The FBI has given a new alert after a surge in COVID-19 phishing scams directed at healthcare companies. In the advisory, the FBI clarifies that on March 18, 2020 network perimeter cybersecurity programs utilized by US-based healthcare organizations started discovering COVID-19 phishing campaigns from domestic and global IP addresses and those phishing campaigns are ongoing.
These campaigns utilize malicious Microsoft Word files, 7-zip compressed files, Visual Basic Scripts, JavaScript, and Microsoft Executables to obtain a foothold in healthcare networks. Although the complete abilities of the malicious code are not understood, the FBI recommends that the objective is to get a foothold in the network to enable follow-on exploitation and exfiltration of data.
In the warning, the FBI gives signs of compromise for the continuing phishing campaigns to permit network defenders to take action to prohibit the threats and safeguard their areas against attack.
Besides taking steps to minimize risk, the FBI has asked healthcare organizations that have encountered COVID-19 phishing attacks to show copies of the phishing emails they got, including email attachments and full email headers. When any attack pushes through, the FBI has inquired victims to keep and share logs and pictures of infected devices and do a memory capture of all affected machines. That information may be utilized in FBI’s response.
The FBI advises all users to be cautious about emails that contain unsolicited file attachments, no matter where the email came from. Threat actors could spoof messages to make them seem like they were sent by a known, dependable individual. In case an email file attachment looks shady, do not open it even though the antivirus program indicates the attachment is safe and does not contain malware. Antivirus application could only identify noted malware as new malicious code is typically being launched. The FBI furthermore do not recommend the automatic downloading of file attachments.
Patches ought to be utilized quickly and all software programs ought to be kept up to date to the most recent version. More security practices must be followed, like filtering particular kinds of attachments by means of email security software programs and firewalls.
It is additionally advised to make several accounts on computers and limit the use of admin accounts. The FBI gives a precaution that a number of viruses need administrator privileges to compromise computers, and so emails must only be read using an account with limited privileges to minimize risk.