---
title: "Cyber Security News Update, Week 11 of 2020 | DuoCircle"
description: "Worried that your security certificate is out of date?"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/"
---

Quick Answer

Week 11 of 2020 covered: a malware campaign overlaying compromised websites with a fake security-certificate iframe that delivers the Mokes backdoor or Buerak downloader while preserving the legitimate URL; a ransomware attack on the Stuart, FL police department that destroyed evidence and forced prosecutors to drop 11 narcotics cases against six suspects (the seventh known case where ransomware impacted prosecutions); a Help Net Security report on hidden mobile apps as the most active mobile threat, abusing third-party logins and serving unwanted ads while remaining invisible; a new Mailto ransomware variant identified by Quick Heal Security Labs that evades antivirus by injecting code into Windows Explorer; the City of Cartersville, GA paying a $380,000 ransom (down from a $2.8 million initial demand) covered largely by insurance; a J. Crew breach disclosed nearly a year after attackers used credential stuffing to access account info, last four digits of payment cards, expiration dates, and shipping data; and a Digital Munition study showing 54% of healthcare vendors had a PHI breach, 41% suffered six or more in two years, with average breach cost of $2.75 million.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2011%20of%202020&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2020%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2011%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2011%20of%202020&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-11-of-2020%2F "Share via Email") 

![Cyber Security](https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5687.jpg) 

_Worried that your security certificate is out of date?_ You should be, but not because it’s out of date, but because the notice you get informing you it’s out of date is a scam.

[From SC Magazine](https://www.scmagazine.com/news/malware/dont-install-that-security-certificate-its-a-malware-scam), “_Cybercriminals have been compromising websites to display a **fake security certificate** error message in hopes of tricking visitors into downloading the [Mokes](https://www.scmagazine.com/?s=Mokes) backdoor or the Buerak downloader_. The fake notification is delivered via a malicious iframe. The iframe matches the size of the victimized webpage and perfectly overlaps the original content. _The URL bar still displays the correct address_, so visitors are less likely to become suspicious.” Damn.

## Ransomware Attack at Polic Dept

There used to be a time that if you wanted to get out of jail, you had to do it the old-fashioned way by jumping over the fence. Not anymore. From [KnowBe4](https://blog.knowbe4.com/ransomware-attack-on-police-department-encrypts-evidence-sets-criminals-free), “Last year, the police department in Stuart, FL was hit with a **ransomware attack**. The ripple effect of this attack is still being felt as _the evidence in 11 cases was a part of the data held for ransom and was unrecoverable_. The result of this was US prosecutors being forced to drop 11 narcotics cases against six suspected drug dealers, with no evidence, there is no case.”

The crazy thing is, this isn’t the first time this has happened. “This is reportedly the seventh incident of its kind, where ransomware has had impacts on cases.” I know what I’m doing if I ever get arrested.

[![Phishing](https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5688.jpg)](https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5688.jpg)

## Phishing Phrontier

_It’s no secret that today the items most at risk to cyber threats are mobile devices_. People spend the most time on them, so hackers spend the most time **trying to compromise** them. It all makes sense.

Today comes a [story](https://www.helpnetsecurity.com/2020/03/06/hackers-target-consumers/) from Help Net Security about the most active threat to mobile devices: **the hidden app**. “_Hidden apps take advantage of unsuspecting consumers in multiple ways_, including taking advantage of consumers using third-party login services or serving unwanted ads. There exists a growing trend for many apps to remain hidden, stealing precious resources and important data from the device that acts as the remote control to consumers’ digital world.” _It’s hard to stop what you can’t see_.

## Mailto Ransomware

_One of the things hackers do really well is come up with countermoves to security defenses_. Case in point, from [KnowBe4](https://blog.knowbe4.com/cyberheistnews-vol-10-11-heads-up-new-ransomware-strain-evades-av-and-injects-malicious-code-right-into-windows-explorer-process), “Researchers at Quick Heal Security Labs discovered a new strain of the **_Mailto_ ransomware** that _uses a novel way to disguise itself to evade detection and stay invisible for Antivirus products_.” You install antivirus software, the hackers come up with a way to bypass it.

