--- title: "Cybersecurity Updates For The Week 44 of 2022 | Phish Protection" description: "Cybersecurity Updates For The Week 44 of 2022: Threat actors continue to target organizations worldwide to get access to their information assets. It may be." image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-44-of-2022.png" canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-44-of-2022/" --- Quick Answer Threat actors continue to target organizations worldwide to get access to their information assets. It may be challenging to anticipate a phishing attack, but one can surely learn from the attacks that have taken place to understand how these Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-44-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2044%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-44-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-44-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-44-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2044%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2044%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-44-of-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/11/protection-from-phishing-6734.jpg) Threat actors continue to target organizations worldwide to get access to their information assets. It may be challenging to anticipate a phishing attack, but one can surely learn from the attacks that have taken place to understand how these malicious actors operate and adopt [anti-phishing](/content/anti-phishing/) measures accordingly. To that end, here are the phishing and **breach-related updates** for the week. ### Newly Discovered Crimson Kingsnake Threat Group Impersonates Law Firms in BEC Attacks Researchers discovered a new business email compromise (BEC) group called\*\* ‘Crimson Kingsnake,’\*\* which impersonates famous international law firms to trick users into approving overdue invoice payments. The cybercriminals impersonate lawyers sending invoices for payment of services they supposedly provided to the target firms a year ago. The approach creates a solid attack vector for the [BEC attack](https://www.proofpoint.com/us/threat-reference/business-email-compromise), as recipients get intimidated when receiving emails from reputed law firms like the ones threat actors impersonated in the scams. Analysts at[Abnormal Security](https://www.bleepingcomputer.com/news/security/new-crimson-kingsnake-gang-impersonates-law-firms-in-bec-attacks/?&web%5Fview=true)first discovered the Crimson Kingsnake campaign in March 2022 and reported they identified 92 domains linked to the group, all impersonating genuine law firm sites. The [typosquatting](https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/) approach allows the BEC actors to send emails to victims through an address appearing authentic at first glance. _The emails have the impersonated entities’ letterheads and logos, and the threat group crafts them professionally, featuring punctual writing._ ![Protection from phishing](https://media.mailhop.org/phishprotection/images/2022/11/protection-from-phishing-6734.jpg) ### LockBit Ransomware Gang Claims to be Behind The Attack on Continental Automotive Group [The LockBit ransomware gang](https://techcrunch.com/2022/11/10/police-arrest-suspected-lockbit-operator-as-the-ransomware-gang-spills-new-data/) announced they recently hacked Continental, the German automotive parts manufacturing company. The threat group added the name of the automotive group to its **Tor leak site** and threatened to publish the data if the manufacturer did not pay the ransom. The cybercriminals fixed the deadline of November 4, 2022, 15:45:36 UTC, for paying the ransom. The circumstances suggest the automotive major had not negotiated with the criminals yet or refused to pay the ransom. However, it is still unclear if the **LockBit 3.0 ransomware group** was behind the attack that Continental discovered on August 24, 2022 . > “In a recent cyberattack, attackers infiltrated some of Continental’s IT systems. We detected the attack in early August and averted it. Continental’s business activities were not affected at any point, and the technology group maintains **complete control** over its IT systems. Current information suggests the IT systems of third parties were not affected,” [a](https://www.continental.com/en/press/continental-informs/) statement published by Continental mentioned. ### Hackers Take Down Alma Radio Telescope in Chile **The ALMA observatory** in Chile had to shut down after threat actors targeted its computer systems. One of the world’s most advanced and largest telescopes had to suspend operations following the cyberattack. The[Atacama Large Millimeter/submillimeter Array (ALMA)](https://www.independent.co.uk/space/alma-radio-telescope-chile-attack-b2216170.html?&web%5Fview=true), located in Northern Chile’s Atacama Desert, said that an attack targeting its systems last weekend compelled it to shut down its public website and suspend operations. The attack also affected the email services at the observatory, consisting of a group of **66 radio telescopes** that study planet formations and star births. > “We contained the threat, and the specialists are working to restore affected systems. The cyberattack did not compromise any ALMA antennas or scientific data,” the observatory tweeted. The incident inconvenienced researchers worldwide who rely on ALMA experts and the telescope. ### Updated Drinik Malware Targets 18 Indian Banks An upgraded variant of the **Drinik Android trojan** recently[ targeted 18 Indian banks](https://www.bleepingcomputer.com/news/security/drinik-android-malware-now-targets-users-of-18-indian-banks/) and stole the victims’ personal and bank account information. Drinik has a circulation history in India and has operated as an **SMS stealer** since 2016, In the latest campaign,[Drinik](https://cyware.com/news/drinik-malware-now-targets-18-indian-banks-1921d2bc)impersonated the **Income Tax Department of India** and potentially targeted victims in 18 Indian banks for stealing their income tax credentials. The malware’s latest variant, found in August, is distributed in an APK file (iAssist.apk), integrated into Android’s iAssist app. _It lures users to claim an instant tax refund and tricks them into submitting personal details like full name, PAN number, Aadhar number, and financial information._ The\*\* phishing scam\*\* abuses the Accessibility Service and obtains the required permissions to control the compromised systems. The latest malware can perform keylogging and screen recording to harvest credentials. Furthermore, it manages incoming calls by abusing the **CallScreeningService**. ### US Govt Employees are Vulnerable to Mobile Attacks Because of Outdated Android, iOS According to a recent report by the [cybersecurity firm](/) Lookout, almost half of Android mobile phones used by the US state and local government employees were running **outdated versions of the OS**, exposing them to[numerous vulnerabilities](https://www.bleepingcomputer.com/news/security/us-govt-employees-exposed-to-mobile-attacks-from-outdated-android-ios/?