The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.
The sector alert issued by the Health Sector Cybersecurity Coordination Center (HC3) this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication (MFA) devices.
In these attacks, the threat actors use a local area code to call organizations pretending to be employees in the financial department and provide stolen ID verification details, including corporate ID and social security numbers.
Using this sensitive information and claiming their smartphone is broken, they convince the IT helpdesk to enroll a new device in MFA under the attacker's control.
This gives them access to corporate resources and allows them to redirect bank transactions in
business email compromise attacks.
"The threat actor specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts," HC3 says [
PDF].
"Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts."
"The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO)."
In such incidents, attackers may also use AI voice cloning tools to deceive targets, making it harder to verify identities remotely. This is now a very popular tactic, with 25% of people having experienced an AI voice impersonation scam or knowing someone who has, according to a recent
global study.
