A VPN is the last place that an enterprise can afford to find a vulnerability. The entire purpose of utilizing an enterprise VPN is to keep business data safe from hackers. When VPNs aren’t as secure as they’re supposed to be, smart hackers find that stealing information isn’t too terribly difficult. According to the NSA, that’s precisely what nation-state hackers have been doing.
What VPNs Are Impacted?
The affected VPNs are products by Fortinet, Pulse Secure, and Palo Alto Networks. A statement released by the NSA reads that “Multiple Nation State Advanced Persistent Threat (APT) actors have weaponized CVE-2019-11510, CVE-2019-11539, and CVE-2018-13379 to gain access to vulnerable VPN devices.” The statement does not specify exactly whom the offending actors are, what country they belong to, or what their intent for compromising and weaponizing these vulnerable VPNs may be. While it is an obvious assumption that these bad actors are looking to collect or tamper with data, it is unknown what their ultimate ends are thought to be.
The specific vulnerabilities allow access to files from a remote location, making it possible for unauthenticated users (hackers) to steal, modify, or delete information from anywhere in the world. For some VPNs, this ability may allow any unaffiliated user to change passwords within the affected network. Two of the vulnerabilities allow for remote code execution that may permit malicious downloads. Such downloads could be anything from phishing schemes to full on ransomware.
What Can Happen to Businesses?
The exploit code for these VPNs has been made available on the free and open internet. In addition to the national security risk posed by actors overseas, anyone at home could easily utilize them to access enterprise VPNs that are subject to these vulnerabilities.
The impacted VPN providers were contacted by the NSA and released patches to eliminate these vulnerabilities, but the story doesn’t stop there. Any enterprises using these VPNs still may be negatively affected by moles placed while the vulnerabilities still existed. Anyone who exploited the vulnerabilities to gain access to an enterprise’s network could have easily created fake user accounts and credentials with inflated permissions, allowing them to maintain access even after the vulnerabilities were repaired.
In order to ascertain that there are no hackers within their network, businesses should conduct a careful audit of every user and change all relevant credentials. Accounts where ownership cannot be definitively confirmed should be immediately deleted.
If malicious entities obtained access to an enterprise’s network, any number of things can happen. Every enterprise that utilized one of the impacted VPNs cannot assume they are safe simply because they’ve patched up. Data may have already been stolen or compromised. Malicious code may have been left behind. A thorough examination is necessary to assure the patched VPNs are truly secure.
Finding a Safe VPN
Proactive enterprises have switched to cloud based VPNs, rather than remote access VPNs, to maintain optimal control over who is permitted to access email and private storage. Zero knowledge VPNs that offer a multitude of secure protocol options, like OpenVPN, ipsec/ikev2, or OpenConnect, give enterprises more control over their privacy.
TorGuard will fit the needs of most enterprises and is not subject to the same vulnerabilities that other enterprise VPN providers have experienced in the past. We offer prepackaged custom business vpn solutions that will suit the needs of most small enterprises and startups, as well as custom plans with dedicated servers for larger or uniquely structured enterprises. We’re dedicated to the safety and security of our enterprise VPN customers, and our team works around the clock to assure every business that utilizes TorGuard is always protected from emerging cybersecurity threats.