HQ/EMEAFind out how we can help your business
The US Department of Health and Human Services (HHS) has published a threat advisory, warning hospitals about hackers that employ clever tactics to target IT help desks within the healthcare sector.
According to the alert, the hackers are resorting to social engineering techniques to breach targeted systems. The hackers deceive victims and gain access by pretending to be employees from the financial department and providing stolen identification details like corporate IDs and social security numbers.
Social engineering tactics are the main weapon of these threat actors for targeting IT help desks.
According to investigations, the threat actors’ modus operandi involves using a local area code to make calls, claiming their smartphones are broken, and persuading the targeted IT help desks to enrol a new device in multi-factor authentication (MFA) under their control. Upon infiltration, they exploit it to redirect bank transactions and manipulate business emails for profit.
The advisory also disclosed that the attackers specifically target login credentials associated with payer websites, allowing them to execute unauthorised changes to payer accounts. In addition, they misuse compromised email accounts to issue instructions to payment processors, diverting payments to their bank accounts. The US security advisory also emphasised that most bank accounts are overseas.
To make matters worse, these hackers employ advanced tactics such as AI voice cloning tools to impersonate legitimate personnel, making it even more challenging for researchers and targets to detect their fraudulent activities.
The tactics outlined in the Health Department’s alert are similar to those employed by the notorious cybercrime group Scattered Spider. This group, also known as UNC3944 and 0ktapus, is infamous for employing phishing, MFA bombing, and SIM-swapping techniques to infiltrate networks.
Recently, this notorious cybercriminal group made headlines by encrypting the systems of MGM Resorts using the malicious RaaS, BlackCat/ALPHV ransomware. Their 0ktapus campaign targeted high-profile organisations, including Microsoft, Binance, T-Mobile, and Twitter.
The warning issued by the HHS is a timely heads-up for healthcare institutions to fortify their cybersecurity defences and improve their security measures. Lastly, the advisory is a report that should prompt every organisation to become vigilant against threats in the cybercriminal landscape.
