4 Sophisticated Phishing Campaigns Impacting the Healthcare SectorOctober 9, 2020
– Hackers have leveraged the COVID-19 public health crisis to improve the sophistication and increase the frequency of attacks. Specifically, email phishing that targets enterprise organizations dominate the threat landscape, with the healthcare sector among the most targeted amid the public health crisis.
In the last year, Microsoft blocked 13 billion malicious and suspicious emails, of which 1 billion were URLs set up with the explicit purpose of phishing credential attacks. And as threat actors continue to hone their methods, these attacks have become increasingly harder to detect.
Indeed, previous data from IRONSCALES found healthcare recipients are the biggest target for credential theft attempts through social engineering attempts and spoofed login pages. During the first half of 2020, researchers identified over 50,000 fake login pages for 200 prominent brands.
“The operation, commonly known as credential theft, is simple: target unsuspecting recipients with an email spoofing a trusted brand and persuade them via social engineering to insert their legitimate credentials, such as a username and password, into a fake login page either embedded within the body of an email or built into a phishing website,” researchers explained at the time.
To make matters worse, Proofpoint found that ransomware attacks delivered via phishing campaigns are on the rise, showing similarities to 2018 attack methods. In total, hackers sent as many as 350,000 emails using this method each day, per campaign.
READ MORE: CISA Alerts to Phishing Campaign Spoofing COVID-19 Loan Relief Site
As a concerning number of healthcare providers have fallen victim to these types of attacks in recent months, it’s crucial for organizations to understand current threat methods to educate staff and employ technology to defend against these attacks. And most importantly, implementing multi-factor authentication is shown to block 99.9 percent of automated attacks.
Overlay Tactic Aimed at Employee Credential Theft
One of the newest phishing campaigns was spotted in the wild by Cofense leverages message quarantine phishing, or emails that imitate messages sent from an organization’s technical support team. The hackers disguise these emails as sent from the company’s email service.
Entities should look out for messages that claim several emails have failed to process properly and has blocked them from being delivered to the inbox. The employee is asked to review the messages to confirm the validity, with some messages stating some are being held for deletion to evoke urgency.
“This could potentially lead the employee to believe that the messages could be important to the company and entice the employee to review the held emails,” researchers explained at the time. “Potential loss of important documents or…