A new sector alert published by the U.S. Department of Health and Human Services outlines new attacks in which social engineering is used to obtain credentials for online fraud.
The details of how these attacks happen shows how determined and sophisticated these threat actors are.
According to the latest HC3 Sector Alert, the U.S. Department of Health is making healthcare organizations aware of cybercriminals intent on gaining unauthorized access to user accounts for “employees in a financial role (specifically in revenue cycle or administrator roles)."
These attackers call IT help desks and are able to provide key personal details to validate identity “including the last four digits of the target employee’s social security number (SSN), corporate ID number, and other demographic details.”
This shows how details from one data breach can be used later in another by a completely separate threat group.
Once credentials are obtained, the threat actor targets payer websites where they make banking account detail changes so that payments are sent to attacker-controlled accounts.
The alert recommends strengthening multi-factor authentication (MFA), implementing conditional access, and even blocking external access of credentials if not within the corporate network.
I’ll add that IT helpdesk personnel should be enrolled in security awareness training so they are aware of such scams and treat each call involving credentials as a potential threat. Additionally, organizations should put in additional controls and/or processes specifically for those with access to financial data and applications when credentials are involved.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
