FBI Issues Flash Alert About COVID-19 Phishing Scams Targeting Healthcare Providers

Share this article on:

The FBI has issued a fresh warning following an increase in COVID-19 phishing scams targeting healthcare providers. In the alert, the FBI explains that network perimeter cybersecurity tools used by US-based healthcare providers started detecting COVID-19 phishing campaigns from both domestic and international IP addresses on March 18, 2020 and those campaigns are continuing.

These campaigns use malicious Microsoft Word documents, Visual Basic Scripts, 7-zip compressed files, JavaScript, and Microsoft Executables to gain a foothold in healthcare networks. While the full capabilities of the malicious code are not known, the FBI suggests that the purpose is to gain a foothold in the network to allow follow-on exploitation, persistence, and data exfiltration.

In the alert, the FBI provides indicators of compromise for the ongoing phishing campaigns to allow network defenders to take action to block the threats and protect their environments against attack.

Indicators of Compromise

Email Sender Email Subject Attachment Filename Hash
srmanager@combytellc.com PURCHASE ORDER PVT Doc35 Covid Business Form.doc babc60d43781c5f7e415e2354cf32a6a24badc96b971a3617714e5dd2d4a14de
srmanager@combytellc.com Returned mail: see transcript for details Covid-19_UPDATE_PDF.7z de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44
srmanager@combytellc.com COVID-19 UPDATE !! Covid-19_UPDATE_PDF.7z de85ca5725308913782d63d00a22da480fcd4ea92d1bde7ac74558d5566c5f44
admin@pahostage.xyz Information about COVID-19 in the United States covid50_form.vbs d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c
help@pahofinity.xyz Coronavirus (COVID-19) covid27_form.vbs d231d81538b16728c2e31c3f9e0f3f2e700d122119599b052b9081c2c80ecd5c
monique@bonnienkim.us Business Contingency alert -COVID 19 COVID-19 Circular.jar eacc253fd7eb477afe56b8e76de0f873259d124ca63a9af1e444bfd575d9aaae
info@mohap.gov.ae Todays Update on COVID-19 Todays Update on COVID-19.exe 7fd2e950fab147ba39fff59bf4dcac9ad63bbcdfbd9aadc9f3bb6511e313fc9c
erecruit@who.int World Health Organization/ Let’s fight Corona Virus together COVID-19 WHO RECOMENDED V.exe d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5

 

In addition to taking steps to reduce risk, the FBI has requested healthcare providers who have been targeted in one of these COVID-19 phishing attacks to share copies of the emails they receive, including email attachments and full email headers. If any of the attacks are successful, the FBI has requested victims retain and share logs and images of infected devices, and perform memory capture of all affected equipment. That information can be used in the response by the FBI.

The FBI warns all users to be wary about emails containing unsolicited attachments, regardless of who sent the email. Threat actors can spoof messages to make them appear to have been sent by a known, trusted individual. If an email attachment seems suspicious, it should not be opened even if antivirus software suggests the attachment is clean and does not include malware. Antivirus software can only detect known malware and new malicious code is constantly being released. The FBI also advises against allowing the automatic downloading of attachments.

Patches should be applied promptly and all software should be updated to the latest version. Additional security practices should be adopted, such as filtering certain types of attachments through email security software and firewalls.

It is also recommended to create multiple accounts on computers and restrict the use of admin accounts. The FBI warns that some viruses require administrator privileges to infect computers, so emails should only be read on an account with restricted privileges to reduce risk.

Author: HIPAA Journal

Share This Post On