A warning was released to the healthcare and public health (HPH) community regarding a Monkeypox phishing campaign attacking U.S. healthcare providers that tries to steal Office 365, Outlook, and other email account credentials.
Monkeypox is a very contagious viral disease brought on by a virus belonging to the same family as smallpox. Based on the Centers for Disease Control and Prevention (CDC), there were more or less 66,000 cases identified internationally in the recent outbreak and over 25,100 cases in America. Florida, California, New York, Georgia and Texas are the most seriously affected states, with the cases mainly restricted to the LBGTQ+ community.
Malicious actors usually piggyback on big news stories and utilize these subjects to carry out convincing phishing campaigns. Campaigns utilizing monkeypox lures were consequently unavoidable, and they are most likely to carry on and increase in accordance with the increasing numbers of cases. Monkeypox and COVID-19-associated phishing campaigns have a substantial success rate since there is a big interest in the outbreak and issues of infections.
The Health Sector Cybersecurity Coordination Center (HC3) states that these emails may be sent via the email account of an HPH-associated entity that has formerly been compromised, or from a non-HPH-connected entity. Whenever a phishing email is dispatched from a respected email account, there is a greater possibility of opening the email.
The email messages promise to offer vital facts concerning the present monkeypox outbreak in the U.S. and have the subject line, “Data from (Victim Organization Abbreviation): “Important read concerning -Monkey Pox- (Victim Company) (Reference Number).” The body of the message consists of the words, “Please see the attached important read about “Monkey Pox” for your guide. It is a good read; thought I’d let you know. Be safe.”
The emails named a PDF file attachment, “MPV Update_070722F.pdf” even though some other names can also be utilized. The attached file has a malicious URL that takes the recipient to a Lark Docs website, which possesses an Adobe Cloud theme and provides a secure Xerox Scanner fax document to download. When the user makes an attempt to download the file they will be taken to another webpage, where the user is advised to input their valid email credentials so as to view the file. In case those credentials are typed in, they will be collected and used by the threat actor to remotely get access to the user’s email.
Besides increasing knowledge of the monkeypox phishing campaign, medical organizations must be providing regular security awareness training to the employees about security guidelines, for example, the significance of setting long, complicated passwords for all email accounts, not clicking URLs or opening attachments in unknown email messages, and to just download files from trustworthy publishers. Security awareness training ought to cover the phishing and social engineering methods often used by threat actors, and it is advised to additionally perform phishing simulations on the staff. Phishing simulations were confirmed to considerably decrease susceptibility to phishing campaigns.
A number of workers will still click hyperlinks and open attachments despite having training, therefore it is crucial to make sure that technical procedures are executed to safeguard against phishing, like spam filters to stop phishing emails, multifactor authentication for email accounts to avoid unauthorized access to accounts employing stolen information, and web filters to prevent malicious sites.