New phishing campaign targets hospitals for Outlook credentials

This campaign is part of an ongoing trend of campaigns phishing for credentials of users from the healthcare sector, along with a trend of phishing for corporate Outlook credentials.

FP Staff September 17, 2014 14:13:17 IST
New phishing campaign targets hospitals for Outlook credentials

Websense ThreatSeeker Intelligence Cloudhas detected a phishing campaign that targets the healthcare sector -- especiallyhospitals -- phishing for Outlook credentials. This campaign is part of an ongoing trend of campaigns phishing for credentials of users from the healthcare sector, along with a trend of phishing for corporate Outlook credentials.

Gaining access to corporate Outlook credentials allows attackers to get a foothold in the victim's organisation. This footholdallows them to search for other high-value targets, and thensend internal, legitimate-seeming emails toextract additional information andgetaccess to strategic infrastructure or data. It also allows attackers to leverage good reputation the compromised accounts might have to attack its contacts at other organisations.

New phishing campaign targets hospitals for Outlook credentials

Reuters

Healthcare organisations, and hospitals in particular, have a wealth of patient records that are very valuable to cyber criminals,as discussed here.

Thephishing email seen below, with the title"Your Mailbox account closure."is sent tousers, enticing them to click on a link.

Reviewing the email path, it appears that a compromised account was used to send this campaign. This suggests that the actors behind the campaigntry to spread laterally from one infected organisation to another, taking advantage ofthe reputation of affected organisations. It is especially interesting since the compromised account is also a healthcare provider, which is likely to already have a good reputation in the victim's email protection systems. Thishelps tobypass any reputation-based defense.

If the user follows the link he is led towebauthlineoutlweb.url.phwhere theyare presented with a legitimate-looking Outlook login page, which is used to steal credentials.

"A high-level look on the top 5 threats hosted on subdomains of "URL.PH" suggests it is becoming more popular in the last few months. Looking into the threats served by websites with the "URL.PH" top-level domain (TLD),we can see a diverse set of threats including Zeus and Citadel, as well asother types," Websense said.

Updated Date:

also read

Doctors protest in Delhi over violence against healthcare professionals
India

Doctors protest in Delhi over violence against healthcare professionals

The IMA had said that doctors in Bihar and central Kerala will close their clinics in the morning to press for a Central law on violence against doctors

Rigid elder-care COVID protocol is prolonging older people's isolation, say family members
Lifestyle

Rigid elder-care COVID protocol is prolonging older people's isolation, say family members

Frustration has set in as families around the country visit their moms and, this Father’s Day weekend, their dads.

Healthcare bonds, reforms in banking licences: What govt can do to finance fight against COVID-19
India

Healthcare bonds, reforms in banking licences: What govt can do to finance fight against COVID-19

Governments will have to create new ways of generating revenues and think of reforms that can help spur this investment