript tracker, Meta Pixel, helps website operators determine how visitors interact with the website, helping them improve. However, the **Meta tracker** also sends sensitive information to Meta (Facebook) before forwarding it to numerous marketers targeting patients with advertisements matching their conditions. This privacy breach took the US by storm, as many hospitals use Meta Pixel, exposing millions of people’s details to third parties and starting lawsuits against the responsible organizations. In August 2022, another US healthcare provider Novant Health said that\*\* improper use of Meta Pixel\*\* in its ‘MyChart’ portal exposed 1.3 million patient accounts. Incidentally, AAH also used the ‘MyChart’ patient portal and another platform called ‘LiveWell,’ both having active Meta Pixel trackers. AAH’s notification states the following details might have gotten exposed: - IP address Date, time, and location of scheduled appointments Proximity to an AAH location Type of appointment or procedure Medical provider information - \_ Communications between MyChart users, which may include first, and last names and medical record numbers Insurance information Proxy account information ### Verizon Prepaid Accounts Hijacked Verizon recently notified its prepaid customers that their accounts might be compromised and their phone numbers hijacked by cybercriminals via SIM swaps. “Between October 6 and 10, a threat actor accessed your credit card’s last four digits you used to make automatic payments from your account,” Verizon’s letter \[PDF\] to prepaid customers said. > “The cybercriminals then used the last four digits of the credit card to gain access to the Verizon account and likely processed an unauthorized SIM card change on the prepaid line to which we are sending this notice,” the alert continued. [The Register](https://www.theregister.com/2022/10/19/verizon%5Fbreach%5Fsim%5Fswap/?&web%5Fview=true)published a report which says it’s unclear how threat actors accessed the 4-digit credit card numbers. However, Verizon assured its customers that if there was a SIM card change, they effectively reversed it. Furthermore, they prevented any further unauthorized access to their customer accounts. ### iDealwine Suffers A Data Breach iDealwine, a France-based e-merchant having offices in London and Hong Kong, said it suffered a[data breach](https://www.helpnetsecurity.com/2022/10/19/idealwine-data-breach/?web%5Fview=true)but did not inform its customers yet. The international fine wine retailer specializes in fixed-price sales and online auctions of fine wine and offers information regarding news and trends in the wine industry. The company contacted experts to deal with the incident, including the data privacy regulators in the UK and France. It informed its customers their name, address, email address and telephone number might be compromised. However, customers’ credit card and bank information were not compromised because it does not store them on company servers. > “Do not open emails or attachments if unsure about their source, and **do not click on unknown links**. You can contact us if in any doubts, and our team is fully prepared to assist you,” the company said in an advisory. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2022/10/phishing-prevention-9357.jpg) ### Threat Actors Compromised Hong Kong Government Agency’s Network for a Year Researchers at Symantec recently uncovered [cyberattacks](https://edition.cnn.com/2022/04/13/tech/microsoft-zloader-malware/index.html) linked to China-linked espionage actor APT41 (or Winnti) that breached Hong Kong’s government agencies, remaining undetected for a year. The threat actor used custom malware called [Spyder Loader](https://thehackernews.com/2022/10/chinese-spyder-loader-malware-spotted.html), which researchers previously attributed to the group. In May 2022, Cybereason researchers discovered **‘Operation CuckooBees’,** underway since 2019 and focusing on high-tech manufacturing firms in Western Europe, North America and East Asia. Symantec’s report adds that there are signs that the Hong Kong activity is part of the same operation, and APT 41’s targets are the government agencies in the special administrative region. Spyder Loader In Operation[CuckooBees](https://www.bleepingcomputer.com/news/security/hackers-compromised-hong-kong-govt-agency-network-for-a-year/), APT41 used a newer version of the Spyder Loader backdoor. Symantec’s report indicates that the attackers continue to evolve the malware, injecting several variants on the targets with the same functions. Some of the similarities Symantec found with the version analyzed by Cybereason include the following: CryptoPP C++ library Abuse of rundll32.exe to execute the malware loader - \_ Compiled as a 64-bit DLL copy of the SQLite3 DLL to manage SQLite databases, sqlite3.dll. - \_ Spyder Loader loads AES-encrypted blobs creating the next-stage payload, “wlbsctrl.dll.” ## Topics [ Announcements ](/tags/announcements/)[ Cybersecurity ](/tags/cybersecurity/)[ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 6m Cybersecurity Updates For The Week 43 of 2022 Nov 4, 2022 ](/blog/weekly-cyber-news-updates-week-43-of-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 44 of 2022 Nov 11, 2022 ](/blog/weekly-cyber-news-updates-week-44-of-2022/)[ Intermediate 5m American Airlines Suffers Employee Email Data Breach, Personal Information at Risk Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)[ Intermediate 5m BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 42 of 2022","description":"While there are various types of data breaches, one can always attribute them to a vulnerability or a security posture gap that cybercriminals exploit to gain.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-42-of-2022/","datePublished":"2022-10-28T07:29:35.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-10-28T07:29:35.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-42-of-2022/"},"articleSection":"intermediate","keywords":"Announcements, Cybersecurity, Phishing Awareness","wordCount":1565,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/10/how-to-prevent-phishing-7694.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 42 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-42-of-2022/"}]} ```