There is a malicious phishing campaign discovered that targets healthcare companies. The emails sent employ an Evernote-themed bait to fool recipients into accessing a Trojan file that creates a log in prompt to steal information.
The Health Information Cybersecurity Coordination Center (HC3) just released an advisory concerning the campaign that has targeted a number of healthcare companies in the U.S. The malicious emails sent to targeted companies have a malicious URL that leads to an Evernote-themed webpage. The phishing emails are customized and the baits employed may differ; nonetheless, the emails noticed by HC3 include the subject “[Name of Organization] [Date] Business Review” and contain a Secure Message motif.
The URL provided in the email message takes the recipient to the Evernote website, where they are advised to save an HTML file – named message (3).html. The file contains JavaScript code that makes an Adobe or Microsoft-designed page to try to collect Outlook, AOL, IONOS, as well as other credentials.
After acquiring credentials via phishing campaigns like this, cyber threat actors will be able to access email accounts that can have substantial amounts of sensitive information, such as protected health information (PHI). Affected email accounts may be employed to perform phishing attacks internally and could allow threat actors to gain a foothold to perform more significant attacks on the company. A lot of ransomware attacks begin by sending phishing emails.
Ways to safeguard against phishing attacks include a mix of measures, such as email security tools for stopping phishing emails, web filters for hindering access to malicious sites that prompt malware download, antivirus software programs that recognize Trojans as well as other malicious code, and multifactor authentication to prevent unauthorized access to the email system. It is also crucial to give the workforce frequent security awareness training regarding phishing threats and teach employees to identify phishing emails.
Additional data on this phishing campaign, together with other suggested mitigations, are available in the HC3 security advisory.