Share this article on:
The FBI has issued a fresh warning following an increase in COVID-19 phishing scams targeting healthcare providers. In the alert, the FBI explains that network perimeter cybersecurity tools used by US-based healthcare providers started detecting COVID-19 phishing campaigns from both domestic and international IP addresses on March 18, 2020 and those campaigns are continuing.
In the alert, the FBI provides indicators of compromise for the ongoing phishing campaigns to allow network defenders to take action to block the threats and protect their environments against attack.
Indicators of Compromise
|Email Sender||Email Subject||Attachment Filename||Hash|
|email@example.com||PURCHASE ORDER PVT||Doc35 Covid Business Form.doc||babc60d43781c5f7e415e2354cf32a6a24badc96b971a3617714e5dd2d4a14de|
|firstname.lastname@example.org||Returned mail: see transcript for details||Covid-19_UPDATE_PDF.7z||de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44|
|email@example.com||COVID-19 UPDATE !!||Covid-19_UPDATE_PDF.7z||de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44|
|firstname.lastname@example.org||Information about COVID-19 in the United States||covid50_form.vbs||d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c|
|email@example.com||Business Contingency alert -COVID 19||COVID-19 Circular.jar||eacc253fd7eb477afe56b8e76de0f873259d124ca63a9af1e444bfd575d9aaae|
|firstname.lastname@example.org||Todays Update on COVID-19||Todays Update on COVID-19.exe||7fd2e950fab147ba39fff59bf4dcac9ad63bbcdfbd9aadc9f3bb6511e313fc9c|
|email@example.com||World Health Organization/ Let‚Äôs fight Corona Virus together||COVID-19 WHO RECOMENDED V.exe||d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5|
In addition to taking steps to reduce risk, the FBI has requested healthcare providers who have been targeted in one of these COVID-19 phishing attacks to share copies of the emails they receive, including email attachments and full email headers. If any of the attacks are successful, the FBI has requested victims retain and share logs and images of infected devices, and perform memory capture of all affected equipment. That information can be used in the response by the FBI.
The FBI warns all users to be wary about emails containing unsolicited attachments, regardless of who sent the email. Threat actors can spoof messages to make them appear to have been sent by a known, trusted individual. If an email attachment seems suspicious, it should not be opened even if antivirus software suggests the attachment is clean and does not include malware. Antivirus software can only detect known malware and new malicious code is constantly being released. The FBI also advises against allowing the automatic downloading of attachments.
Patches should be applied promptly and all software should be updated to the latest version. Additional security practices should be adopted, such as filtering certain types of attachments through email security software and firewalls.
It is also recommended to create multiple accounts on computers and restrict the use of admin accounts. The FBI warns that some viruses require administrator privileges to infect computers, so emails should only be read on an account with restricted privileges to reduce risk.