4 min read
Virtual Private Networks (VPNs) are a major piece of internet infrastructure holding together the work-from-home workforce right now. VPNs are responsible for encrypting web traffic, keeping data safe, and protecting privacy.
With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.
CISA (Cybersecurity and Infrastructure Security Agency) has issued an advisory for all VPN servers and client software.
Here are some tips for securing company resources in remote working:
In the light of an expected increase in VPN phishing attacks, companies should look very closely at enabling a multi-factor authentication (MFA) solution to protect VPN accounts from unauthorized access. In a report last year, Microsoft said that enabling a MFA solution for online accounts usually blocks 99.9% of all account takeover (ATO) attacks, even if the attacker has valid credentials for the victim's account.
In addition to enabling MFA to protect VPN accounts for employees working from home, organizations should review the patching levels of corporate VPN products.
Previous attacks have targeted VPN servers from vendors such as Palo Alto Networks, Fortinet, Pulse Secure, and Citrix. Patches should be applied, and advisories should be followed, for critical vulnerabilities mentioned below:
With more and more companies needing VPN capabilities to allow workers to log into private corporate systems and do their duties, IT staff are responding by putting up more VPN servers to deal with the surging traffic. IT staff now need to pay close attention to the new VPN servers they are putting up and make sure these systems have been patched for the vulnerabilities listed above, which are some of the most targeted vulnerabilities today.
With so many organizations moving their employee workforce to work-from-home roles, there is now a new threat on the horizon -- extortions. Hackers could launch DDoS attacks on VPN services and exhaust their resources, crashing the VPN server and limiting its availability for mission-critical operations.
With the VPN server acting as a gateway to a company's internal network, this would prevent all remote employees from doing their jobs, effectively crippling an organization that has little to no workers on-site. Furthermore, SSL-based VPNs (like Pulse Secure, Fortinet, Palo Alto Networks, and others) are also vulnerable to an SSL Flood (DDoS) attack, just like web servers.
The EventTracker SOC is monitoring VPN reports diligently to identify irregular VPN usage patterns, making it easier to alert on infected accounts. We will promptly notify you of any suspicious activity.
With the increased use of remote work, organizations should ensure that their VPN solution is monitored, patched, and closely managed to protect against active exploits. Expect phishing emails and social engineering attempts related to COVID-19 to continue, especially against high-value targets like sys admins in order to steal credentials. Please don’t hesitate to contact Netsurion or your customer success manager with any questions or to discussion something suspicious.
CISA Alert on VPN Security https://www.cisa.gov/uscert/ncas/alerts/aa20-073a
CISA Alert on Avoiding Social Engineering and Phishing Attacks https://www.cisa.gov/uscert/ncas/tips/ST04-014
NIST’s Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions
Download the Whitepaper
5 min read
7 min read
10 min read