Hacker Group Targeting Health Care Companies in Email Scheme
December 2, 2014 in News
Since mid-2013, a group of hackers has been targeting emails from more than 100 publicly traded organizations or advisory firms, the majority of which are health care and pharmaceutical companies, according to a special report released by the cybersecurity firm FireEye, the New York Times reports.
The group, which FireEye calls FIN4, targets a diverse group of workers, including:
- Top executives;
- Legal counsel;
- Regulatory, risk and compliance officers;
- Researchers; and
The individuals are sent different emails with links or attached documents that prompt a fake email login page designed to steal the individual’s credentials, enabling the hacker to log in and read the contents of the emails.
Once inside the email, the hackers set rules for the inboxes to automatically delete any email that contains words such as “hacked,” “phished” or “malware” (Perlroth, New York Times, 12/1).
According to the report, the targeted attacks — known as spear phishing — “appear to be written by native English speakers familiar with both investment terminology and the inner workings of publicly traded pharmaceutical and other health care companies” (Conn, Modern Healthcare, 12/1).
FireEye officials say the attacks can be hard to track because there is no malware deployed.
All but three of the affected organizations are publicly listed on the New York Stock Exchange or NASDAQ (New York Times, 12/1).
In a blog post, FireEye, which declined to name the organizations involved because of nondisclosure agreements, said that over two-thirds of the targeted organizations are health care and pharmaceutical companies (Dennesen et al., FireEye blog, 11/30). Specifically, the report showed:
- 50% of targeted companies are in the biotechnology field;
- 13% sell medical devices;
- 12% sell medical instruments and equipment;
- 10% are drugmakers (New York Times, 12/1);
- 5% are insurers;
- 5% perform medical diagnostics and research;
- 3% are health care providers; and
- 2% are medical distribution companies (Vengerik et al., FireEye report, 11/30).
FireEye said it had notified the targeted organizations, as well as the Federal Bureau of Investigation. However, the company did not know if other organizations such as the Securities and Exchange Commission were investigating the issue.
Representatives of the FBI and SEC declined to comment (New York Times, 12/1).