Livanta Security Alert

Jun 7, 2021 | Providers

Livanta Security Alert

June 4, 2021

Dear Colleague,

Over the past several weeks, the Livanta Security Operations Center has noticed several e-mail phishing attacks originating from healthcare provider organizations. To address this disturbing trend and provide a safer online experience for everyone, Livanta’s Security Team has prepared this Security Alert, which is being shared widely.

Phishing attacks are dangerous because cybercriminals prey on the trust of individuals and use social engineering tactics to obtain private information. Phishing attacks are easy for cybercriminals to launch and are highly effective – which is why cybercriminals use them so frequently.

Please use these guidelines as a starting point and check with your organization’s Information Technology (IT) department or security personnel should you have questions about how best to prevent phishing attacks. Also, please forward this Security Alert to others who may benefit from the information.

Best regards,

The Livanta Security Team

To learn more about phishing, visit the Federal Trade Commission (FTC) website at:

 

To test your skills with free online training about phishing, go to:

Cybercriminals Want What You Have!

Cybercriminals are always looking for sensitive information, such as usernames, passwords, Personally Identifiable Information (PII), Protected Health Information (PHI), or other private information such as network system specifications or e-mail contact lists. Cybercriminals use this information to gain unauthorized access, steal identities, compromise other network systems, and spread their phishing campaigns to others. In some cases, this can lead to entire systems or networks being compromised or ransomware being launched. These types of cyber threats are extremely costly for any organization.

Social Engineering Can Be Very Damaging.

There are multiple types of digital social engineering attacks (e.g., phishing, whaling, vishing, and smishing). These attacks have different names based on specific adaptations, who the attack targets, and how the attack is transmitted. All of these social engineering attacks target the human nature of trust. When an e-mail appears to be from a trusted colleague or business partner, most people simply click on the e-mail, read it, and click on any links or attachments it may have. Cybercriminals leverage this trust to custom tailor e-mails that lure and deceive targeted e-mail recipients. Many of these e-mails appear to come from executive members or other management staff but are actually from cybercriminals.

Once They Have Your Information …

Social engineering attackers use strategies similar to bait and trap techniques. Once cybercriminals compromise your e-mail account, they use your account to send out more phishing e-mails to your contacts. Thus, the phishing campaign grows exponentially. As the bait, these e-mails can contain something as simple as a weblink to a legitimate-looking document, file share, or web e-mail portal. You think you are at a legitimate website when you are actually at a fake or cloned site. Cybercriminals then trap you when they obtain your real username and password that you enter on their fake website. Unbeknownst to you, they later use your real credentials to log into your e-mail account and blast out more baited phishing e-mails to all your contacts from your e-mail address.

Defending Yourself Against Social Engineering

Defense against social engineering attacks requires discipline and a change in how people behave in the digital realm. People must be more suspicious of the true identity and actions of others online. For example, you should treat e-mailed attachments that appear to come from a friend with more suspicion than documents that a friend physically gives you. The old saying “look before you leap” is appropriate. When receiving any e-mail, ask, analyze, verify, and defend.

Ask

  • Do you know this sender? Were you expecting what he or she sent to you?
  • Is what he or she sent you out of the ordinary? Did the sender attach documents or invoices that require you to log in to an unknown website or system?

 

Analyze

  • The sender’s name might be someone you recognize, but is the e-mail actually coming from their legitimate e-mail address?
  • Is the e-mail address the one that you normally use?
  • Is the person’s standard e-mail signature missing or different than normal?
  • Is the e-mail tagged with “External” – when it looks like it should be an internal email?

 

Verify

  • If you are unsure whether you should trust an e-mail, contact the person separately and ask if the suspicious e-mail was legitimate. The sender’s email account may have been compromised without their knowledge or awareness of it.

 

Defend

  • Scrutinize emails and avoid hasty replies. Do not act on or reply to emails until ensuring that they are legitimate.
  • Use multifactor authentication, if available, for accessing websites that require credentials to log in. With multifactor authentication, if your account password is compromised, you will know when someone tries to log into your account.
  • Report phishing e-mails to your IT or security staff so they can help with needed safeguards.
  • If you believe that your e-mail account is compromised, notify your IT or security point of contact, and change your password immediately.