© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Cybercriminals are after VPNs – don't make it easy for them

Threat actors increasingly target virtual private network (VPN) providers to break into organizations.

This August, tech giant Cisco released patches to mitigate vulnerabilities, some of which would allow remote code execution (RCE) attacks or cause a denial of service (DoS) in VPN routers.

Since the shift to remote and hybrid work, there’s been an increase in attacks against VPNs, a new study by Cybersecurity Insiders and ZScaler said. By exploiting a VPN, threat actors could launch ransomware, phishing attacks, or DoS. There are almost 500 publicly known VPN vulnerabilities that cybercriminals could exploit to exfiltrate sensitive business data.

While VPNs can give CEOs peace of mind, if not chosen carefully, they could also risk user and corporate data. For example, the Cybernews team found around 18GB of connection logs generated by the free BeanVPN apps accessible to the public.

Another research revealed an open database containing a staggering 5.7 billion entries generated by a Chinese VPN.

VPN Risk Report is based on a survey of 351 cybersecurity professionals who claim that remote access solutions are not without a challenge. They cite VPNs requiring employee and third-party access to the corporate network, high cost of security appliances and infrastructure, and lack of visibility into user activity.

“Breaches show that it only takes one infected device or stolen credential to put an entire network at risk, which is why cybercriminals are targeting users by accessing through a VPN,” the report reads.

Forty-four percent of cybersecurity professionals have witnessed an increase in exploits targeting their business’s VPN since the shift to remote and hybrid work.

To secure their perimeter, organizations grant access to VPN services to their employees. However, there’s a growing trend to provide secure access to customers, contractors, and partners.

This hints that organizations are increasingly aware of third-party risks and supply chain attacks. A recent Uber breach, where the company said its contractor accidentally opened a backdoor to internal systems, should be a wake-up call.

Cybernews recently ran a story of how a longtime warehouse employee jeopardized his company following a successful and sophisticated attack on a vendor.

“Larger organizations with more than 2,000 employees are more likely to extend secure access to customers, partners, and contractors,” the report reads.

Big organizations are also more likely to have an international footprint.

“In America, 57% have remote workers accessing from Asia, and 54% from Europe. With users distributed across the globe, supporting secure remote work can become a greater challenge, as different regions have varying security standards, availability, compliance policies, etc.” the report reads.

It also said that with the increase of remote workers, zero adoption has rapidly gained traction, and 80% of surveyed organizations are planning or implementing a zero-trust model.

In case you are on the lookout for the best business VPN for both small businesses and big enterprises, Cybernews listed the VPN solutions that include business-specific features, helping to improve work and collaboration.

More from Cybernews:

UK arrests teen-hacker days after Uber and Rockstar Games breaches

21 hackers made over $1m on HackerOne

Apple gets rid of passwords: what could go wrong?

Why you pay more when brands suffer a data breach

30m personal accounts hacked by pro-Kremlin cybercriminals

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked