The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.
“On 18 March 2020, network perimeter cybersecurity tools associated with US-based medical providers identified email phishing attempts from domestic and international IP addresses,” the FBI says in a flash alert coordinated with the DHS Cybersecurity and Infrastructure Security Agency (CISA).
Multiple methods were used by the threat actors behind to deliver their malicious payloads including the exploitation of “Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.”
“The capabilities of these malicious attachments are unknown, but they would have likely created an initial intrusion vector to enable follow-on system exploitation, persistence, and exfiltration,” the FBI adds.
Indicators of compromise
As part of the flash alert, the FBI also provides indicators of compromise related to these ongoing phishing attempts to help network defenders to protect their environments against these attacks.
The US domestic intelligence and security service is also providing an attached list of hashes related to additional COVID-19 phishing.
|Email Sender||Email Subject||Attachment Filename||Hash|
|firstname.lastname@example.org||PURCHASE ORDER PVT||Doc35 Covid Business Form.doc||babc60d43781c5f7e415e2354cf32a6a24badc96b971a3617714e5dd2d4a14de|
|email@example.com||Returned mail: see transcript for details||Covid-19_UPDATE_PDF.7z||de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44|
|firstname.lastname@example.org||COVID-19 UPDATE !!||Covid-19_UPDATE_PDF.7z||de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44|
|email@example.com||Information about COVID-19 in the United States||covid50_form.vbs||d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c|
|firstname.lastname@example.org||Business Contingency alert -COVID 19||COVID-19 Circular.jar||eacc253fd7eb477afe56b8e76de0f873259d124ca63a9af1e444bfd575d9aaae|
|email@example.com||Todays Update on COVID-19||Todays Update on COVID-19.exe||7fd2e950fab147ba39fff59bf4dcac9ad63bbcdfbd9aadc9f3bb6511e313fc9c|
|firstname.lastname@example.org||World Health Organization/ Let‚Äôs fight Corona Virus together||COVID-19 WHO RECOMENDED V.exe||d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5|
Mitigation and reporting phishing attacks
The FBI urges companies and individuals that were targeted in a phishing attack to share a copy of the received emails, including copies of the attachments and the full email headers.
“Please do not open the attachment if you or your organization does not have the capability to examine the attachment in a controlled and safe manner,” the FBI warns.
“Additionally, if you or your company is a victim of a cyber intrusion related to email phishing, please retain any logs, image(s) of infected device(s), and memory capture of all affected equipment, if possible, to assist in the response by the FBI.”
The FBI also recommends the following mitigation measures to defend against phishing attacks:
• Be wary of unsolicited attachments, even from people you know. Cyber actorscan “spoof” the return address, making it look like the message came from a trusted associate.
• Keep software up to date. Install software patches so that attackers can’t take advantage of known problems or vulnerabilities.
• If an email or email attachment seems suspicious, don’t open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
• Save and scan any attachments before opening them.
• Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and disable it.
• Consider creating separate accounts on your computer. Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
• Apply additional security practices. You may be able to filter certain types of attachments through your email software or a firewall.
Re-Blogged From : Source