The bad news? There may not be a cure for this yet. “Mailto ransomware is still being analyzed and it is not yet known if there are any weaknesses in its **encryption algorithm** that could be used to decrypt locked files for free.” Stay tuned.

## Body Count

The good [news](https://www.scmagazine.com/home/security-news/ransomware/city-of-cartersville-paid-380k-ransom-to-restore-access-to-files/) for the city of Cartersville, GA? When they were struck with a **ransomware attack** last year, they paid the ransom and “The attackers did deliver the **decryptor keys** necessary to regain access about 48 hours after the payment was made and all systems were operational soon thereafter.” The bad news? _The decryptor keys cost a whopping $380,000_.

If there’s a silver lining, it’s that “_the initial ransom demand was for $2.8 million, payable in bitcoin_, and that the city’s insurance paid the majority of the cost.” So, they’re good negotiators and they were smart enough to buy insurance. Still, I can’t help but think that buying [anti-phishing software](/email/phishing-protection) for all their employees would have been way cheaper.

## J. Crew Phishing Attack

It’s not the first online retailer to be hit and it probably won’t be the last. J.Crew, the seller of casual clothes for men and women, [notified](https://www.scmagazine.com/home/security-news/j-crew-says-year-old-breach-exposed-customer-account-info/) “a group of customers that an _unauthorized third-party accessed their accounts nearly a year ago using their login credentials and obtained personal information_, including the last four digits of payment card numbers, expiration dates, card types and billing addresses as well as order numbers, shipping confirmation numbers and shipment status.”

Did it really take a year to tell their affected customers? Yep. “Because _J. Crew didn’t reveal the attack publicly until almost a year after it occurred_, Knudsen said hackers may have already used the information in other attacks.” It’s one thing to get your customers’ **information hacked**. It’s quite another to not tell them for a year. Shame on you J. Crew.

[![Data Breaches](https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5689.jpg)](https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5689.jpg)

## Data Breaches at Healthcare Companies

Ever wonder how bad data breaches have gotten at healthcare companies? Now we know. According to an article on [Digital Munition](https://www.digitalmunition.me/54-of-healthcare-vendors-have-experienced-a-data-breach-of-protected-health-information/), “_54% of healthcare vendors have experienced a data breach of protected health information_.” That’s not the really shocking part.

“_Of those 54 percent of respondents, 41 percent experienced six or more data breaches over the past two years_. The average **breach costs $2.75 million** and exposes nearly 10,000 records. Many of the vendor respondents believe that healthcare providers do not fully embrace risk assessments to accurately measure and manage third-party risk.” Do you think?

And that’s the week that was.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 1m  April Spam Filtering Uptime Report  May 4, 2016 ](/blog/announcements/april-spam-filtering-uptime-report/)[  News 2m  Changes to Spam Filtering Technology  Feb 8, 2023 ](/blog/announcements/changes-to-spam-filtering-technology/)[  News 4m  Cyber Security News Update, Week 1 of 2020  Jan 3, 2020 ](/blog/announcements/cyber-security-news-update-week-1-of-2020/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 11 of 2020","description":"Worried that your security certificate is out of date?","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/","datePublished":"2020-03-13T14:16:48.000Z","dateModified":"2025-05-27T12:27:59.000Z","dateCreated":"2020-03-13T14:16:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":853,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5687.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 11 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 11 of 2020","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 11 of 2020","description":"Worried that your security certificate is out of date?","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/","datePublished":"2020-03-13T14:16:48.000Z","dateModified":"2025-05-27T12:27:59.000Z","dateCreated":"2020-03-13T14:16:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-11-of-2020/"},"articleSection":"announcements","keywords":"","wordCount":853,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/03/email-migration-service-5687.jpg","caption":"Cyber Security","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
