Due to the latest data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) gave an alert regarding the risk of phishing attacks utilizing this email marketing service.
The breach became known when Trezor, a cryptocurrency hardware wallet provider, explored a phishing campaign directed at its users that utilized the email addresses subscribed to Trezor accounts, which found a security breach at Mailchimp.
Mailchimp’s inquiry established that threat actors had successfully breached internal accounts of its consumer support and account administration teams, and even though those accounts were already secured, the attackers had acquired access to the 300 Mailchimp users’ accounts and had taken audience files from 102 of the accounts. The attackers additionally acquired API keys that permitted them to set up email campaigns to be employed in phishing attacks without the need to access user sites.
Because accounts employed by Mailchimp consumers for mailing advertising campaigns like newsletters could be whitelisted by subscribers, any phishing campaigns done utilizing the compromised accounts may discover the emails mailed to inboxes. HC3 says it is merely aware of one phishing campaign being executed employing a breached account, which targeted consumers in the cryptocurrency and financial markets, nevertheless there is a possibility that campaigns can likewise be carried out targeting customers in the medical care and public health (HPH) segment.
HC3 has advised institutions in the HPH market to take action to reduce the risk. HC3 states the best protection is user awareness training given that phishing emails will be mailed from a legit and respected sender. Staff members ought to be informed about the threat and be advised to be careful of any emails mailed from Mailchimp. Though phishing emails may be sent, malware can additionally be sent. Antivirus software must be integrated, network intrusion prevention systems are valuable, and HC3 additionally recommends utilizing web filters to control access to online content that isn’t needed for business operations.
Anti-spoofing and other email authentication processes are furthermore advised. These involve conducting validity checks of the sender domain employing SPK, verifying the credibility of messages utilizing DKIM, and looking to be sure the sender is approved to employ the domain employing DMARC.