The FBI today released a FLASH alert to U.S. healthcare providers regarding phishing attacks against healthcare. The FBI was notified of targeted email phishing attempts against U.S.-based medical providers. These attempts have leveraged email subject line and content related to COVID-19 to distribute malicious attachments, exploiting Microsoft Word document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft executables. The FBI has provided indicators of compromise related to these phishing attempts to assist network defenders in protecting their environments.
The FBI has requested that any company targeted by a phishing campaign, provide the FBI with the email with the full email header and a copy of any attachments. Unless you have the capability to examine the attachment in a controlled and safe manner, you should not attempt to open the attachment. Additionally, they ask that if you or your company is a victim of a cyber intrusion related to email phishing, please retain any logs, image(s) of infected devices, and memory capture of all affected equipment, to assist the FBI in their response.
- Be wary of unsolicited attachments, even from people you know. Cyber actors can “spoof” the return address, making it look like the message came from a trusted associate.
- Keep software up to date. Install software patches so that attackers can’t take advantage of known problems or vulnerabilities.
- If an email or email attachment seems suspicious, don’t open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses and the antivirus software might not have the signature.
- Save and scan any attachments before opening them.
- Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option and disable it.
- Consider creating separate accounts on your computer. Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
- Apply additional security practices. You may be able to filter certain types of attachments through your email software or a firewall.
Please contact us if you have any questions or need assistance with next steps.