Virtual Private Networks (VPNs) have long been an essential part in the operation of modern businesses. They have recently become even more popular as companies use them to grant remote workers access to their private networks.
However, VPNs have also been subject to many cyber threats, and attackers are continually finding new and sophisticated ways to do damage. The attacks have been even more frequent in recent times, leading many to believe that hackers are trying to capitalize on the increase in remote work caused by the pandemic.
If your business is going remote, make sure you equip it with the proper protection. In Response to the Current Cybersecurity Threats, LIFARS is Offering New and Innovative Remote Cyber Defense Solutions: The Daily TRUTH, Short-Term Incident Response Retainer, Remote Worker Cyber Resilience.
However, according to Bart Vanautgaerden, a senior cybersecurity professional with Mandiant, “VPN devices are an attractive target for attackers because of their place in the network itself — the leverage point, the foothold it provides them into remote networks, and not because of the pandemic.” Furthermore, Vanautgaerden and his team found that there was only a marginal increase in cyber-attacks on VPN networks since the pandemic started.
With that said, after a recent attack on Pulse Secure VPN networks, it is clear that the attacks have become more sophisticated. Mandiant researchers who took on the case had a hard time determining how the attackers were able to get ahold of the victim’s network.
After doing their investigation, they found that hackers could infiltrate the network through Pulse Secure VPNs by exploiting the otherwise secure VPN’s zero-day vulnerability.
The attack was far more sophisticated than the researchers were used to, as the hackers were careful not to leave any traces of their activity behind.
For example, they used IP addresses from locations where regular VPN users would typically connect from, leaving the research team without a trace.
Additionally, they used anti-forensic techniques such as wiping logs and files that attackers usually leave behind. They made sure to blend in the environment and unsuspectingly obtain valuable information from their victims.
Vanautgaerden concluded that their objective was to steal data. “Looking into the victims, the victim organizations that had these VPN devices, the data that they were gathering linked back to state-sponsored groups that we’ve been following for quite a while,” he adds.
After the initial investigation and report of their findings, Mandiant was approached by various other organizations following the developments. Together, they discovered that both US and European VPNs were being targeted.
Based on the differences in the clusters of activity and the malware used, they concluded that different groups were involved in the US compared to Europe. Still, they could not confirm whether the groups worked as a team and exchanged information or acted individually.