NSA, CISA Release Guidelines to Secure VPNs

State-backed have been constantly exploiting vulnerabilities in VPNs to critical cyberinfrastructure in the United States, agencies have warned.

The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency () have published guidelines to secure virtual private networks (VPNs).

The guidelines came after the departments noticed a rise in government-backed hackers exploiting vulnerabilities in VPN devices. The agencies stated that the guidelines would help protect the national security systems, the Department, and defense against ATP (advanced threat protection) groups, which refers to state- hackers.

The NSA specifically has been focusing on Chinese-government-backed hacker groups.

The Dangers of Vulnerable VPN Devices

Research by the departments reveals that ATP groups are always hunting for VPN vulnerabilities mainly because VPN servers serve as entry points into protected networks, which makes them attractive targets.

APT actors have and will exploit VPNs,” NSA’s director of cybersecurity, Rob Joyce, tweeted.

The agencies noted that multiple state-sponsored actors had exploited flaws in VPN products in the past few years. This is a dangerous trend as vulnerable VPN devices can allow attackers to steal credentials, overhear or weaken encrypted communications, access sensitive data, and remotely

Read More: https://www.hackread.com/nsa-cisa-secure-vpns-guidelines/