A rise of troubling attacks directed at VPNs
It’s not uncommon to rely on a VPN for personal or professional use. Virtual private networks have long seen utilization as a way to encrypt connections, segregate networks, and ultimately mitigate the harm caused by potential hackers. But no software or tool in cybersecurity is perfect. Without adequate updates and adjustments, they risk serious vulnerabilities.
VPNs are no different. While they’ve surged in proliferation over the past years, an increased effort towards VPN based attacks has risen. Mostly, this is due to the COVID-19 pandemic and a growing reliance on security platforms and tools.
Thus, various attacks have surfaced, such as the Colonial Pipeline strike, highlighting a growing effort to circumvent VPN and VPN-based connections.
How are the attacks occurring?
The increased attacks don’t target the actual VPN connection process. Instead, hackers and malicious parties are hunting down software vulnerabilities and exploits not yet patched in their respective VPN software.
For instance, Nuspire, a cybersecurity firm, analyzed statistics and reports related to VPN-based breaches and attacks. From the collected data, they discovered a gigantic increase in cybersecurity attacks directed at VPNs.
More specifically, a harrowing 1,916% attack increase was found against Fortinet’s VPN based software. This occurred in the beginning quarter of 2021, exploiting an unpatched vulnerability CVE-2018-13379. Other VPN services were also the target of exponentially higher attacks. Nuspire learned that Pulse Connect, a different VPN provider, observed a 1,527% spike in malicious activity. LIke the attacks directed towards Fortinet, the attackers attempted to take advantage of an unpatched exploit.
The flaws were fixed when discovered, but the numbers demonstrated (and still do) a concentrated effort to increase attack attempts towards VPN based software.
Why go after a VPN?
As is routine with malicious third parties, their goals are often rooted in the discovery and theft of data.
Normally, a VPN provides enough difficulty and obfuscation, encrypting files/connections to protecta the transmission of data. Hackers seek out easy, vulnerable targets (or prefer the path of least resistance), which is why VPNs are standard in quality security models. But when exploits still exist within a VPN provider’s application, they can bypass the normally formidable defense.
However, despite these defense measures, Nuspire’s statistics demonstrate a rapid effort from hackers to enhance their attack efforts. This is a “natural” occurrence of the COVID-19 pandemic, where malicious entities exploited the pandemic to launch malware campaigns.
What it demonstrates is that despite being used as a default security measure, VPNs are under greater strain and just as vulnerable to exploits. This does not mean they are no longer viable security measures, but it does mean cybersecurity staff should pay attention to their overall VPN health. Do bugs and exploits still exist? Is the VPN routinely updated? Has there been a notable effort to bypass security features?
Protecting your enterprise network is important. If you still need help, consider using an MSP. Contact Bytagig for more information.