Threat Actors Use Evernote-Themed Phishing Scheme to Attack Healthcare Organizations

August 12, 2022 - The Health Sector Cybersecurity Coordination Center (HC3) warned the healthcare sector of a new phishing scheme that lures recipients to an Evernote site containing a downloadable Trojan file that steals credentials.

Threat actors are leveraging a secure messaging guise to convince users to click on a suspicious link. The campaign has an email subject line of “(Victim Organization) (Date) Business Review.”

The email says “you have received a secure message” and proceeds to direct recipients to click the email attachment, download it, and enter a password. The email also contains a malicious link leading to a victim organization-themed Evernote site.

“On the site is an HTML download which has been identified as a malicious phishing Trojan. The file contains JavaScript which renders an Adobe and Microsoft themed page that attempts to harvest Outlook, IONOS, AOL, or other credentials,” the alert stated.

HC3 provided a list of observed indicators of compromise (IOCs), including malicious URLs, post request domains, and malicious file attachment names.

“This malspam campaign utilizes a Trojan which is a type of malicious code or software that acts like a legitimate application or file to trick you into loading and executing it on your device,” the alert explained.

“Once installed, a Trojan can perform the action it was designed for—damaging, disrupting, stealing, or inflicting harm on your data or network.”

To mitigate risk, HC3 recommended that healthcare organizations update their operating systems and software applications, especially since cyber criminals are known to exploit outdated programs. In addition, organizations should protect accounts with unique and complex passwords and back up files regularly.

Additionally, users should avoid opening unsolicited emails from unknown senders, downloading or installing programs without complete trust in the publisher, and visiting unsafe websites or clicking on pop-up windows that promise free programs.

The Federal Bureau of Investigation’s (FBI) 2021 Internet Crime Report observed a 7 percent increase in total internet crime complaints in 2021 compared to 2020. Phishing scams were one of the top-reported internet crimes of 2021, further emphasizing the need for security awareness and training and technical safeguards.