Cybercriminals are taking advantage of the Covid19 pandemic. From selling fake Coronvirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.
In the latest, a cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. This can turn into a disaster for doctors and healthcare staff busy saving lives amid the pandemic.
Hackread.com has learned that the database in the discussion was stolen on April 11th, 2020, from qa.findadoctor.com, an online service that lets people search for the healthcare professional, book instant appointments and consult with doctors online.
The targeted website is based in Edison, NJ New Jersey and owned by Millennium Technology Solutions. A look at it shows it claims to have registered 100000+ doctors and 5000+ members. The website allows both doctors and patients to register themselves with their email addresses. Though, patients are required to snap a photo of themselves or upload one from their PC to register their membership.
We can confirm that patients’ photos or medical records are not among the stolen data. However, what includes in the data is enough to target doctors. For instance, the sold records include details like full names, genders, name of the hospital – organization where they work, their location, mailing address, practice address, country, phone numbers, license number, and much more.
The good news is that this trove of data does not contain email addresses which means doctors are safe from phishing and malware scams but based on the leaked records finding their email addresses will be a piece of cake. Hackread.com was able to find dozens of doctors in New York-based on the sample data we have seen.
Furthermore, cybercriminals can use available phone numbers to carry out a smishing attack, a malicious technique involving sending of text messages with phishing links to steal financial data or redirect the victim to website dropping malware – Simply put: Attacking options for cybercriminals with this data are infinite.
In a comment to Hackread.com, Under the Breach, a service that exclusively monitors data breaches and works for its prevention said that,
Despite the lack of e-mails in the database which are indeed a common way for cybercriminals to carry operations, the fact that the list contains a very specific type of individuals, all of whom are in the healthcare industry, could pose a risk of governments or bad actors carrying out disinformation campaigns via SMSes. Especially during this hard period, having the wrong medical information could pose a huge risk.
On the other hand, several Twitter users connected with the cyber security industry shared their views on the incident. One user going by the online handle of @Ug_0Security tweeted: “Lol why would you sell or buy that? It’s public stuff just scrap it yourself.. or buy a phonebook.”
In response, another Twitter user @cloakXkeyboard explained that: “Because then they can take that big list of emails and carry out a phishing campaign or malware campaign against those individuals -this is common for ransomware like Ryuk.”
Ryuk is a nasty piece of malware used by cybercriminals in ransomware attacks. In February this year, Ryuk was used against Florida’s Stuart Police Department and successfully took over computers digital evidence on six suspected drug dealers and ended up destroying it resulting in freeing all three individuals.
Nevertheless, at the time of publishing this article, the database was still up for sale on the same hacker forum where names and phone numbers of 42 million Iranians and terabytes of OnlyFans data on demand is being currently sold.