With millions of Australians still working from home, VPNs continue to be an essential element in ensuring organisations remain secure. VPNs allow remote staff to connect to their organisation’s networks, reducing the risks of data compromise.
For many organisations, there is an assumption that once a VPN is in place, it’s ‘job done’. However, this is a mistake. VPNs can be vulnerable to breaches, allowing malicious actors to access corporate data.
Zyxel, a manufacturer of enterprise routers and VPN devices, has issued an alert that attackers are targeting its devices and changing configurations to gain remote access to a network.
The attacks affect organisations using Unified Security Gateway (USG), ZyWALL, the USG FLEX combined firewall and VPN gateway, Advanced Threat Protection (ATP) firewalls, and VPN series devices running its ZLD firmware.
According to the company: The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as”zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the device’s configuration.
Zyxel notes that firewalls may be affected if users experience issues accessing the VPN, or routing, traffic and login issues. Other signs include unknown configuration parameters and