CISA Alerts of Exploitation of Vulnerabilities in VPNs and Campaigns Directed at Remote Personnel

To avoid the propagation of the coronavirus, plenty of businesses are allowing their employees to work from home. Though this measure is crucial for lessening the risk of getting Coronavirus Disease 2019 (COVID-19), working from home presents other threats.

To safeguard against cyberattacks, remote network connection should be used along with enterprise-class virtual private networks (VPN) solutions. VPNs safeguard the interconnection between the gadget of a user and the internet, enabling the acquisition and sharing of medical information safely.

Though VPNs will boost security, a number of VPN solutions have flaws that hackers could take advantage of. In the event of exploitation of those flaws, sensitive data could be compromised, and an attacker may even take command of compromised systems. Cybercriminals are locating vulnerabilities in VPNs to manipulate, and having even more remote personnel by using the coronavirus grants them a lot more targets to attack.

The problems linked with VPNs and the rising number of remote workers because of the coronavirus has caused the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) to release a directive to organizations to improve VPN security and undertake cybersecurity measures to fight against cyberattacks.

Many vulnerabilities were identified in widely used VPN solutions in the last 12 months, such as VPN applications from Pulse Secure, Palo Alto Networks, and FortiGuard. Though there were patches released to take care of the vulnerabilities, lots of businesses did not update their software system to the newest version. Not patching cancels the protection offered by the VPN.

In January 2020, there’s a campaign discovered directed at the CVE-2019-11510 vulnerability (remote code execution vulnerability) present in Pulse Policy Secure and Pulse Secure Connect to download the REvil ransomware. By exploiting the vulnerability, a hacker can most likely view all active users and acquire their credentials in plaintext and make arbitrary commands on VPN clients when they link to the server. Pulse Secure made available a patch to resolve the vulnerability on April 24, 2019, but 9 months after, a number of companies continue to utilize vulnerable versions of the VPN.

Updating VPNs could be troublesome considering that they are usually in use the whole day; nonetheless, it is necessary that updates are carried out considering the high probability that unpatched vulnerabilities will be exploited. CISA is pushing all companies to make sure to prioritize VPN patches.

It is furthermore crucial to make certain that users solely get access to systems that are vital to execute their job responsibilities. Making sure remote workers get low-level privileges will lower the damage that may be brought about when their credentials are breached. IT teams ought to equally increase checking of their systems and going over access logs to track down likely compromises.

CISA has furthermore informed about the rising occurrences of phishing attacks directed at remote workers to get VPN credentials. Having email security solutions are needed to hold these emails before they are transmitted. Multifactor authentication must be used for remote access to avert the use of stolen credentials. CISA advises that companies that are unable to use MFA are going to be at an increased risk of phishing attacks.

IT teams, in addition, should make certain their systems could take care of the greater number of remote employees. CISA warns that companies may uncover they merely have a small number of VPN connections, and whenever they are all used a number of users can’t access the systems to perform telework.

The HHS’ Centers for Medicare and Medicaid Services (CMS) has broadened Medicare telehealth benefits to aid in the combat against the COVID-19 and the HHS’ Office for Civil Rights has proclaimed it is going to exercise enforcement foresight in relation to telehealth. This is going to permit more healthcare staff to work remotely during the upcoming weeks. It is hence crucial that VPN recommendations are used.