adacom loader
Please Wait
News

Red Alert for VPN

Red Alert for VPN main image

Recently, we have investigated a large number of ransomware cyberattacks through the VPN service. The methodology of the cyberattack is as follows:

  • Attack on the Firewall that provides SSL VPN functionality to obtain VPN credentials
  • Unauthorized access via VPN using stolen credentials
  • Lateral movements of the hacker within the organization's network
  • Identification and exploitation of a vulnerability to become a domain admin
  • Installation of malicious tools
  • Data exfiltration and system encryption
     

For protection against cyberattacks via the VPN service, we recommend the following protection mechanisms:

  • Install the latest security patches on security gateways (firewalls) that provide VPN services
  • Provide the VPN service only to users who are operationally required
  • Grant VPN access to partners only through a Privilege Access Management solution
  • Implement user authentication through a 2FA solution
  • Enable passwordless authentication for the 2FA solution
  • Enable Risk-Based Authentication for the 2FA solution to detect known cyberattack patterns and high-risk deviations
  • Provide VPN access only to authorized devices issued by the organization


Harden remote devices used to access the VPN. Indicative measures include:

  • Install an endpoint protection solution
  • Install an Endpoint Detection and Response (EDR) solution
  • Enable Personal Firewall
  • Manage the device through a Mobile Device Management (MDM) solution
  • Install all the latest security patches
     

If you are informed of or detect any cyberattack, do not hesitate to contact our response team at +30 210-5193760 for Greece and +357 22 444 071 for Cyprus or email cert@adacom.com.