The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued guidelines to improve the security of virtual private network (VPN) solutions.<\/p>\n\n\n\n
Both agencies co-authored the document to help organizations improve their defenses against attacks by nation-state cybercriminals who exploited bugs in VPN systems to “steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device.”<\/p>\n\n\n\n
Organizations should also purchase products from reputable vendors who already have experience in fixing known vulnerabilities quickly.<\/p>\n\n\n\n
Both agencies recommend reducing the server’s attack surface by:<\/p>\n\n\n
The guidelines come after financially motivated and state-supported cybercriminals have recently focused on exploiting VPN vulnerabilities to achieve their goal.<\/p>\n\n\n\n
The attack vector has attracted government-backed hackers who leveraged vulnerabilities in VPN devices to enter networks of government organizations and defense companies in many nations.<\/p>\n\n\n\n
Ransomware gangs have also shown a massive interest in this type of network access vector. At least seven operations have exploited bugs in VPN solutions from Fortinet, Ivanti Pulse and SonicWall.<\/p>\n\n\n\n
Cring, Ragnar Locker, Black Kingdom, HelloKitty, LockBit, REvil or Conti ransomware operations have exploited the systems of many companies by exploiting VPN security issues.<\/p>\n\n\n