Email Security News Round-Up [January 2022]

2022 is another year of increasing digitalization after the Covid-19 pandemic. A great amount of data was created because of the expanding use of digital tools.

Annual total internet traffic is expected to increase by about 50% this year. The epidemic has also shown how growing digitization has ushered in a new era of cyberattacks worldwide, and how interconnected all organizations are.

The topic concerning how a typical organization may protect itself against cybercriminals is becoming increasingly relevant because of pandemic-induced phishing attacks.

This article covers the top cybersecurity and email security news of January 2022.

Microsoft Starts 2022 with a Bug

Microsoft has made the first email security news headlines of 2022. It started the year with a huge issue. The bug that occurred with emails on Microsoft Exchange Server 2016 and Exchange Server 2019 caused messages to become blocked in transport queues. “This problem is due to a date check failure at the start of the new year, not a breakdown of the AV engine,” Microsoft explained.

The patch for the issue was released on January 3 and included a PowerShell fix. Alternatively, companies could remove the problem manually.

COVID-19 Phishing Emails Surge 500% on Omicron Concerns

Email security latest news headlines continue to be related to the COVID-19 pandemic.

As you know, attackers who specialize in social engineering frequently use recent events to leverage the news around them and sow chaos. For example, the latest Covid-19 variant, Omicron, has resulted in a 521% spike in phishing attacks.

Cybercriminals offer unauthorized COVID-19 tests and protective equipment to trick users into clicking on malicious links and entering personal data. Others impersonate testing labs to make employees share their results.

In other cases, the consumer may receive a fake notification about an unpaid order of tests in phishing emails and have to give their PayPal details to fulfill the delivery of the kit.

These pandemic-themed scams won’t disappear overnight, but companies can still protect their network and employees from phishing by following some top best practices.

Malicious USB Drives Mailed to US Firms via Post

Emails that contain malicious links or attachments are quite common these days. Still, the bad actors in this news chose to make an appearance in an old-fashioned way. They mailed USB devices to various US-based businesses in the transportation, defense, and insurance sectors. This method of spreading malware, by the way, has become a signature move for the hacker group.

Reportedly, the USB stick, if plugged into a computer, may have allowed the hackers access to an organization’s networks, allowing them to spread ransomware.

The FBI blamed the occurrences on an Eastern European cybercrime ring (FIN7) that, as US prosecutors state, is responsible for billions of dollars in losses to US consumers and corporations. FIN7 is suspected of collecting millions of credit card details from restaurant and hospitality businesses in 47 states, according to the US Department of Justice.

Scammy QR Codes Link to Malicious Sites

If you haven’t been living under a rock, there’s a chance that you’ve used a QR code to access a website, see a menu at a restaurant, or get further details about an ad. These codes may be found practically anywhere: on TV commercials, in real estate listings, and in social media posts.

The pandemic sparked a spike in QR code usage. Restaurants replaced paper menus with online versions accessible on mobile phones to reduce virus transmission.

Naturally, cybercriminals exploited the use of QR codes to scam unsuspecting customers. Scanning fake QR codes will not harm your phone in any way – it won’t download malware in the background or anything. However, it’ll direct you to websites encouraging you to divulge  credit card details or give out other personal information.

Several stickers containing illicit codes were discovered on parking meters in Austin and San Antonio during the holiday season. These QR codes were directing users to a site promising quick pay options for parking.

Qubit DeFi Platform Suffers a Cryptocurrency Attack Worth $80 Million

Hackers stole about $80 million in Bitcoin from Qubit Finance on the evening of January 27th. Because of the amount of cryptocurrency stolen, it’s the most significant hack of 2022 so far.

Qubit is an exchange platform that allows you to deposit one coin and withdraw some other one. The gist of the attack was that the hackers were able to take advantage of a security flaw in Qubit’s smart contract code. As a result, they deposited 0 ETH and took out nearly $80 million in Binance Coin.

To reduce losses for the Qubit community, their Finance team directly appealed to the hacker in a statement on Twitter, requesting them to negotiate.

Enterprises Attacked With Lateral Phishing Using Device Registration

At the beginning of 2022, Microsoft discovered and announced more email cybersecurity news, about a sizable multi-phase phishing attack. These attacks manifested through unsecured accounts, which didn’t use multi-factor authentication.

The attacks were two-staged:

In the first stage, organizations in Singapore, Australia, Indonesia, and Thailand were the prime targets. Users received phishing links, leading them to a rogue website instead of the Office 360 login page. Credential theft followed.

The second phase of the attack focused on organizations’ weak cyber hygiene where additional layers of security like MFA authentication weren’t used.

Therefore, attackers targeted and leveraged over 8,500 user mailboxes, sending malicious emails. 

Email security breach news like this reflects just how worrisome the situation with poor security hygiene can get.

Small Business Administration Announced Additional Funding for SMBs

The Small Business Administration (SBA) of the United States has received an additional $3 million in funding to help small businesses improve their cybersecurity infrastructure.

Small businesses have adopted technology at a high rate to survive and develop their operations throughout the COVID-19 pandemic.

Cybersecurity has become more crucial than ever; therefore, small business owners have to face many challenges.

With this program, state governments can provide small firms with guidance, training, remediation, and other cybersecurity services. The Small Business Administration (SBA) provides grants of up to $1 million to small businesses.

Businesses have started to submit their applications in January 2022.

Final Thoughts

As you can see, cybersecurity and email security news has already started fulfilling our trends predictions for 2022. Cryptocurrency attacks are gaining momentum, phishing is ever-present, and Covid is still ruling cyberspace.

The email security latest news also shows that the year has started with malicious emails, domain squatting, ransomware, and more. Reviewing past years’ email security breach news, it’s easy to see just how essential domain protection and good cyber-hygiene is for organizations and individuals.

SPF Record Syntax: Structure and Components

SPF Record Syntax: Structure and Components

Understanding what SPF is and bringing it into use is important for technology-driven businesses...

Read More
What is a DKIM Record?

What is a DKIM Record?

What is a DKIM record? That's a question we see everywhere these days. Emails...

Read More
What is an SPF Record?

What is an SPF Record?

What if you realize a threat actor is misusing your domain name to send...

Read More