The Department of Homeland Security (DHS) reported a striking increase in cyberattacks against virtual private network (VPN) vulnerabilities and email password account features last week. The UK National Cyber Security Centre (NCSC) warned that hackers can exploit weaknesses found in Palo Alto, FortiGuard, and Pulse Secure VPNs. NCSC researchers have also seen attacks against several SSL VPN applications in the UK, US, and globally across a range of industries, including healthcare. The DHS has also alerted to a recent Microsoft report about the hacking group Phosphorus that is exploiting email accounts’ password reset and account recovery features.
The security vulnerabilities in SSL VPN applications allow hackers to steal authentication credentials so they can change configuration settings or connect to other devices through the VPN. They can also gain access to a root shell that grants user account permissions to edit server files without getting blocked. Between August and September, 2,700 attempts to exploit Microsoft email accounts were identified by The Microsoft Threat Intelligence Center. Out of those, hackers targeted 241 of the accounts, four of which were compromised, including those associated with a US presidential campaign, US government officials, and journalists covering politics. It’s not clear yet if Phosphorus has targeted the healthcare industry.
VPN vendors have issued security patches to lessen the risk of compromise. Organizations can also investigate logs for accounts with anomalous IP locations or times. According to HealthIT Security , NCSC researchers have advised: “to mitigate these vulnerabilities, owners should take two steps: Apply the latest security patches released by vendors and reset authentication credentials associated with affected VPNs.” For email security , the DHS recommends that organizations review the Microsoft report and the agency’s supplementing passwords guide. You can also implement email security software, like Paubox Email Suite Plus, to fully protect your inbox.
The cyberattacks exploiting VPN vulnerabilities and email password account features highlight the urgent need to secure VPNs with the latest patches and to move beyond passwords for email. Healthcare organizations that must protect patients’ personal health information should be especially vigilant to prevent these cyberattacks.