One of the scariest pieces of news filling our inbox in recent weeks is that cybercriminals are taking advantage of unpatched software, and healthcare is vulnerable. Microsoft is one of the biggest targets.
Phishing through Microsoft 365
In December, we learned about spear-phishing campaigns targeting Microsoft Office 365 users to steal credentials, and another campaign spoofing Microsoft’s protection software for its email hosting service, Microsoft Exchange Online. Spoofing means the hackers pretended to be the protector software. Almost 200 million Office 365 users around the world, and particularly in healthcare, insurance, financial services, manufacturing, utilities, and telecom sectors, were being targeted by the spoofing campaign.
The cyber attacks used an exact domain spoofing technique; emails were sent using a fraudulent domain that matched the domain of the spoofed brand. It looked legitimate to the email recipient. The only clue would have been that the spoofing emails used urgent and fear-inducing language to cause recipients to click on a malicious link.
Microsoft Exchange Servers are Targeted
In early March Microsoft issued patches and guidance to fix vulnerabilities in its email Exchange Servers. From Microsoft:
On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to affected systems.
The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected.
Since that first notice on March 2, Microsoft has published seven additional articles, all of which are available in the link above.
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has also published information and guidance about the active exploitation of vulnerabilities in Microsoft Exchange Server products.
IT staff may already be following the news from Microsoft and CISA, but if not, make sure they know to look for it. Both pages are being updated regularly, CISA’s as recently as today.
Aggressive Cyber Criminals Require Aggressive Response
They are called “advanced persistent threats” or APTs by cybersecurity experts. Horrifying to learn that the day after the patches were issued, the APT actors increased their attacks to take advantage of systems that were still unpatched. The goals of the hackers appear to be varied, from espionage to ransomware, business disruption and theft. They will keep going, so now is the time to act if you haven’t already.
Early on, experts believed one or two groups were responsible, but now believe at least 10 separate groups (cyber criminals working on semi organized teams) are culprits (calling themselves Tonto Team, LuckyMouse, Tick, Winnti Group, and Calypso, etc.).
HIPAA Risk Management is Blueprint to Prevent Cyber Crime
A HIPAA Risk Analysis that incorporates NIST guidance is the best way to prevent your business from becoming the next HIPAA Horror Story. In The HIPAA E-Tool® the IT Asset Inventory helps locate and organize equipment and software, and the Security Rule Checklist covers all the bases for managing the assets, including prompts for software patches and updates.
If you have questions about what to do first, we have answers. But don’t put it off.