Given the increase in remote work due to the Coronavirus disease, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging organizations to adopt heightened best practice cybersecurity for enterprise virtual private network (VPN) solutions.
VPNs provide secure remote access to internal networks and are often used to remotely and securely connect to an organization’s network to easily access and electronically share data.
However, a variety of VPN applications have vulnerabilities that could allow a hacker to take control of affected systems. Some patches have been released, but organizations should be sure they’ve updated to the latest system or employed workarounds.
Hackers have been targeting the VPN vulnerabilities in the US and other countries since the initial alert. Those attacks have continued through March, but many organizations have still failed to patch those known vulnerabilities. With the increase in remote work, CISA is also warning organizations that hackers are finding and targeting vulnerable VPN connections with malicious cyberattacks.
Further, as VPNS are likely always in use, it’s not always possible to keep them updated with the latest security updates.
As a result, cybercriminals will likely increase the rate of phishing emails targeting teleworkers to steal credentials. And those organizations that have not implemented multi-factor authentication (MFA) for remote access will be more susceptible to phishing attacks.
In response, organization should:
- Update VPNs, network devices, and other devices being used in the remote environment
- Employees should be made aware of the heightened risk of phishing attacks during the pandemic
- Lean on NIST guidance to ensure your reducing exposure.
- Implement MFA on all VPN connections
- Use strong passwords
Your IT provider should:
- Be prepared for increased need for cybersecurity
- Increased Log review
- Detection and monitoring
- Employ incident response and recovery
- Perform limit testing on VPN to ensure it can handle increased traffic
- Be prepared to look out for suspicious traffic and investigate those incidents.
- Someone dedicated to monitoring alerts and suspicious activity.
Considering many organizations are asking employees to telecommute, hackers will likely prioritize breaking into VPNs. Patching known bugs is step one (and absolutely critical), but it’s not enough. There are unpatchable weaknesses and non-public issues that hackers can exploit. To secure against these unknowns, companies need to look at the fundamentals.