Home COVID-19 Microsoft is Working With Healthcare Organizations to Help protect Them From Ransomware...

Microsoft is Working With Healthcare Organizations to Help protect Them From Ransomware Attacks During COVID-19 Pandemic

No rest for the weary eyed hackers, as they seek to exploit the current COVID-19 pandemic.


Earlier today Microsoft put out a new blog post in their security section concerning ransomware attacks that seek to exploit the current global COVID-19 crisis. “As organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances.”

As part of intensified monitoring and take-down of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.

–Microsoft security blog post-April 1, 2020.



Microsoft’s Advice on how to detect, protect, and prevent this type of ransomware


We understand how stressful and challenging this time is for all of us, defenders included, so here’s what we recommend focusing on immediately to reduce risk from threats that exploit gateways and VPN vulnerabilities:

  • Apply all available security updates for VPN and firewall configurations.
  • Monitor and pay special attention to your remote access infrastructure. Any detections from security products or anomalies found in event logs should be investigated immediately.  In the event of a compromise, ensure that any account used on these devices has a password reset, as the credentials could have been exfiltrated.
  • Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. To address malicious activity initiated through weaponized Office documents, use rules that block advanced macro activity, executable content, process creation, and process injection initiated by Office applications. To assess the impact of these rules, deploy them in audit mode.
  • Turn on AMSI for Office VBA if you have Office 365.

To help organizations build a stronger security posture against human-operated ransomware, we published a comprehensive report and provided mitigation steps for making networks resistant against these threats and cyberattacks in general. These mitigations include:

  • Harden internet-facing assets and ensure they have the latest security updates. Use threat and vulnerability management to audit these assets regularly for vulnerabilities, misconfigurations, and suspicious activity.
  • Secure Remote Desktop Gateway using solutions like Azure Multi-Factor Authentication (MFA). If you don’t have an MFA gateway, enable network-level authentication (NLA).
  • Practice the principle of least-privilege and maintain credential hygiene. Avoid the use of domain-wide, admin-level service accounts. Enforce strong randomized, just-in-time local administrator passwords. Use tools like LAPS.
  • Monitor for brute-force attempts. Check excessive failed authentication attempts (Windows security event ID 4625).
  • Monitor for clearing of Event Logs, especially the Security Event log and PowerShell Operational logs. Microsoft Defender ATP raises the alert “Event log was cleared” and Windows generates an Event ID 1102 when this occurs.
  • Determine where highly privileged accounts are logging on and exposing credentials. Monitor and investigate logon events (event ID 4624) for logon type attributes. Domain admin accounts and other accounts with high privilege should not be present on workstations.
  • Utilize the Windows Defender Firewall and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities.

Avatar
Charles Leverehttps://www.riverbankwebdesign.ca/
Charles Levere is the editor-in-chief (dork-in-chief) of Urban Dork. When he is not writing, or tinkering with hardware, he is most likely playing one of his favorite video games. He also loves being near the water, kayaking, water skiing or anything that gets him on the water and in the sun.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

PC games released on this day: Crysis Remastered, WWE 2K Battlegrounds

Today we have two games being released today on PC. The first is Crysis Remastered, the game that sparked the forever "can...

NVIDIA Broadcast is now available for download

What's the skinny? NVIDIA sent out a tweet earlier today, stating that their NVIDIA Broadcast app is now available for download. The...

NVIDIA driver version 456.38 release notes

What’s New in Version 456.38 WHQL GeForce Game Ready Driver Game Ready Drivers provide the...

AMD Radeon Software Adrenalin 2020 edition 20.9.1 release notes

AMD Radeon's latest driver, 20.9.1 comes with a dozen fixes, including another black screen issue fix. Although I haven't personally had a...

Recent Comments