In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access.
Multiple cybersecurity vendors' solutions have been compromised, according to a recent Check Point blog post, prompting them to look into their own gear and whether it's being targeted.
Threats to Remote Access VPNs Remote access VPNs are a bit different than the VPNs most people are used to.
Where regular ones route an individual's Internet traffic through shared servers in order to conceal their Internet activity, remote access VPNs are used to provide specific individuals with secure access to specific networks.
They're useful in providing remote workers access to their employer's internal resources.
Rather than having to, say, exploit a publicly facing server, or a zero-day vulnerability, a hacker could use a remote access VPN for clean, unfettered access to an organization's IT environment.
From there, they could begin establishing persistence, probing for vulnerabilities, and much more.
The easiest way is via insufficiently protected accounts.
In the cases Check Point uncovered, attackers attempted to leverage old VPN accounts that were protected only with a single password, but otherwise up for grabs.
Protecting Remote Access VPNs To protect user accounts, besides monitoring or even disabling them, Check Point recommended that organizations require authentication checks beyond simple passwords.
Jason Soroko, senior vice president of product at Sectigo, echoes the point.
He points to the latest Ivanti VPN balagan as an indication of where VPNs naturally fall short.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 28 May 2024 19:30:28 +0000