Another day and, unfortunately, another cyberattack accidentally introduced by VPN.
According to a Computer Weekly article, Travelex was hit by Sodinokibi ransomware, which disabled the foreign exchange company’s IT systems on New Year’s Eve. The attack was made possible when the company forgot to patch its Pulse Secure VPN servers.
Sadly, these reports are becoming common as VPNs are now the favorite target of cybercriminals.
When remote access VPNs were first introduced 30 years ago, they were pretty awesome. Remote access from anywhere was a concept that was forward-thinking and game-changing. But VPNs were created during a time when most apps were running in the data center, which could easily be secured with a bunch of network security appliances.
However, the world has changed as internal apps have moved to the cloud. You have to deliver a great experience, which is what users expect, with the knowledge that 98 percent of security attacks stem from the internet.
Remote access VPNs require servers to be exposed to the internet and users to be placed onto the corporate network through static tunnels that drive holes through firewalls. Now the very same technology built to protect businesses has left them vulnerable to modern malware and ransomware attacks.
So how exactly does this happen?
Just this past week, Medium.com published an article describing how Sodinokibi ransomware gets introduced via a VPN. Let’s take a high-level look at the typical process for how malware is introduced to a network through a VPN vulnerability:
Many organizations still feel that remote-access VPNs are necessary. And, in some cases, they may very well be. But, more often, VPNs are opening the network to the internet and, as a result, the business to increased risk.
The negative impacts of VPN have led to a search for an alternative solution. Gartner says that this buzz has created a world where, “By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of zero trust network access (ZTNA).”
If you are considering alternative methods, such as ZTNA, keep these points in mind when positioning it to your executives:
NOTE: Not all ZTNA solutions are the same. Beware of vendors that call themselves “zero trust” but offer solutions that continue to place users on the network and expose business apps to the internet.
If you’re looking to replace your remote access VPN, you might find this page helpful. In the meantime, don’t forget to patch your VPN servers!
Christopher Hines is the Head of Product Marketing for Zscaler Private Access and Z App.