CISA Warns of Exploitation of Vulnerabilities in VPNs and Campaigns Aimed Towards Remote Employees

To avert the spread of the coronavirus, a lot of companies are enabling their employees to do work from home. Although this measure is essential for lowering the risk of being infected with Coronavirus Disease 2019 (COVID-19), working from home brings other problems.

So as to defend against cyberattacks, remote network connection must be used with enterprise-class virtual private networks (VPN) solutions. VPNs protect the connection between the device of a user and the network, permitting the accessing and sharing of healthcare data securely.

Although VPNs will enhance security, a lot of VPN solutions have vulnerabilities that cybercriminals could exploit. In case of exploitation of those vulnerabilities, sensitive information may be intercepted, and an attacker can even assume control of impacted systems. Cybercriminals are looking for vulnerabilities in VPNs to take advantage of, and having more remote employees due to the coronavirus offers them even more victims to attack.

The dangers connected with VPNs and the growing number of remote employees due to the coronavirus has made the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) to give an advisory to companies to boost VPN security and follow cybersecurity controls to defend against cyberattacks.

A number of vulnerabilities were found in common VPN solutions in the past year, which include VPN applications from Palo Alto Networks, Pulse Secure, and FortiGuard. Although there were patches available to deal with the vulnerabilities, a lot of companies didn’t update their software program to the most recent version. The inability to patch does away with the security provided by the VPN.

In January 2020, there’s a campaign detected aimed towards the CVE-2019-11510 vulnerability or remote code execution vulnerability in Pulse Secure Connect and Pulse Policy Secure to deploy REvil ransomware. By taking advantage of the vulnerability, an attacker can possibly access all active users and get their credentials in plaintext and implement arbitrary commands on VPN clients if they hook up to the server. Pulse Secure released a patch to fix the vulnerability on April 24, 2019, however, 9 months afterward, a lot of businesses continue to use vulnerable VPN versions.

Updating VPNs may be hard since they are generally in use 24 hours a day; nevertheless, it is important that updates are employed because of the high possibility that unpatched vulnerabilities can be exploited. CISA is encouraging all businesses to make certain to prioritize VPN patches.

It is additionally essential to be sure that users just could access to systems which are crucial to carrying out their job tasks. Making sure remote workers are given low-level privileges will lessen the problems that could be created in case their credentials are exposed. IT teams have to likewise intensify tracking of their systems and examining access records to determine possible compromises.

CISA has additionally cautioned about the growing incidents of phishing attacks aimed towards remote workers to acquire VPN credentials. Setting up email security solutions are necessary to catch these communications before they’re sent. Multifactor authentication ought to be integrated for remote access to avoid the use of compromised credentials. CISA alerts that businesses that do not implement MFA are going to be at a higher risk from phishing attacks.

IT teams likewise must ensure their systems can handle the higher number of remote personnel. CISA warns that businesses may discover they just have a few VPN connections and if they are all being used certain users won’t be able to access the systems to do telework.

The HHS’ Centers for Medicare and Medicaid Services (CMS) has extended Medicare telehealth benefits to assist in the struggle against the COVID-19 and the HHS’ Office for Civil Rights has declared it is going to use implementation prudence with regards to telehealth. This is going to enable more healthcare employees to work remotely throughout the upcoming weeks. It is consequently necessary that VPN guidelines are adopted.