Published on April 1st, 2020 📆 | 3011 Views ⚑0
Microsoft is Alerting Hospitals Vulnerable to VPN Attacks
Microsoft has started to send targeted notifications to dozens of hospitals that have been detected as being vulnerable to a known gateway and VPN appliance exploits.
Microsoft has been tracking various groups behind human-operated ransomware attacks and has seen one of the operations known as REvil (Sodinokibi) targeting vulnerabilities in VPN devices and gateway appliances to breach a network.
Pulse VPN devices have been known to be targeted by threat actors, with these vulnerabilities thought to be behind the Travelex ransomware attack by REvil.
Other attackers such as DoppelPaymer and Ragnarok Ransomware were also seen in the past utilizing the Citrix ADC (NetScaler) CVE-2019-1978 vulnerability to compromise a network.
Once REvil, and other ransomware actors, breach a network with these vulnerabilities they will spread laterally throughout the network while obtaining administrative credentials. Ultimately, they deploy the REvil ransomware to encrypt all of the data on the network.
With health care organizations such as hospitals being overwhelmed during the Coronavirus pandemic, Microsoft wants to help these organizations stay ahead of the actors by sending targeted notifications about vulnerable devices on their network.
“Through Microsoft’s vast network of threat intelligence sources, we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure. To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular exploits and others like it,” Microsoft stated today in a new blog post.
By sending these targeted alerts to hospitals, health care organizations can proactively install security updates on public-facing devices to prevent threat actors from taking advantage of them.
To protect against ransomware operations such as REvil, the Microsoft Defender Advanced Threat Protection (ATP) Research Team recommends implementing the following mitigation measures against human-operated ransomware attacks: