Microsoft warns hospitals about VPN cyberattacks during coronavirus
The tech giant notes that as more people work remotely, a new breed of hacker could attack.
Roughly four out of five Americans are on government-mandated lockdowns, forcing many of them to work from home to avoid spreading the novel coronavirus. Many of these people use technology to access their work called virtual private networks, or VPNs. And now Microsoft says those companies -- specifically health care workers -- need to be on the lookout for a different breed of threats that come from VPNs.
The tech giant took what it says is its first-ever step to warn hospitals about the threat. "Ransomware operators have identified a practical target -- network devices like gateway and virtual private network (VPN) appliances," Microsoft said in a statement. "These are more difficult to remediate because it can be challenging for defenders to go and extensively hunt to find where the ransomware attackers have established persistence and identify what has been compromised."
Microsoft issued its warning because companies around the world are leaning on VPN technology to allow employees stuck at home to access sensitive work apps and documents. It's concerned that some companies aren't as prepared for the hackers who attack using that technology.
Microsoft has good reason to be concerned.
At the end of February, just as the western world was ramping up its response to the coronavirus, hotel chain Marriott detected "an unexpected amount of guest information" that had been accessed. All told, it said, data from 5.2 million customers may have been compromised, including names, mailing addresses, phone numbers, birthday days and months, and more. Marriott hasn't disclosed details of the hack or if VPN software was involved, but it's a reminder that hackers aren't slowing their activity during the crisis.
In its blog post Wednesday, Microsoft suggested similar steps to CNET's own recommendations for remote workers to protect themselves and their company's data. Among them was to keep applying security updates (something people still regularly don't do, and is the reason behind some hacks.) Microsoft also recommended companies reduce people's access to most documents, only people who need it have access to various data.
You should read it
- What is Tor? Your guide to using the private browser
- Beware these coronavirus hacking threats, UK and US agencies warn
- K-12 online classes and activities to continue education at home during coronavirus
- Microsoft's Skype sees massive increase in usage as coronavirus spreads
- Steps to enable security features on Microsoft 365
- UK developing coronavirus-tracking app to ease lockdown restrictions
- FTC says consumers have already lost millions in coronavirus scams
- Coronavirus lockdowns: Can you go outside, to the gym, on a drive and other answers
- Phone location data being used to track Americans amid coronavirus outbreak
- Coronavirus vaccines: The drugs in development to treat COVID-19
- Link to download Microsoft Security Essentials 4.10.0209.0
- Coronavirus stimulus check is official: Find out if you're eligible for up to $1,200