19 Jul 2024
News
Recently, we have investigated a large number of ransomware cyberattacks through the VPN service. The methodology of the cyberattack is as follows:
- Attack on the Firewall that provides SSL VPN functionality to obtain VPN credentials
- Unauthorized access via VPN using stolen credentials
- Lateral movements of the hacker within the organization's network
- Identification and exploitation of a vulnerability to become a domain admin
- Installation of malicious tools
- Data exfiltration and system encryption
For protection against cyberattacks via the VPN service, we recommend the following protection mechanisms:
- Install the latest security patches on security gateways (firewalls) that provide VPN services
- Provide the VPN service only to users who are operationally required
- Grant VPN access to partners only through a Privilege Access Management solution
- Implement user authentication through a 2FA solution
- Enable passwordless authentication for the 2FA solution
- Enable Risk-Based Authentication for the 2FA solution to detect known cyberattack patterns and high-risk deviations
- Provide VPN access only to authorized devices issued by the organization
Harden remote devices used to access the VPN. Indicative measures include:
- Install an endpoint protection solution
- Install an Endpoint Detection and Response (EDR) solution
- Enable Personal Firewall
- Manage the device through a Mobile Device Management (MDM) solution
- Install all the latest security patches
If you are informed of or detect any cyberattack, do not hesitate to contact our response team at +30 210-5193760 for Greece and +357 22 444 071 for Cyprus or email cert@adacom.com.