Email Security News Round-Up [May 2022]

Email attacks contribute to millions of lost dollars each month.

Since the world pandemic in 2020, numerous businesses have been working remotely. As a result, businesses must stay on top of the evolving tactics of cybercriminals. 

From spying campaigns and phishing scams to massive cyberattacks exposing customer data of big companies, here are some of May’s top cybersecurity and email security breach news stories.

 

May, Week 1

May’s first-week highlights include spying companies targeting big organizations and a phishing scam causing a $23 million loss to the U.S. Department of Defense.

Let’s dive into the top cybersecurity news of the week.

 

Hundreds of Global Companies Targeted By Spying Campaign

Cybersecurity firm Cybereason discovered a spying effort called Operation CuckooBees.

The Winnti Group or APT 41 was believed to be behind this campaign. After a 12-month investigation, Cybereason found that source code, R&D documents, blueprints, and other sensitive and intellectual property were stolen.

The attackers also acquired massive data from various international companies in the energy, pharmaceutical, defense, and aerospace industries, which could be used for future cyberattacks.

U.S. Department of Defense Lost $23M in a Phishing Scam

Cybercriminal Sercan Oyuntur and his fellow criminal schemers from Turkey, Germany, and New Jersey, targeted a U.S. Department of Defense contractor.

By scamming an individual responsible for communicating with the DoD, the cybercriminals attempted to steal money meant for a company supplying jet fuel to U.S. troops in Southeast Asia.

In 2018, the cybercriminals sent phishing emails to various DoD vendors, tricking agents into visiting phishing websites and divulging confidential credentials.

May, Week 2

As the Russian-Ukrainian war began in February, cybersecurity news surrounding the conflict continued to emerge.

In only the second week of May, there were two important incidents linked to the conflict:  Russian TV channels were disrupted by cybercriminals and the largest Russian video streaming platform was hacked.

 

Russian TV Disrupted by Hackers Hijacking Anti-Russian Slogans 

In February, the cybercriminal group “Anonymous” announced a “cyberwar” against Russia, because of its aggression toward Ukraine. 

On May 9, during the Victory Parade, hackers hijacked Russian TV stations, flashing anti-Russian slogans.

 

The Largest Russian Video Platform Hacked

Hacker group Anonymous took responsibility for another attack that took place on Monday.

The largest video streaming Russian website, Rutube, went dark when the hacker group crippled RuTube’s infrastructure (the main version, backup, and cluster databases).

It’s unclear when the website will be fully recovered; though loading slowly, it came back online on Wednesday afternoon.

 

The U.S. State Department Offered $10 Million Reward To Help Disclose Conti Ransomware Group

Russian-based cybercriminal group Conti and Gold Ulrick’s partnership resulted in one of the most prolific ransomware attacks worldwide.

As of January 2022, the threat group had victimized over 1,000 organizations.

The U.S. State Department announced rewards of up to $10 million for data about Conti cybercrime team members and $5 million for espionage data about the people who were a part of the ransomware attack.

 

May, Week 3

The third week of May was accompanied by illegal actions of cybercriminals and data leakage attempts.

Here are the top stories of May’s third week!

 

U.S. Government Warns of Illicit Actions of North Korean I.T. Workers

Companies inside the U.S. have been warned to be careful about who they’re hiring from other countries.

After months-long suspicious activities, this warning was issued by the U.S. Department of State, the U.S. Department of the Treasury, and the F.B.I.

North Korean IT workers are suspected of engaging in malicious cyber-enabled activities, assisting with the country’s money-laundering, virtual currency transfers, and other illicit activities.

 

1.8 Million Texan’s Sensitive Information Exposed by a Data Breach

On May 18, an update on the 1.8 million Texan’s sensitive data revelation was issued by the Texas Department of Insurance.

The TDI web application was temporarily disconnected after a programming code error.

An audit released on May 12 discovered that workers’ data linked to compensation claims may have been accessible to strangers.

The information included names, addresses, Social Security numbers, etc.

May, Week 4

The last week of May wasn’t particularly quiet, either.

Catch up on the latest happenings in the cyberworld with some noteworthy cybersecurity news stories.

 

General Motors Under Cyberattack Exposing Customer Data

Recently, American automotive manufacturing company General Motors noticed suspicious logins to certain GM online accounts, which led to unauthorized redemptions of customer reward points for gift cards.

Threat actors supposedly gained access to that information through other non-GM sites and re-used it to access the company’s user accounts.

Afterward, the company disabled the feature, informed the customers about the attack, and reported the activity to law enforcement. 

General Motors suspended gift card redemptions in response to the suspicious activity and notified affected customers of these issues, suggesting they change passwords.

The cybercriminals might have obtained access to data like:

  1. Personal address
  2. First and last name
  3. Personal email address
  4. Last saved favorite location details
  5. Search and destination info

Despite the data breach, GM Motors said Social Security numbers, dates of birth, bank account details, and other sensitive information was not compromised.

 

Microsoft Announces Major Vulnerabilities in Pre-Installed Apps of Android Devices

And the last week of May concludes with another massive cybersecurity breach.

On Friday, Microsoft 365 Defender Research Team released an advisory about several hazardous vulnerabilities in a mobile framework. In pre-installed Android System apps, the framework could allow the implantation of a persistent backdoor on Android devices.

The mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers, was found to contain four high-severity vulnerabilities.

According to the researchers, the four flaws are CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601.

These defects have been exposing millions of pre-loaded Android apps to malware attacks. 

With the comprehensive system privileges of pre-installed apps, attackers could easily exploit such vulnerabilities and access system configuration and sensitive information.

Other apps on Android and iOS devices were also affected by these vulnerabilities.

Bug hunters of Microsoft stated that some of the impacted apps couldn’t be fully uninstalled/disabled without source access to the device.

To date, no reported exploitations of these vulnerabilities have been reported.

 

Conclusion

Our May round-up includes the most important cybersecurity and email security breach news headlines.

Keeping up with the vast importance of cybersecurity-related information is challenging, but you can stay abreast of top stories right here.

Every news story on this round-up proves that cyber and email security should be prioritized!

 

How to Prevent Data Breaches?

How to Prevent Data Breaches?

If you run a company that relies on the internet to operate you must...

Read More
Reputational Cost of a Data Breach

Reputational Cost of a Data Breach

When the internet was created, security wasn't the main focus in any corner of...

Read More
What Should a Company Do After a Data Breach?

What Should a Company Do After a Data Breach?

No company is 100% immune to data leaks. Cyberattackers are constantly improving their methods,...

Read More
×