&web%5Fview=true)that hackers can leverage for attacks. The report analyzed 175 million applications and 200 million devices from 2021 to H2 2022\. It warns about an uptrend in all threat metrics, including reliance on unmanaged mobile devices, attempted cyberattacks against government employees, and liability bottlenecks in mission-critical networks. The CISA (Cybersecurity & Infrastructure Agency) published a [‘Known Exploited Vulnerabilities Catalog’](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) containing the\*\* vulnerabilities’\*\* list that hackers actively exploited in attacks and a date by which federal agencies must patch them. However, while CISA advises state and local governments to follow the guidelines , it is not mandatory to do so under this directive. Furthermore, the report arrives days before the US midterm elections, with FBI and Trellix reporting that election officials and workers are **getting targeted with phishing campaigns** to steal credentials or install malware . ### Leaked Amazon Server Exposes Viewing Habits of Amazon Prime Customers > “An Elasticsearch database called **Sauron** remained unprotected without any security authentication.” According to researcher Anurag Sen , the internal Amazon server storing the database contained Prime Video viewing habits. The server remained accessible over the internet because it had **no password protection**. Hence, anyone could enter an IP address in a web browser and access the available data. The database contained pseudonymized viewing data’s 215 million records , including \_the streaming movie’s or show’s name, the device used, and similar internal data like network quality and subscription information. \_ While the database contains[Amazon Prime](https://www.hackread.com/amazon-prime-video-viewing-habits/?web%5Fview=true)customers’ information, hackers cannot use it to identify the customers by name. However, the security lapse highlights the dangers and drawbacks of\*\* misconfigured internet-facing servers\*\* without password protection. Amazon spokesperson Adam Montgomery said **‘deployment glitches with a Prime Video analytics server’** caused the issue. When Amazon was notified about the exposed database, it took adequate steps to make it inaccessible. ![Email phishing protection](https://media.mailhop.org/phishprotection/images/2022/11/email-phishing-protection-8369.jpg) ### Osaka Hospital Forced to Suspend Services After Ransomware Cyberattack A hospital in **Osaka** disclosed that it suspended non-emergency outpatient operations and services following a [ransomware attack](/resources/ransomware-attack-why-organizations-pay-ransom/) on its electronic medical record system. The medical facility has 36 departments with 865 beds. Osaka[General Medical Center](https://www3.nhk.or.jp/nhkworld/en/news/20221101%5F07/?&web%5Fview=true)‘s staff told reporters that the system failed around 7 am, and they could not access it. They added that a contractor examining the failure said that a **ransomware computer virus** had attacked the system. The threat actor reportedly sent an English-written email to the hospital’s server, saying they had encrypted all its files. They are demanding the hospital pay a ransom and warned the amount would depend on how soon the officials respond. Interestingly, the hackers are demanding **Bitcoins as ransom**. The officials said they were now using paper medical records and expressed uncertainty about the resumption of normal operations. **Shimazu Takeshi**, the hospital’s director, said hospital staff worked hard to restore the system and apologized to patients and stakeholders for the inconvenience and trouble. ### Label Printing Giant Discloses a Data Breach Label printing major **Multi-Color Corporation (MCC)** started informing employees that a recent cyberattack might have compromised their personal information. Supplying premium label solutions worldwide, MCC employs nearly 10,000 employees and operates 100 label-producing operations. _It offers label solutions to organizations in the chemicals, food, healthcare, automotive, beverage, technical, and other industries._ In a data breach notification recently, MCC announced that it discovered[unauthorized access](https://www.securityweek.com/label-giant-multi-color-corporation-discloses-data-breach?&web%5Fview=true)to its network on September 29, 2022. An investigation into the incident revealed that **sensitive HR data** might be compromised, including\_ “employee files and enrolment information in our benefits programs.”\_ MCC further added that it collected and retained “personal details to facilitate payroll, administer the health and wellness program, and complete other critical business functions.” Both former and current MCC employees got impacted. Additionally, the [data breach](/blog/data-breaches-how-they-impact-small-businesses/) can impact the information related to employee partners, spouses, or dependents enrolled in the benefits programs. The company said the incident did not impact its suppliers and customers, as it did not collect or save their personal information. MCC did not detail the type of cyberattack it became a target of. Still, it appears the company might be in contact with the attackers, likely to pay a ransom to ensure they destroy any stolen data. > “However, based on the measures we implemented and the actions we undertook, there is no indication that any personal information related to the [cybersecurity](/content/cybersecurity-in-a-nutshell/) incident has been misused or will get misused in the future,” the company said. ## Topics [ Announcements ](/tags/announcements/)[ Cybersecurity ](/tags/cybersecurity/)[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m American Airlines Suffers Employee Email Data Breach, Personal Information at Risk Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)[ Intermediate 5m BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000 Feb 20, 2023 ](/blog/find-out-about-the-latest-case-of-threat-actors-utilizing-phishing-as-a-service-to-steal-120000/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 44 of 2022","description":"Cybersecurity Updates For The Week 44 of 2022: Threat actors continue to target organizations worldwide to get access to their information assets. It may be.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-44-of-2022/","datePublished":"2022-11-11T16:05:36.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-11-11T16:05:36.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-44-of-2022/"},"articleSection":"intermediate","keywords":"Announcements, Cybersecurity, Phishing, Phishing Awareness","wordCount":1493,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/11/protection-from-phishing-6734.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 44 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-44-of-2022/"}]} ```