Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
Earlier this week, the government agency sent out a flash bulletin that the criminals “leveraged” email subject lines and content with an intent to distribute malicious attachments.
On March 18, "network perimeter cyber security tools" at U.S.-based medical providers identified email phishing attempts from domestic and international IP addresses, the FBI said. There were a number of different malicious attachments, including several types of Microsoft files, Java and ZIP files, the FBI added.
The FBI said it is providing “indicators of compromise" in order to assist "network defenders" in protecting their IT environments, listing the indicators in their alert.
Some of the phishing email subject lines listed with the indicators include “PURCHASE ORDER PVT” and “Returned mail: see transcript for details,” and “Business Contingency alert - COVID 19,” the FBI said.
Hackers see health care providers as high-value targets, say experts.
“Attackers have consistently had success targeting health care providers in recent years,” Chris Rothe, co-founder and chief product officer at Red Canary, told Fox News.
“They have highly valuable data in the form of PHI [protected health information] and a lot of mission critical IT infrastructure," Rothe added. "Couple that with the fact that many have relatively weak information security programs and they are a prime target for attackers.”
“Health care is the perennial number one target for hackers,” Colin Bastable, CEO of security awareness training firm Lucy Security, told Fox News.
Hospitals are particularly vulnerable targets during the coronavirus pandemic, Bastable warned. “The current pandemic and dislocation of workers ensures that the sector will remain under heightened attack. Hospitals have lost revenue streams because no elective surgery is taking place but health care workers are stretched to the limit as a result of the virus.”
The FBI is recommending the following actions:
- Be wary of unsolicited attachments, even from people you know. Cyber actors can "spoof" the return address, making it look like the message came from a trusted associate.
- If an email or email attachment seems suspicious, don't open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
- Save and scan any attachments before opening them.
- Turn off the option to automatically download attachments.
The FBI also requested that companies that are targeted to provide the agency with a copy of the email with the full email header and a copy of any attachments.
The agency warned organizations to "not open the attachment if you or your organization does not have the capability to examine the attachment in a controlled and safe manner.”
To report information concerning suspicious or criminal activity contact your local FBI field office.
As of Friday morning, more than 2.72 million coronavirus cases have been diagnosed worldwide, more than 869,000 of which are in the U.S., the most impacted country on the planet.