FBI warns of COVID-19 phishing targeting US health providers

FBI warns of COVID-19 phishing targeting US health providers

FBI warns of COVID-19 phishing targeting US healthcare providers

The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.

“On 18 March 2020, network perimeter cybersecurity tools associated with US-based medical providers identified email phishing attempts from domestic and international IP addresses,” the FBI says in a flash alert coordinated with the DHS Cybersecurity and Infrastructure Security Agency (CISA).

Multiple methods were used by the threat actors behind to deliver their malicious payloads including the exploitation of “Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.”

“The capabilities of these malicious attachments are unknown, but they would have likely created an initial intrusion vector to enable follow-on system exploitation, persistence, and exfiltration,” the FBI adds.

Phising email sample used in these attacks
Phishing email sample used in these attacks

Indicators of compromise

As part of the flash alert, the FBI also provides indicators of compromise related to these ongoing phishing attempts to help network defenders to protect their environments against these attacks.

The US domestic intelligence and security service is also providing an attached list of hashes related to additional COVID-19 phishing.

Email Sender Email Subject Attachment Filename Hash
srmanager@combytellc.com PURCHASE ORDER PVT Doc35 Covid Business Form.doc babc60d43781c5f7e415e2354cf32a6a24badc96b971a3617714e5dd2d4a14de
srmanager@combytellc.com Returned mail: see transcript for details Covid-19_UPDATE_PDF.7z de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44
srmanager@combytellc.com COVID-19 UPDATE !! Covid-19_UPDATE_PDF.7z de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44
admin@pahostage.xyz Information about COVID-19 in the United States covid50_form.vbs d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c
help@pahofinity.xyz Coronavirus (COVID-19) covid27_form.vbs d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c
monique@bonnienkim.us Business Contingency alert -COVID 19 COVID-19 Circular.jar eacc253fd7eb477afe56b8e76de0f873259d124ca63a9af1e444bfd575d9aaae
info@mohap.gov.ae Todays Update on COVID-19 Todays Update on COVID-19.exe 7fd2e950fab147ba39fff59bf4dcac9ad63bbcdfbd9aadc9f3bb6511e313fc9c
erecruit@who.int World Health Organization/ Let’s fight Corona Virus together COVID-19 WHO RECOMENDED V.exe d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5

Mitigation and reporting phishing attacks

The FBI urges companies and individuals that were targeted in a phishing attack to share a copy of the received emails, including copies of the attachments and the full email headers.

“Please do not open the attachment if you or your organization does not have the capability to examine the attachment in a controlled and safe manner,” the FBI warns.

“Additionally, if you or your company is a victim of a cyber intrusion related to email phishing, please retain any logs, image(s) of infected device(s), and memory capture of all affected equipment, if possible, to assist in the response by the FBI.”

The FBI also recommends the following mitigation measures to defend against phishing attacks:

• Be wary of unsolicited attachments, even from people you know. Cyber actorscan “spoof” the return address, making it look like the message came from a trusted associate.
• Keep software up to date. Install software patches so that attackers can’t take advantage of known problems or vulnerabilities.
• If an email or email attachment seems suspicious, don’t open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
• Save and scan any attachments before opening them.
• Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and disable it.
• Consider creating separate accounts on your computer. Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
• Apply additional security practices. You may be able to filter certain types of attachments through your email software or a firewall.

Re-Blogged From : Source

 

Posted on