Pierluigi Paganini
April 02, 2020
Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online.
Recently Microsoft has
Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem.
In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data.
Microsoft pointed out that operators behind Sodinokibi ransomware are targeting vulnerabilities in VPN devices (i.e. Pulse Secure VPN devices) and gateways to compromise the target network.
Once the attackers have breached the target network, they leverage stolen credentials, attempt to dump credentials and disable security solutions, then download tools to gather intelligence and make lateral movements.
They deploy their ransomware on the largest number of internal machines as possible.
With Coronavirus outbreak, the protection of healthcare organizations has become a pillar of our society and Microsoft was committed to providing all the necessary support to mitigate the risks of cyber attacks.
The tech giant is sending notifications to hospitals about their surface of attack.
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.” reads the post published by Microsoft.
“As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.”
This is the first targeted notifications sent by Microsoft to the hospitals, the warnings contain precious information of threat actors and related tactics, techniques, and procedures.
“Through Microsoft’s vast network of threat intelligence sources, we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure.” continues Microsoft. “To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular”
Microsoft urges hospitals and health care organizations to implement security measures to protect public-facing devices to increase their resilience to cyber attacks.
Below some mitigations recommended by the Microsoft Defender Advanced Threat Protection (ATP) Research Team to reduce risk from threats that exploit gateways and VPN vulnerabilities:
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[
