Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

Hackers Go Phishing at Gilead With New Bait

May 15, 2020
a lab flask filled with orange liquid has a burglar face in it on a blue background representing hackers trying to steal data from drugmaker Gilead

Healthcare Sector Targets Face More Sophisticated Phishing Attempts

Healthcare is the hottest target for hackers right now.  Cybercriminals are hungry for data about COVID-19 research and treatment to sell, and they’re trying every trick in the book to get it – along with some new ones. The latest target of several strong attacks is Gilead, the maker of Remdesivir, a drug eyed as a potential treatment for COVID-19.  

Phishing attacks are becoming increasingly more sophisticated. Gilead was recently targeted with two interesting new types of phishing attacks that use unexpected ways to land a blow.  

  • One method involved setting up a highly believable fake email login screen that aimed to get users to give up their login credentials.  
  • Another trap focused on tricking executives into providing information in response to spurious press inquiries in order to compromise email accounts. 

These attacks are great examples of why phishing is still (and probably always will be) a constant and pernicious threat to every company’s data and systems. They also illustrate the value of regular training using updated materials to keep users in the loop about potential angles of attack. Especially when you’re trying to secure a remote workforce, phishing training must be a major factor in your planning.

Learn more about spotting and stopping phishing attacks with our free eBook “One Phish, Two Phish”.

Laser-focused Targeting Works 

Both the Dark Web and social media can give cybercriminals detailed information that serves as ammunition to boost the believability of spear phishing attacks. Monitoring the Dark Web for company and employee identifying information with a smart solution like Dark Web ID lets you know what’s out there and helps you prepare for attacks using that information.

Attachments Are Just the Beginning 

Phishing involves more than just infectious email attachments these days. Users need to be prepared for phishing attacks in the form of a dangerous link or a poisoned map – even in email that looks like it comes from inside the company or a trusted partner. Bullphish ID has added several kits that train workers to be alert to COVID-19 centered attacks and new threats.

Double Up on Data Security 

You need to have a layer of security in place that protects your points of entry if cybercriminals do get their hands-on employee credentials. Require multifactor authentication for every user with a remote-ready solution like Passly to dis-empower compromised credentials.  

 Our team can give you expert advice on affordable, high-quality digital risk protection that makes digital dangers like phishing attacks less likely to land on your company.