Cyber attacks targeting vulnerabilities in virtual private networks (VPN) are on the rise, and many organisations are struggling to protect their networks.
The Covid-19 pandemic forced many businesses to suddenly move to higher levels of remote working than before, with many organisations dealing with it for the first time.
While this was necessary to keep businesses operating, the sudden rise in remote working also provided benefits for cyber criminals, who looked to take advantage of it to carry out attacks against public-facing VPN and cloud services in order to breach networks.
Many organisations still aren’t taking the action required to fully protect their networks from these attacks, say researchers.
“Organisations aren’t prepared for these incidents,” Bart Vanautgaerden, senior incident response consultant at Mandiant, told ZDNet. “They’re familiar with compromises on Windows, but with a VPN compromise, they’re not trained or technically prepared to deal with an incident like that”.
In a presentation at Black Hat Europe, Vanautgaerden detailed how VPN vulnerabilities were being exploited by numerous cyber criminal groups.
These include at least eight Advanced Persistent Threat (APT) hacking operations aimed at cyber espionage, as well as various ransomware gangs targeting vulnerabilities in VPNs to launch ransomware attacks.
Cyber attackers can