Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online.
Recently Microsoft has published details about human-operated ransomware attacks that targeted organizations in various industries.
Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem.
In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data.
Microsoft pointed out that operators behind Sodinokibi ransomware are targeting vulnerabilities in VPN devices (i.e. Pulse Secure VPN devices) and gateways to compromise the target network.
Once the attackers have breached the target network, they leverage stolen credentials, attempt to dump credentials and disable security solutions, then download tools to gather intelligence and make lateral movements.
They deploy their ransomware on the largest number of internal machines as possible.
With Coronavirus outbreak, the protection of healthcare organizations has become a pillar of our society and Microsoft was committed to providing all the necessary support to mitigate the risks of cyber attacks.
The tech giant is sending notifications to hospitals about their surface of attack.
“During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.” reads the post published by Microsoft.
“As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.”
This is the first targeted notifications sent by Microsoft to the hospitals, the warnings contain precious information of threat actors and related tactics, techniques, and procedures.
“Through Microsoft’s vast network of threat intelligence sources, we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure.” continues Microsoft. “To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular”
Microsoft urges hospitals and health care organizations to implement security measures to protect public-facing devices to increase their resilience to cyber attacks.
Below some mitigations recommended by the Microsoft Defender Advanced Threat Protection (ATP) Research Team to reduce risk from threats that exploit gateways and VPN vulnerabilities:
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ransomware, hospitals)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…
A new variant of TheMoon malware infected thousands of outdated small office and home office…
This website uses cookies.