With most companies forced to transition to remote work, even employees far removed from IT are now actively relying on VPN gateways to secure interactions with co-workers, partners, and clients. That kind of change was hardly going to evade the notice of cybercriminals, who have responded by increasing the pace of their searches for exploitable vulnerabilities in network devices and software.
The US Cybersecurity and Infrastructure Security Agency (CISA) has documented a number of attacks through vulnerabilities in VPN gateways. Several government organizations and private companies were attacked through two known vulnerabilities: one (known as Zerologon) in Windows and one in a popular VPN server. The VPN server exploit came first, and it enabled the cybercriminals to move laterally across the network, hacking into computers using the Windows bug. Although neither vulnerability is new and patches exist for both, advanced persistent threat (APT) groups are still finding targets to attack through them.
Infosec analysts have discovered vulnerabilities in several vendors’ VPN servers, and similar (and relatively recent) weaknesses have also been found in mobile device management (MDM) solutions, proxy servers, and other network appliances and services.
The trend is likely to continue in 2021. Even after the pandemic’s grip eases, many businesses will retain remote modes of operation, and they will continue to use VPNs to protect employee connectivity to the corporate network. And that means VPN technology will continue to attract cybercriminals’ attention.
Cybersecurity departments must be prepared to meet such challenges, and to keep the protection of gateways and other network hardware and software front-of-mind. Kaspersky experts list several measures to help reduce an attack’s likelihood of success. These include regularly updating the software of network devices and monitoring known vulnerabilities in VPN gateways and other communications equipment. Also important is limiting VPN access to a list of trusted devices based on hardware verification or security certificates. In general, we recommend adopting a zero-trust approach to employee authorization and granting users only those permissions they need to perform their jobs.
Explore Kaspersky Security Solutions for Enterprise to predict, prevent, detect and respond to cyberattacks.