Virtual Private Networks (VPNs) are a major piece of internet infrastructure holding together the work-from-home workforce right now. VPNs are responsible for encrypting web traffic, keeping data safe, and protecting privacy.
With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.
CISA (Cybersecurity and Infrastructure Security Agency) has issued an advisory for all VPN servers and client software.
Here are some tips for securing company resources in remote working:
In the light of an expected increase in VPN phishing attacks, companies should look very closely at enabling a multi-factor authentication (MFA) solution to protect VPN accounts from unauthorized access. In a report last year, Microsoft said that enabling a MFA solution for online accounts usually blocks 99.9% of all account takeover (ATO) attacks, even if the attacker has valid credentials for the victim's account.
In addition to enabling MFA to protect VPN accounts for employees working from home, organizations should review the patching levels of corporate VPN products.
Previous attacks have targeted VPN servers from vendors such as Palo Alto Networks, Fortinet, Pulse Secure, and Citrix. Patches should be applied, and advisories should be followed, for critical vulnerabilities mentioned below:
With more and more companies needing VPN capabilities to allow workers to log into private corporate systems and do their duties, IT staff are responding by putting up more VPN servers to deal with the surging traffic. IT staff now need to pay close attention to the new VPN servers they are putting up and make sure these systems have been patched for the vulnerabilities listed above, which are some of the most targeted vulnerabilities today.
With so many organizations moving their employee workforce to work-from-home roles, there is now a new threat on the horizon -- extortions. Hackers could launch DDoS attacks on VPN services and exhaust their resources, crashing the VPN server and limiting its availability for mission-critical operations.
With the VPN server acting as a gateway to a company's internal network, this would prevent all remote employees from doing their jobs, effectively crippling an organization that has little to no workers on-site. Furthermore, SSL-based VPNs (like Pulse Secure, Fortinet, Palo Alto Networks, and others) are also vulnerable to an SSL Flood (DDoS) attack, just like web servers.
The rapid introduction of work-from-home accelerates risk from adversaries. Remind employees to stay aware of potential phishing attempts, and if in doubt, don’t open or click on unknown or suspicious emails. People are sometimes the weakest link that malicious actors target in their stealthy attempts to inflict damage or steal sensitive data.
With the increased use of remote work, organizations should ensure that their VPN solution is monitored, patched, and closely managed to protect against active exploits. Expect phishing emails and social engineering attempts related to COVID-19 to continue, especially against high-value targets like sys admins in order to steal credentials. Please don’t hesitate to contact Lumifi or your customer success manager with any questions or to discussion something suspicious.
Resources
Subscribe to Lumifi's Daily Cybersecurity News Curated by a CISO
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.