The U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) is warning of a new Coronavirus themed phishing campaign that is attempting to capitalize on concerns about the Coronavirus. According to HC2, the phishing emails contain links to malware that is frequently used to target healthcare organizations and their IT systems.
Phishing campaigns typically attempt to exploit human greed, fear, and curiosity using malicious e-mails deliberately crafted to entice the recipient to click a link or open an attachment in the e-mail which, while appearing helpful, compelling, or interesting, actually contains malicious code. Victims who interact with malicious links or attachments may expose their systems, networks, and valuable information. These exposures allow an attacker to use infected systems as a platform to launch additional attacks.
Researchers are reporting that these Coronavirus themed phishing emails contain links and downloads for the Emotet malware. At least one campaign has been identified as attempting to impersonate the Centers for Disease Control and target Americans and other English-speaking victims.
Recommended actions include:
- User awareness and training to help identify and avoid phishing scams
- Operationalization of Indicators of Compromise
- Automatic banners for any e-mails that originate outside the organization
- Use of blacklisting of malicious sites and whitelisting for known trusted sites
- Integrate anti-spoofing technologies Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC)
- Update operating systems and applications with the latest security updates, including 3rd party software
- Implement and update endpoint security systems
Now is a good time to speak with employees about the risk of phishing campaigns and the need for caution when responding to messages sent by third parties, clicking on links or downloading attachments from unsolicited messages.