Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform.
The breach was discovered when Trezor, a cryptocurrency hardware wallet provider, looked into a phishing campaign targeting its clients that utilized the email addresses signed up to Trezor accounts, which revealed a data breach at Mailchimp.
Mailchimp’s investigation affirmed that threat actors had successfully compromised internal accounts of its client support and account administration teams, and although those accounts were already secured, the attackers had gained access to the 300 Mailchimp users’ accounts and had extracted audience information from 102 of those accounts. The attackers also obtained API keys that enabled them to make email campaigns to be used in phishing attacks without needing to access client portals.
Considering that accounts employed by Mailchimp clients for sending marketing campaigns such as newsletters can be whitelisted by subscribers, any phishing campaigns carried out utilizing the breached accounts may find the emails mailed to inboxes. HC3 says it is just aware of one phishing campaign being done employing a compromised account, which targeted customers in the cryptocurrency and financial industries, however, there is a threat that campaigns can also be performed targeting consumers in the healthcare and public health (HPH) industry.
HC3 has urged companies in the HPH industry to take steps to minimize the threat. HC3 states the best defense is user awareness training because phishing emails will be sent from a legitimate and trustworthy sender. Workers must be advised about the threat and be directed to be cautious of any emails received via Mailchimp. Although phishing emails may be sent, malware may likewise be sent. Antivirus software ought to be used, network intrusion prevention systems are advantageous, and HC3 additionally suggests utilizing web filters to limit access to internet content that is not required for business operations.
Anti-spoofing and other email authentication systems are furthermore recommended. These consist of doing validity checks of the sender domain employing SPK, validating the reliability of messages utilizing DKIM, and examining to ensure the sender is authorized to utilize the domain employing DMARC.