Email Security News Round-Up [April 2022]

April 2022 in the cyberworld was like any other month with phishing, data breach, and email security breach news.

One of the most noteworthy reports of the month include Tesla and SpaceX CEO Elon Musk buying the world’s most influential social network, Twitter.

The largest shareholder of Twitter proposed to purchase the social media company on April 14, and on April 25, Twitter’s board of directors accepted Musk’s $44 billion offer.

Here’s a week-by-week recap of some of the biggest cybercrimes, attacks, and other email security and cybersecurity-related news of April.


April, Week 1

We referred to three prominent news stories in the first week of April. The topics varied from corporate to government infrastructure attacks, and attack types included spoofing, website takedowns, and data breaches.

Finnish Government Sites Taken Down for Hours

A DDoS attack took Finland’s defense and foreign affairs websites offline. Russian hackers have been under suspicion due to the current political situation and Finland seeking NATO membership. Some experts also connect this attack with Russian aircraft breaching Finnish airspace.

WhatsApp Voice-Messages Spoofing

Through a malicious phishing campaign, attackers impersonated WhatsApp with spoofing emails and sending voice message notifications.

Unsuspecting users click the email link, and it redirects to a page that attempts to install a malicious, obscured JavaScript code. Once installed, the malware can steal browser credentials.

Education, healthcare, and retail sectors were the most targeted institutions.

Cash App Data Breach Targeted 8.2 million U.S. Customers

Due to a former employee of Cash App, a data breach of 8.2 million U.S. customers occurred. The ex-employee downloaded internal Cash App information when he was no longer working for the company.

Cash App announced that they had reported the breach to the authorities and that the breach didn’t include sensitive data or any access codes for the accounts.


April, Week 2

April’s second week in cybersecurity wasn’t incident-free either.

We  chose to cover the most important news stories: The Microsoft data breach, Fox News stolen records, and Malicious cyber tools targeting North American energy concerns.

North American Energy Concerns Targeted

Many US government agencies warned the public with a joint alert about malicious cyber tools created by unknown threat actors. They also mentioned that the hackers could gain full access to numerous industrial control systems.

The threat actors have not yet been identified, but the Cybersecurity and Infrastructure Security Agency (CISA) is working on the issue.

Tarrask Hides Scheduled Tasks in Windows to Exploit Them Later

Microsoft was hacked again. This time, by the Hafnium hacking group who compromised Windows systems by building and hiding scheduled tasks.

The new malware, Tarrask, creates ‘hidden’ scheduled tasks to remove the task attributes and conceal the scheduled tasks from traditional means of identification. This method helped the group access hacked devices even after reboots.

Looking for scheduled tasks without a security descriptor is the only way to find these tasks in the Windows Registry.

13 Million Fox News Records Exposed

Thirteen million records of personally identifiable information were exposed due to a major Fox News data leak. Celebrity information, internal Fox admin data, and technical knowledge were included in the stolen data.

The data also included sixty-five thousand names of celebrities, cast, guests, and their internal Fox ID contact numbers. Other Fox-specific information included storage information, internal Fox emails, usernames, employee ID numbers, etc.


April, Week 3

The third week of April started with cybersecurity attacks on large companies and continued with local government data center attacks.

Massive Vulnerabilities Found in Elementor Website Builder

A code flaw was found in Elementor, a WordPress website builder plugin last week. The bug was found in version 3.6.0, released in March. Although it was handled in the last patch of the plugin, exposure could cause unauthenticated users to make changes on the website.

Java Suffered Encryption Implementation Errors

Oracle addressed a vulnerability in Java JDK versions 15 and later on April 19. This issue made it extremely easy for hackers to create fake SSL certificates and eavesdrop in a man-in-the-middle attack.

According to experts, the vulnerability was created as a result of a coding error.

Local Government Data Centers Impacted by a Cybersecurity Attack

Right on Easter weekend, a cyberattack targeted the Unified Government of Wyandotte County and Kansas City data centers. It’s still unknown what data was affected, but the U.S. Department of Homeland Security, the FBI, and the Mid-America Regional Council are investigating.

Week 4

The highlights of April’s fourth week include a reappearance of Lapsus$ and a large phishing fraud case. Let’s dive in to learn more about the top cybersecurity news of the week.

T-Mobile is the Next Victim of Lapsus$ Hacking Group

Another attack by Lapsus$ targeted T-Mobile, a telecoms giant. Although they say nothing pertaining to their customers or government was stolen, the hacker group still acquired source code belonging to the carrier.

As you already know, Lapsu$ focuses on data theft and extortion. It gains access to victims through various attack methods and steals sensitive information.

Several significant companies (including NVIDIA, Microsoft, and Samsung) have been victims of the hacking group,losing troves of sensitive data.

T-Mobile’s hack apparently happened several weeks prior to the announcement. The Lapsus$ hackers first attempted to access  internal systems and operational tools software with stolen credentials. They also stole source codes (30,000 repositories in total). The attack could result in sim swapping, putting T-Mobile users in danger.

T-Mobile has reported at least one incident per year with an impact on millions of users.

Cyberattacks on telecoms interest hackers because they have more value-effort ratio. The companies carry a lot of consumer data in their databases, and accessing one could potentially gain them gigabytes of personally identifiable information (PII), leading to more targeted attacks and, in turn, more money for them.


CEO Fraud in Germany-based Tech Company’s Hong Kong Branch Results in HHK$11.36 Million Lost

A Hong Kong branch of a German technology firm has recently experienced a large CEO fraud attack. The scammers forced the firm into transferring more than $1.4 million into two bank accounts, marking the largest Hong Kong-based scam of the year.

According to the employee that fell victim to the whaling attack, the email mentioned her name, so she assumed the money transfer request was actually coming from the CEO. She only realized it was a scam when she was comparing notes with the head office.



So, as we wrap up April highlights of the most crucial email security and cybersecurity news, we want to once again stress the importance of keeping your business assets and personal details safe.

Follow cybersecurity best practices and protect your email infrastructure with EasyDMARC.

How DMARC Can Improve Email Deliverability?

How DMARC Can Improve Email Deliverability?

There’s no doubt that email marketing is an essential and powerful tool for any...

Read More
Email Security News Round-Up [September 2022]

Email Security News Round-Up [September 2022]

September was a busy month filled with email security news and cybersecurity news stories...

Read More
How to Increase Domain Reputation with SPF

How to Increase Domain Reputation with SPF

Is your email open rate decreasing? Noticing a higher bounce rate? Well, this could...

Read More