FBI Gives Flash Advisory Regarding COVID-19 Phishing Attacks Targeting Healthcare Organizations

FBI has released another notice subsequent to a rise in COVID-19 phishing scams aimed towards healthcare organizations. In the notification, the FBI points out that on March 18, 2020 network perimeter cybersecurity applications employed by US-based healthcare companies began uncovering COVID-19 phishing campaigns from local and international IP addresses and those activities are continuous.

These activities employ malicious Microsoft Word docs, 7-zip compressed files, JavaScript, Visual Basic Scripts, and Microsoft Executables to get a footing in healthcare systems. Whilst the entire features of the malicious code are unknown, the FBI advises that the goal is to acquire a footing in the network to permit follow-on exploitation and exfiltration of information.

In the advisory, the FBI offers hints of compromise for the persistent phishing campaigns to enable network defenders to do something to block the threats and secure their zones against attack.

Aside from taking action to lessen the risk, the FBI has inquired of healthcare companies that have experienced COVID-19 phishing attacks to present copies of the email messages they obtained, which include file attachments and email headers. In case any attack succeeds, the FBI has asked victims to save and share records and photos of infected gadgets, and make a memory capture of all impacted devices. That data could be employed in the reply by the FBI.

The FBI alerts all users to be careful about email messages made up of unrequested attachments, irrespective of where the email originated from. Hackers may spoof email messages to make them appear like they came from a familiar, trustworthy person. In the event that an email attachment appears dubious, don’t open it even when the antivirus application says the attachment is not infected and doesn’t have malware. The antivirus program may only spot recognized malware while new malicious code is continually being introduced. The FBI, in addition, do not allow the instant downloading of email attachments.

Patches must be employed immediately and all software applications must be upgraded to the newest version. Extra security practices need to be implemented, including filtering some forms of attachments via email security applications and firewalls.

It is likewise suggested to set up a number of accounts on computer systems and prohibit the usage of admin accounts. The FBI alerts that certain viruses necessitate administrator privileges to contaminate computers, therefore emails need only be read on an account having minimal privileges to decrease risk.