In September 2020, the largest cyberattack in U.S history happened to Universal Health Services (UHS). The health system’s 400 U.S. locations with over 3.5 million patients a year suffered a ransomware attack that led to network shutdowns and cost the system $67 million. At the recent AFCEA TechNet Augusta event, Paul Wang, Threat Analyst at Proofpoint, commented that the UHS attack emphasizes the need for agencies to “think about what stage they are catching the infections at” and how they “should look further up the chain and try to stop” the potential for malware attacks to happen in the first place.
For Wang there are two predominant threat vectors for this type of cyberattack – URLs and attachments in email. For example, URL-based attacks often launch phishing pages in order to gain the user’s credentials. Macro viruses are often the leading threat for attachment-based attacks. Malicious macro attacks use the same name and replace the regular commands in a document. These attacks start automatically when a document is opened or closed.
When it comes to credential phishing, email account compromise (EAC) and business email compromise (BEC) are major targets. Wang shared how attackers are credential phishing through Amazon accounts. Beyond the goal of credit card information, attackers were “changing the bank deposit information on a lot of the third-party sellers on Amazon. By doing so, they were able to break into somebody else’s money related to their Amazon accounts.” EAC and BEC attacks rely on the “likelihood that a recipient will open a malicious attachment or click on a link,” said Wang.
As these types of attack continue to increase and evolve, it’s vital that agencies review their defenses against phishing, macro viruses, and other types of malware. While educating end users goes a long way in preventing these types of email-based attacks, other strategies are still needed to help protect vital information and national security.
To learn more about email security, click here.