SECURITY
SECURITY
SECURITY
UK’s National Health Service infected by massive phishing campaign
The U.K.’s National Health Service has been infected by a massive phishing campaign that resulted in hundreds of accounts on Microsoft 365 being compromised.
Detailed today by researchers by email security firm INKY Technology Corp., the phishing campaign was first detected in October, then escalated in March. The campaign used compromised NHS accounts to send phishing emails to unsuspecting third parties.
The researchers detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees in England and Scotland. That may not seem like much, but it’s notable that INKY only detected attempts made on its customers, meaning that the actual number was likely much larger.
The NHS was migrated from an on-premises installation to Microsoft Exchange online last year, a possible factor in the attack. The phishing emails were all sent from two IP addresses, both used by the NHS, and passed email authentication for nsh.net, showing that the phishing campaign was using compromised NHS accounts.
Most of the phishing emails included fake document notifications with malicious links to credential-harvesting sites that targeted Microsoft credentials. Some of the emails impersonated Adobe and Microsoft by using their logo in the phishing emails. A few of the phishing emails are described as being advance-fee scams.
The phishing campaign mostly came to an end around April 19 as the NHS mitigated the incursion and compromised accounts after INKY contacted the NHS with its findings. That said, the researchers noted that there was still the occasional phishing email slipping through the net.
“We have processes in place to continuously monitor and identify these risks,” the NHS said in a statement. “We address them in collaboration with our partners who support and deliver the national NHSmail service.”
Noting that it found only 139 compromised accounts, the researchers say that given the vast number of NHS accounts, the percentage could still be expected to produce newly compromised accounts every day.
“Perhaps this is a moment to introduce the idea that phishing can be like a leak in the boat,” the researchers conclude. “It doesn’t matter that the hole is small. It will still sink the boat eventually. Even if only a few bad emails get through, with a malicious enough payload, a single successful attack can be life-altering.”
Photo: Elliott Brown/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
