Learn about two significant cyber threats against healthcare to stop criminals from stealing your data. The HHS Health Sector Cybersecurity Coordination Center (HC3) recently released two sector alerts, each highlighting a different tactic criminals use to hack into your system.
Email bombing and credential harvesting are not new, but cybercriminals use them repeatedly because they work. HC3 has some advice about how to fight back.
Email Bombing
Email bombing, also known as mail bomb or letter bomb attacks, occurs when a botnet (a single actor or group of actors) floods an email address or server with hundreds to thousands of emails. They are a Denial of Service (DoS) attack that allows attackers to bury legitimate transactions and security messages in an unsuspecting inbox by rendering the victim’s mailbox useless. By overloading a victim’s inbox, attackers hope that a victim will miss important emails like account sign-in attempts, updates to contact information, financial transaction details, or online order confirmations.
Defend Against Email Bomb Attacks
HC3 recommends security policies that address both user behavior and technical processes.
Spot the Beginning of an Attack
- Email bombs can have the following characteristics that users can look for:
- Lack of Coherence: The content refers to websites or products of which you are not a subscriber or a client.
- Duplicates of the same email with minor changes.
- Unknown Email Senders: Attackers frequently employ tactics to conceal their identity, using unfamiliar or spoofed sender e-mail addresses.
Raise Awareness
Many people have never heard of email bomb attacks, so begin with employee training to raise awareness. Staff should also avoid using work email addresses to subscribe to non-work related services. Finally, staff should limit their online exposure to direct email addresses by using contact firms that do not expose email addresses.
Confirmed Opt-In
A confirmed opt-in process sends an email with a unique link to new signups. Once they have clicked the link, you can verify that they are a real user who owns the address they have signed up with, and at that point, you can begin sending them a welcome email. Email bombers will be unable to verify the address and will be prevented from causing damage.
Implement a reCAPTCHA
reCAPTCHA uses technology to determine if a human is using your platform. It requires entering a series of numbers or checking a specific box to prove that the person signing up is real. Email bombing bots are generally unable to bypass a reCAPTCHA, which prevents them from signing up.
Credential Harvesting
Credential harvesting, also known as credential stealing or credential phishing, is a technique that cybercriminals use to obtain login credentials like usernames, passwords, and personal information. These credentials operate as the gateway to an individual’s digital identity and can grant access to various types of information, such as online accounts and health data. The methods employed for credential harvesting are diverse, ranging from sophisticated phishing emails to fake websites and social engineering tactics.
Defend Against Credential Harvesting
- Employee Training and Awareness: Educate staff about phishing threats and best practices for identifying suspicious emails and websites.
- Multi-Factor Authentication (MFA): MFA adds a layer of security by requiring users to provide multiple forms of authentication, reducing the effectiveness of cyberattacks.
- Email Filtering and Spam Detection: Deploying email filtering solutions can help identify and block phishing emails before they reach end-users.
- Monitoring and Detection: Implement robust monitoring tools to detect suspicious login attempts, unusual user behavior, or unauthorized access.
- Endpoint Security Solutions: Use endpoint security solutions to help detect and prevent malware-based credential harvesting techniques like keylogging.
- Patch Management: Keep software and systems up-to-date with the latest security patches and updates to address known vulnerabilities that attackers may exploit to harvest credentials.
- Incident Response Planning: Develop comprehensive incident response plans to enable prompt and effective strategies to minimize the impact on operations and patients.
The HIPAA Security Rule is a Blueprint to Stop Cybercrime
The Security Rule Checklist in The HIPAA E-Tool® provides all the guidance you need to comply with the HIPAA Security Rule, the gold standard for cybersecurity defense. As part of a more comprehensive HIPAA Risk Analysis, the checklist reminds you of each mitigation step needed to stay ahead of the hackers and keep patient information safe.