Virtual private networks, or VPN’s, are a service which protects your internet connection and privacy online. VPN’s work by creating an encrypted tunnel for your data which mask your IP address by creating a connection between your local computer and a remote server.
Business VPNs enable remote employees to securely access the company’s internal resources, including databases, files and applications over the internet without the need of being on site.
A key feature of business VPNs is they often use advanced authentication protocols such as multi-factor authentication, improved encryption methodologies and access control lists to manage user access. Utilising a business VPN can also play a crucial role in ensuring your company meets regulatory requirements regarding data protection regulations and industry standards.
As businesses increasingly rely on VPNs to connect remote workers and protect sensitive information, it becomes imperative specific best practices are adhered to. It is important for Security Operations Centres, such as that of Aspire’s SOC, continually refine VPN security best practices.
This blog explains some of the essential strategies for you to fortify VPN infrastructure and explores some recent cases where poorly managed VPNs were exploited by threat actors.
Recent VPN attacks
Ransomware group Akira recently took advantage of a vulnerability found with Cisco VPN solutions, exploiting VPNs without multi-factor authentication. It is so far unclear how they gained initial access to the VPN itself, be it via valid credentials by email phishing or purchasing them on the dark web, or whether they are using a zero-day exploit.
Cisco themselves say evidence suggests brute force attacks and password spraying. Regardless of how they obtained the credentials, with the use of correct security best practices and utilising multi-factor authentication, this could have been avoided.