“As if the Department of Health and Human Services didn’t have enough to deal with during the coronavirus pandemic, hackers were trying to redirect people from a department website to a malicious domain designed to steal their data.”
“By sending phishing messages that routed recipients from a Health and Human Services website to a malicious one, scammers tried compromising people with malware known for capturing credit card data and email credentials. The activity coincided with a surge in attention toward the department, as Americans seek guidance amid the COVID-19 outbreak.”
“The malicious ‘redirect,’ as the trick is called, appears to no longer work after a group of volunteer cybersecurity experts worked with HHS to address it. It is unclear how many devices, if any, were compromised as a result of the activity. It was only the latest effort by digital miscreants to capitalize on international concerns about the pandemic…”
“The malware, dubbed Raccoon, has been popular on the criminal underground and last year infected devices across Asia, Europe, and North America, according to security firm Cybereason…”
“The response to the vulnerability highlighted the work of a fledging group of cybersecurity professionals who are volunteering their time to protect health care organizations during the COVID-19 crisis. The researchers, employed by well-known cybersecurity companies, are sending threat data to vulnerable organizations amid a swell in COVID-19 related phishing against multiple sectors.” Read the full article here.
Source: Security pros help HHS fix a website flaw that exposed visitors to malware – By Sean Lyngaas, March 24, 2020. CyberScoop.