Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label INKY. Show all posts

Britain’s National Health Service Hit by Massive Phishing Campaign

 

The National Health Service (NHS) of the United Kingdom witnessed a large phishing campaign for months. The threat actors have been using official NHS accounts to send phishing emails to unsuspecting third parties, it became a massive campaign in March. 

However, the campaign could have been much larger, as INKY reported in their findings. It’s safe to say that the total iceberg was much bigger than the tip we saw, INKY added. 

“We have processes in place to continuously monitor and identify these risks. We address them in collaboration with our partners who support and deliver the national NHSmail service. NHS organizations running their own email systems will have similar processes and protections in place to identify and coordinate their responses, and call upon NHS Digital assistance if required." 

NHS released the statement after INKY shared its findings with the institution. Further, NHS and its investigation bench have released statements, in which it said that their team was able to discover that the group did not compromise the mail server but rather individually hijacked accounts. 

It is between October 2021 and March 2022, that INKY successfully detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees based in England and Scotland. Last year, this service was changed from an on-premise installation to Microsoft Exchange Online. This security change could have been a factor in the attack. 

After the finding, INKY had reported it to the NHS on April 13, and by April 14, the institution witnessed a sharp decline in the number of attacks, as the NHS took measures to curb them. However, INKY users were still receiving a few phishing emails from the NHS mail domain. 

Following the attack, INKY has shared information regarding phishing campaign tricks which makes things easier for the group to lure the target. The threat actors use brand logos and trademarks to impersonate well-known brands. 

Credential harvesting and hijacked accounts play a key role in malicious activities. The group has further suggested Email users always check a sender’s email address carefully before sending and opening attachments.