Researchers at INKY have released a new report which uncovers an account takeover attack exploiting the The National Health Service (NHS) in the UK. As the host for any government entity in the UK, this attack is systemically hitting thousands from legitimate email accounts.
These emails are presenting fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials.
Starting in October 2021 and escalating dramatically in March 2022, INKY detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees based in England and Scotland. Last year, this service was migrated from an on-premise installation to Microsoft Exchange Online. This migration, with its changed security environment, could have been a factor in the attack.
We reported our initial findings to the NHS on April 13, and as of April 14, the volume of attacks decreased dramatically, as the NHS took measures to stop them. However, INKY users were still receiving a few phishing emails from the NHS mail domain (nhs[.]net) after that time.
You can read the full report here and it is very much worth reading so that you are on top of this attack campaign.
Like this:
Like Loading...
Related
This entry was posted on May 4, 2022 at 8:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
NHS Hit By Account Takeover Attack Exploiting Legitimate Employee Accounts To Hijack for User Credentials
Researchers at INKY have released a new report which uncovers an account takeover attack exploiting the The National Health Service (NHS) in the UK. As the host for any government entity in the UK, this attack is systemically hitting thousands from legitimate email accounts.
These emails are presenting fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials.
Starting in October 2021 and escalating dramatically in March 2022, INKY detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees based in England and Scotland. Last year, this service was migrated from an on-premise installation to Microsoft Exchange Online. This migration, with its changed security environment, could have been a factor in the attack.
We reported our initial findings to the NHS on April 13, and as of April 14, the volume of attacks decreased dramatically, as the NHS took measures to stop them. However, INKY users were still receiving a few phishing emails from the NHS mail domain (nhs[.]net) after that time.
You can read the full report here and it is very much worth reading so that you are on top of this attack campaign.
Share this:
Like this:
Related
This entry was posted on May 4, 2022 at 8:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.