In a blog post, the tech giant said it had alerted "several dozens" of hospitals with vulnerabilities in their infrastructure, including in the virtual private networks, or VPNs, that remote workers are increasingly using to connect to shared networks amid the coronavirus outbreak.
"To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others," Microsoft's Threat Protection Intelligence Team said in the blog post.
The company said it had seen evidence that the health care industry is "particularly exposed" to ransomware and other forms of cyberattacks during the virus response, as attackers exploit understandable fears for their own ends.
"We haven't seen technical innovations in these new attacks, only social engineering tactics tailored to prey on people's fears and urgent need for information," Microsoft wrote in the blog post.
The company's threat monitoring team said it has seen a rise in sophisticated "human-level" ransomware attacks, which are more complex and hands-on than "run-of-the-mill" ransomware campaigns that in the past have spread with little to no effort on the part of the attackers.
"Adversaries behind these attacks exhibit extensive knowledge of systems administration and common network security misconfigurations, which are often lower on the list of 'fix now' priorities," the company wrote.
The "human-level" ransomware attackers also can linger on a victim's network for months undetected, making it hard for victims to figure out how exactly their network was breached and to what extent their systems are compromised, Microsoft said.
Ransomware attacks, which security experts say have grown exponentially in recent years, typically shut down their victim's computer systems, with attackers asking to be paid in digital currency in order to restore access. Some ransomware attackers have ratcheted up their efforts in recent months by taking the extra step of exfiltrating sensitive data, including from law firms, before threatening to post it on a public website.
As more and more companies move to remote work amid the virus outbreak, the U.S. Cybersecurity and Infrastructure Security Agency has suggested several steps organizations can take to mitigate their security risks, including mandating that workers use company-owned computers and frequently patching their virtual private networks with the latest security fixes.
--Editing by Bruce Goldman.
For a reprint of this article, please contact reprints@law360.com.