The novel coronavirus has caused havoc among world communities and, as the days go by, the virus does not seem to end its rampage. While people struggled to deal with the issue on the ground, there was another growing crisis in the online ecosystem.
Research had shown that there was a multitude of coronavirus related ransomware plaguing the webpages of the internet. To ensure that only legitimate information is transferred, Microsoft has joined forces with healthcare organizations to take down any such fraudulent actions.
Microsoft revealed that they had intensified monitoring and takedown of threats that exploit the ongoing pandemic. The technology giant wanted to address the need of the hour, ie. catering to doctors and all other hospital staff fighting at the frontlines. Microsoft admitted that one of the sectors that took the biggest hit was healthcare and if care wasn’t given, that would result in a systemic breakdown of society as a whole.
Analysts from Microsoft have been tracing the REvil as part of a research on human-operated ransomware attacks. According to the computer giant:
“…intel on ransomware campaigns shows an overlap between the malware infrastructure that REvil was observed using last year and the infrastructure used on more recent VPN attacks. This indicates an ongoing trend among attackers to repurpose old tactics, techniques, and procedures (TTPs) for new attacks that take advantage of the current crisis. We haven’t seen technical innovations in these new attacks, only social engineering tactics tailored to prey on people’s fears and urgent need for information.”
The Microsoft team is responsible for protecting hospitals and healthcare facilities from human-assisted ransomware attacks. They also sent targeted notifications to the affected hospitals with information on the kinks in the network. The report also included a detailed list of how attackers would benefit from such loopholes and recommendations for solutions.
According to Microsoft, all companies that have been checked should review their VPN infrastructure for updates. Along with Microsoft, the DHS Cyber Security and Infrastructure Security Agency [CISA] and the Department of Commerce, the National Institute of Standards and Technology. Microsoft has also asked users to turn on attack surface reduction rules. These include rules that block credential theft and all ransomware activities surrounding a particular server.
Microsoft has urged users to use the Windows Defender Firewall to prevent any form of RPC and SMB communication between endpoints whenever possible. The source said that implementing a firewall would also prevent the lateral movement of other attacks.The reason why Microsoft has taken such a strong stance was because of the repeated fraudulent activities related to COVID-19 that had popped up.
A recent example of a scam was a website masquerading as the official WHO website for coronavirus relief. The fake website urged users to donate Bitcoin as ‘coronavirus relief funds’ so that the scammers could pocket the capital and hurt actual legitimate efforts on the ground.