Malware, Ransomware

Microsoft defends health care orgs, Mozilla funds innovation to fight COVID-19

Some welcome good news on the COVID-19 front: Microsoft Corporation said it is stepping up its efforts to protect hospitals and other critical services from opportunistic cyberattacks, while Mozilla has founded a new fund to support open-source projects that help fight the pandemic.

In a company blog post, Microsoft said that it identified dozens of hospitals that were vulnerable to attacks via exploitable gateway and VPN appliances, and reached out to these health care providers with what it describes as a "first-of-its-kind targeted notification."

The alert contained "important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others," says the post, jointly authored by Microsoft's Threat Protection Intelligence Team and Threat Intelligence Center (MSTIC).

With employees forced to adhere to work-from-home restrictions, organizations are heavily relying on VPNs to extend private networks across public infrastructure. Microsoft specifically identified the REvil/Sodinokibi ransomware group as an actor that's been actively scanning the internet for gateway and VPN vulnerabilities in order to compromise organizations. "After successful exploitation, attackers steal credentials, elevate their privileges, and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads" via the updater features of VPN clients, Microsoft explains.

Microsoft recommends that companies comprehensively update their VPN and firewall configurations, closely monitor their remote access infrastructure, turn on attack surface reduction rules, harden internet-facing assets, use threat and vulnerability management solutions/services, adopt a least-privilege philosophy, and much more. (See the blog post for the full list.)

Meanwhile, Mozilla this week announced that it was founding a COVID-19 Solutions Fund that will award as much as $50,000 apiece to open-source technology projects that help in the battle against the coronavirus pandemic.

Mozilla said it would accept applications for hardware and software innovations, such as a "browser plug in that combats COVID-related misinformation." Solutions could also be non-cyber in nature, such as an open-source ventilator or a platform to connect hospitals with people who can 3D-print ventilators, the announcement explains.

Terms of the funding initiative, which was launched as part of the Mozilla Open Source Support Program (MOSS), are listed in a Mozilla blog post here.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds