Hackers Go Phishing at Gilead With New Bait
Healthcare Sector Targets Face More Sophisticated Phishing Attempts
Healthcare is the hottest target for hackers right now. Cybercriminals are hungry for data about COVID-19 research and treatment to sell, and they’re trying every trick in the book to get it – along with some new ones. The latest target of several strong attacks is Gilead, the maker of Remdesivir, a drug eyed as a potential treatment for COVID-19.
Phishing attacks are becoming increasingly more sophisticated. Gilead was recently targeted with two interesting new types of phishing attacks that use unexpected ways to land a blow.
- One method involved setting up a highly believable fake email login screen that aimed to get users to give up their login credentials.
- Another trap focused on tricking executives into providing information in response to spurious press inquiries in order to compromise email accounts.
These attacks are great examples of why phishing is still (and probably always will be) a constant and pernicious threat to every company’s data and systems. They also illustrate the value of regular training using updated materials to keep users in the loop about potential angles of attack. Especially when you’re trying to secure a remote workforce, phishing training must be a major factor in your planning.
Learn more about spotting and stopping phishing attacks with our free eBook “One Phish, Two Phish”.
Laser-focused Targeting Works
Both the Dark Web and social media can give cybercriminals detailed information that serves as ammunition to boost the believability of spear phishing attacks. Monitoring the Dark Web for company and employee identifying information with a smart solution like Dark Web ID lets you know what’s out there and helps you prepare for attacks using that information.
Attachments Are Just the Beginning
Phishing involves more than just infectious email attachments these days. Users need to be prepared for phishing attacks in the form of a dangerous link or a poisoned map – even in email that looks like it comes from inside the company or a trusted partner. Bullphish ID has added several kits that train workers to be alert to COVID-19 centered attacks and new threats.
Double Up on Data Security
You need to have a layer of security in place that protects your points of entry if cybercriminals do get their hands-on employee credentials. Require multifactor authentication for every user with a remote-ready solution like Passly to dis-empower compromised credentials.