Father
Professional
- Messages
- 2,602
- Reaction score
- 831
- Points
- 113
HHS teaches health care support services not to be too trusting.
The U.S. Department of Health and Human Services (HHS) is warning health care providers and insurance companies about a new threat. According to the Health Sector Cybersecurity Coordination Center (HC3), attackers are increasingly hacking into internal systems through support services using social engineering techniques.
Hackers call companies, pose as employees of the finance department, and report stolen personal data, such as corporate IDs and social security numbers. Referring to the breakdown of their gadgets, they convince IT professionals to connect multi-factor authentication (MFA) to new devices under their control.
This way, you can access any corporate resources. This method allows you to intercept legitimate payment transactions as part of attacks on corporate email.
"The attackers purposefully stole credentials to access the websites of insurance companies. Using this data, they applied for changing their banking details in the electronic bank transfer (ACH) system," HC3 notes .
"By accessing employees' corporate email, they sent instructions to payment providers and thus redirected all money transfers to their accounts abroad."
In one case, after a successful hack, hackers created a fake account ostensibly on behalf of the company's CFO, so as not to arouse suspicion and avoid detection.
Sometimes voice cloning technologies based on artificial intelligence are also used. According to a recent study, this type of fraud was experienced by a quarter of respondents or their friends.
The tactics described in the HHS alert are very similar to those used by the hacker group Scattered Spider (also known as UNC3944 and 0ktapus). Gang members often disguise themselves as IT specialists, tricking them into obtaining credentials or access to internal networks.
Last fall, Scattered Spider encrypted MGM Resorts ' systems with BlackCat/ALPHV ransomware. The group is also known for the large-scale 0ktapus campaign, in which more than 130 organizations were hacked, including Microsoft, Binance, CoinBase, leading telecom operators and other large corporations.
After a series of major incidents, the FBI and CISA have already issued a warning about this group, where they described all the methods and tricks.
However, HC3 notes that recent attacks on the healthcare sector have not yet been attributed to any specific threat. To protect yourself from attacks, organizations are advised to:
The U.S. Department of Health and Human Services (HHS) is warning health care providers and insurance companies about a new threat. According to the Health Sector Cybersecurity Coordination Center (HC3), attackers are increasingly hacking into internal systems through support services using social engineering techniques.
Hackers call companies, pose as employees of the finance department, and report stolen personal data, such as corporate IDs and social security numbers. Referring to the breakdown of their gadgets, they convince IT professionals to connect multi-factor authentication (MFA) to new devices under their control.
This way, you can access any corporate resources. This method allows you to intercept legitimate payment transactions as part of attacks on corporate email.
"The attackers purposefully stole credentials to access the websites of insurance companies. Using this data, they applied for changing their banking details in the electronic bank transfer (ACH) system," HC3 notes .
"By accessing employees' corporate email, they sent instructions to payment providers and thus redirected all money transfers to their accounts abroad."
In one case, after a successful hack, hackers created a fake account ostensibly on behalf of the company's CFO, so as not to arouse suspicion and avoid detection.
Sometimes voice cloning technologies based on artificial intelligence are also used. According to a recent study, this type of fraud was experienced by a quarter of respondents or their friends.
The tactics described in the HHS alert are very similar to those used by the hacker group Scattered Spider (also known as UNC3944 and 0ktapus). Gang members often disguise themselves as IT specialists, tricking them into obtaining credentials or access to internal networks.
Last fall, Scattered Spider encrypted MGM Resorts ' systems with BlackCat/ALPHV ransomware. The group is also known for the large-scale 0ktapus campaign, in which more than 130 organizations were hacked, including Microsoft, Binance, CoinBase, leading telecom operators and other large corporations.
After a series of major incidents, the FBI and CISA have already issued a warning about this group, where they described all the methods and tricks.
However, HC3 notes that recent attacks on the healthcare sector have not yet been attributed to any specific threat. To protect yourself from attacks, organizations are advised to:
- Conduct callbacks to verify the identity of employees who ask you to reset your password or register a new device in the MFA system.
- Carefully monitor changes to your bank details.
- Audit users who have access to payment systems.
- Give preference to face-to-face meetings when dealing with particularly important issues.
- Train support staff to recognize and report hacking attempts through social engineering.
