State-backed hackers have been constantly exploiting vulnerabilities in VPNs to breach critical cyberinfrastructure in the United States, agencies have warned.
The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have published guidelines to secure virtual private networks (VPNs).
The guidelines came after the departments noticed a rise in government-backed hackers exploiting vulnerabilities in VPN devices. The agencies stated that the guidelines would help protect the national security systems, the Defense Department, and defense contractors against ATP (advanced threat protection) groups, which refers to state-sponsored hackers.
The NSA specifically has been focusing on Chinese-government-backed hacker groups.
The Dangers of Vulnerable VPN Devices
Research by the departments reveals that ATP groups are always hunting for VPN vulnerabilities mainly because VPN servers serve as entry points into protected networks, which makes them attractive targets.
APT actors have and will exploit VPNs,” NSA’s director of cybersecurity, Rob Joyce, tweeted.
The agencies noted that multiple state-sponsored actors had exploited flaws in VPN products in the past few years. This is a dangerous trend as vulnerable VPN devices can allow attackers to steal credentials, overhear or weaken encrypted communications, access sensitive data, and remotely execute arbitrary code on devices.
Moreover, the attackers can expand access through VPN, which may result in large-scale compromise of the corporate network. They can easily identify the infrastructure of separate services too.
How to Mitigate the Threat?
According to NSA and CISA’s guidelines [PDF], it is important to opt for a standards-based (IKE/IPSec) VPN made by reputed firms, which have a reliable track record for patching flaws quickly and using robust security and authentication methods.
Furthermore, organizations should make the equipment secure by ensuring “strong, approved cryptographic protocols, algorithms, and authentication credentials.” To further reduce attack probability, it is important to apply patches promptly, limit external access by protocol and port, and stick to running essential features.
Lastly, organizations must monitor access to-and-from VPNs using web application firewalls, intrusion prevention, network segmentation, and local/remote logging.