Analysis
Attacks and Vulnerabilities
Medical
News

HC3 warns of Monkeypox-themed phishing campaign targeting healthcare providers

September 21, 2022
HC3 warns of Monkeypox-themed phishing campaign targeting healthcare providers

The U.S. Department of Health & Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has warned of a Monkeypox-themed ‘malspam’ campaign currently targeting healthcare providers. 

“The campaign has a subject of ‘Data from (Victim Organization Abbreviation): ‘Important read about -Monkey Pox– (Victim Organization) (Reference Number)’ and utilizes an ‘Important read about MonkeyPox’ theme,” the HC3 said in its Monday advisory. “Inside of the email is a PDF with a malicious link which lures the recipient to a Lark Docs site. The site is Adobe Doc cloud-themed and offers a secure fax MonkeyPox PDF download.” 

The advisory added that clicking on the PDF download attempts to harvest Outlook, O365, or Other Mail credentials. “This campaign may have leveraged business email compromises (BECs) of HPH-related and possibly non-HPH entities,” it added. 

The Healthcare and Public Health (HPH) sector is one of the 16 critical infrastructure sectors with a mission to protect essential healthcare and public health assets and services from existential threats. As most of the sector’s assets are privately owned and operated, collaboration and information-sharing between the public and private sectors are essential to increasing the resilience of the nation’s critical HPH infrastructure. While healthcare tends to be delivered and managed locally, the public health component of the sector, focused primarily on population health, is managed across all levels of government: national, state, regional, local, tribal, and territorial.

The HC3 advises the HPH sector to protect each account with complex, unique passwords and use a passphrase and/or a complex combination of letters, numbers, and symbols. It also, in general, recommends avoiding opening unsolicited emails from unknown senders. 

Furthermore, organizations must not open links or attachments in an email unless they are confident it comes from a legitimate source. Apart from that, the HPH sector must not download or install programs if they do not have complete trust in the publisher. Also, HPH organizations must not visit unsafe websites and not click on pop-up windows that promise free programs that perform useful tasks. 

In June, Cyware researchers identified cybercriminals using monkeypox outbreaks to fool victims into disclosing their personal information. Additionally, cybercriminals have been observed sending phishing emails to employees in South Africa, pretending to be instructions from their company to all its employees. 

The researchers identified that the email claims that their organization has been monitoring the spread of the disease in the local area and the updates provided by the local health officials, the Centers for Disease Control and Prevention (CDC), and the World Health Organization (WHO). It also urges the employees to take mandatory safety awareness training about monkeypox via the link given in the email.

Last month, the HC3 noted at least four attacks by the Karakurt ransomware group affecting the nation’s healthcare and public health sector since June. It added that the observed attacks had affected an assisted living facility, a dental firm, a healthcare provider, and a hospital.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
Sygnia
Sygnia aligns with NVIDIA, revolutionizes OT security for energy and industrial sectors
Armexa adds John Cusimano as vice president to its leadership team
Armexa, ISA partner to offer standards-based OT cybersecurity training
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience