The bait is always an attached invoice, an .xlsm file. This, if opened, contacts a link chosen randomly from an internal list that downloads a DLL and infects the PC with malware.
Malwarebytes: Almost 80% of the malicious codes that threat the Healthcare sector are trojans and the most common is Emotet. The typical cybercrime infection chain begins with phishing or spear-phishing cyber attacks
Emotet is the prominent malware affecting computer systems in the healthcare industry. It has been revealed by a Malwarebytes cyber security experts report. Almost 80% of the malicious codes that attacks the sector are trojans and the most common of them is Emotet. It started out as a banking trojan and extended its functionality over the years to distribution services for spam emails or other malware, like TrickBot and QakBot banking trojans. The typical cybercrime infection chain begins with phishing or spear-phishing cyber attacks, that leverage a legitimate-looking email with a weaponized attachment. The aim is to persuade the victim to launch the malicious file and download the malware. The researches found different kinds of them, including fileless, which leaves almost no trace on the infected host.
The cyber security experts: In the top 5 list there are malware posing as legitimate files from Microsoft and coinminers. There are also the WannaCry ransomware and fileless malicious codes
Malware posing as legitimate files from Microsoft is the second most common category of threats Malwarebytes encountered on healthcare systems. They account for 34% of the detections. The third category of trojans the cyber security experts saw in machines are the cryptocurrency miners. In 17% of the cases, in fact, Malwarebytes detected a coinmining scheme under the generic label Trojan.BitCoinMiner. The report says that the regular approach is to install the miners on systems used for record keeping, redirecting the computing resources towards minting new digital coins. But in the top five list there is also WannaCry ransomware, which wreaked havoc back in 2017 when it spread rapidly across the world to encrypt data on computers in both the private and public sector.