Exploitation of Vulnerabilities in VPNs and Campaigns Targeting Remote Workers: Protect Your Business With Techcess Cyber Security Solutions

Jun 6, 2019 | Best practices, Alerts, Business, IT Blog, Privacy, Security, Small Business, Technology, Tip of the Week

Organizations and companies of all sizes have started adopting work-from-home practices to ensure business continuity and limit employee exposure to Coronavirus Disease 2019 (COVID-19). While this measure is important for reducing the risk of contracting virus, working from home introduces other risks.

In order to protect against cyberattacks, enterprise-class virtual private networks (VPN) solutions should be used to connect remotely to the network. VPNs secure the connection between a user’s device and the network, allowing them to access and share information securely. VPN usage has increased in almost every single country with significant coronavirus cases. According to Atlas VPN user data,VPN usage by US citizens has already increased by more than 53% in the last 2 weeks.

While VPNs will improve security, many VPN solutions have vulnerabilities that can be exploited by cybercriminals. If those vulnerabilities are exploited, sensitive data can be intercepted, and an attacker could even take control of affected systems. Cybercriminals are actively searching for vulnerabilities in VPNs to exploit, and the increase in remote workers as a result of the coronavirus gives them many more targets to attack.

A campaign was detected in January 2020 targeting the CVE-2019-11510 remote code execution vulnerability in Pulse Secure Connect and Pulse Policy Secure to deliver REvil ransomware. By exploiting the vulnerability, an attacker could potentially gain access to all active users, obtain their credentials in plaintext and execute arbitrary commands on VPN clients as they connect to the server. A patch to correct the vulnerability was released by Pulse Secure on April 24, 2019, yet 9 months later, many organizations are still using vulnerable versions of the VPN.

Government, legal, insurance, banking and healthcare are all great examples of industries that are not prepared for this massive influx of remote workers. Many companies and organizations in these industries are working on legacy systems and are using software that is not patched. Not only does this mean remote work is a security concern, but it makes working a negative, unproductive experience for the employee.

CISA Issues Security Alert

The risks associates with VPNs and the increase in the number of remote workers due to the coronavirus has prompted the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) to issue an alert advising organizations to increase VPN security and adopt cybersecurity best practices to protect against cyberattacks.

“As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity,” an alert published today says.

CISA also highlights the fact that malicious actors might also increase their phishing attacks to steal the user credentials of employees working from home, with orgs that haven’t yet implemented multi-factor authentication (MFA) for remote access being the most exposed. “Organizations may have a limited number of VPN connections, after which point no other employee can telework,” CISA adds.

CISA also published information on how to defend against scammers who use the Coronavirus Disease 2019 (COVID-19) health crisis as bait to push their scams over the Internet.

How can Techcess CyberSecurity Group help?

The Techcess CyberSecurity Group helps Small & Mid-Size Businesses establish effective security controls around sensitive assets and balances the needs to reduce cyber risk while enabling productivity, business growth, and cost-optimization objectives. Located in Houston, Texas, we strive to provide our clients with enterprise-level security services to ward off and eliminate both run-of-the-mill security issues and the most destructive security threats many businesses face. To get started protecting your business’ digital assets, call us today at 1-833-892-9237.

Reference:

https://www.techcesscyber.com/2020/01/alert-on-unpatched-pulse-vpn-servers/

https://atlasvpn.com/blog/vpn-usage-in-italy-rockets-by-112-and-53-in-the-us-amidst-coronavirus-outbreak/

https://www.us-cert.gov/ncas/alerts/aa20-073a

https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/naming-the-coronavirus-disease-(covid-2019)-and-the-virus-that-causes-it

← Previous Next →

Posts by Topic

Alerts (3)
Best practices (10)
Business (15)
Cloud (1)
IT Blog (9)
News (142)
Privacy (11)
Security (21)
Small Business (12)
Technology (18)
Tip of the Week (3)

Mobile? Grab this Article!

Exploitation of Vulnerabilities in VPNs and Campaigns Targeting Remote Workers: Protect Your Business With Techcess Cyber Security Solutions qr1c37a58e8f6ec22f103ff2c4c2c02467 TechCess

CISA warns of Windows and UnRAR flaws exploited in the wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.One of them has spent more than two years as a zero-day bug in the Windows Support...

Contact Us

Learn more about what Techcess CyberSecurity Group can do for your business.

1-833-TXCYBER
1-833-892-9237

Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055

Techcess CyberSecurity Group

6110 Clarkson Lane
Houston, Texas 77055