VPN has gained widespread attention since 2018. YouTubers promote them as one of the safest tools to use to browse the internet safely and anonymously. But while there are advantages to using a VPN, there are also disadvantages.
According to a Computer Weekly article, Travelex, a foreign exchange company, was recently hit by Sodiokibi ransomware, which ultimately disabled the foreign company's IT systems on New Year's Eve. The attack took place when the company accidentally forgot to cover its Pulse Secure VPN servers.
Unfortunately, it is becoming more of a common issue as VPNs are now a target of cybercriminals.
Outdated protocols lead to cyberattacks.
Back in the day, when remote access VPNs were necessary for a growing digital society, they were fantastic tools. The concept of remote access from anywhere in the world was game-changing. IT teams introduced VPN’s at a time when most apps were running in the on-prem data centre, which was skilfully secured with a few network security appliances.
However, as the digital world is growing faster, more internal apps have switched to the cloud. Remote access VPNs need servers to be exposed to the internet, and users need to be moved onto the corporate network through static tunnels that drive holes through firewalls. Moreover, the same set of technology made to protect businesses and multinational corporations is now susceptible to modern malware and ransomware attacks.
But how does it happen?
It is becoming more of a common trend of systematic cyberattacks that leave VPNs vulnerable. Most recently, Medium.com had published an article about the Sodinokibi ransomware incident and how it was implemented via a VPN. From that article, here are a few points that show the average process for how malware can be introduced to a network through a VPN vulnerability:
- Cybercriminals use a technique where they scan the internet for unpatched VPN servers
- When remote access to the network is archived (this excludes a valid password and username)
- Attacks have the advantage of viewing logs and cached passwords in plain text
- Domain admin access is gained
- Subtle lateral movements take place across the entire network
- Multifactor authentication (MFA) and endpoint security are then disabled
- Ransomware (such as Sodinokibi) gets moved to network systems
- The company is susceptible to ransomware
Negative effects of VPN
Many traditional organisations believe that remote-access VPNs are necessary. In some cases, they may very well be. But, often enough, VPNs are the gateway to opening networks to the internet, and as a result, there is an increased risk to most businesses. And here’s why:
- The patching process is often too slow or neglected - recalling and even allocating time to patch VPN server is painstakingly difficult.
- Placing users on the network - For VPNs to work, networks must be discoverable. Unfortunately, this means that exposure to the internet opens the organisation to cyber attacks.
- Lateral risk at exponential scale - once on a network, malware can grow and spread laterally, and regardless of efforts to perform network segmentation. Furthermore, this can lead to the takedown of other security technologies, for example, MFA and endpoint security.
- The business' reputation - customers, will develop a sense of trust from a company, especially regarding how an organisation manages their customers' data. The ongoing widespread news of ransomware attacks poses a threat to the organisation and has a detrimental impact on the brand’s reputation.
A newer, safer approach
Since there has been an increase in the negative impacts of VPN, it has led to new research in finding an alternative solution. It has also reported that, by the year 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favour of zero-trust network access (ZTNA).
For businesses considering alternative methods, such as ZTNA, it is best to keep these points in mind when positioning it to your executive:
Reduce business risk - using ZTNA allows for access to specific business applications without the need for network access. Besides, there is no infrastructure ever exposed. By using ZTNA, it removes the visibility of services and apps on the internet.
Reduce costs - Aside from the fact that ZTNA can reduce business risk, it can also reduce cost. ZTNA is often depicted as a fully cloud-delivered service. It also means that there are no servers to buy, patch, or manage, and this is not limited to just a VPN server. The entirety of a VPN inbound gateway can now be smaller or wholly removed.
Deliver a better user experience - Given the increased availability of cloud ZTNA services compared to limited VPN inbound appliance gateways, remote users are given a faster and more seamless access experience regardless of application, device and even location.
If you are thinking about replacing your remote access VPN, then check out gend.co/netskope, we’d be happy to provide a full trial and demo to show you how to move from a VPN based service safely.