Security News > 2020 > April > Vulnerable VPN appliances at healthcare organizations open doors for ransomware gangs

"We're seeing from signals in Microsoft Threat Protection services that the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems. Attackers have also been observed using the updater features of VPN clients to deploy malware payloads," the company shared.

Human-operated ransomware campaigns targeting organizations have became the prevalent type of attack that involves the use of ransomware.

These campaigns are executed by sophisticated attackers who don't miss a trick and always find a way to exploit the latest changes and trends, such as the soaring enterprise use of RDP and VPN and exploits for vulnerabilities in popular VPN solutions.

"Human-operated ransomware attacks are a cut above run-of-the-mill commodity ransomware campaigns. Adversaries behind these attacks exhibit extensive knowledge of systems administration and common network security misconfigurations, which are often lower on the list of 'fix now' priorities. Once attackers have infiltrated a network, they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network," Microsoft noted.

"In these attacks, adversaries typically persist on networks undetected, sometimes for months on end, and deploy the ransomware payload at a later time. This type of ransomware is more difficult to remediate because it can be challenging for defenders to go and extensively hunt to find where attackers have established persistence and identify email inboxes, credentials, endpoints, or applications that have been compromised."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/C9toYelDz_I/