As the second quarter of 2024 unfolded, cybersecurity threats continue to evolve, particularly targeting network security solutions like Virtual Private Networks (VPNs). Recent months have seen a surge in brute force attacks and the exploitation of vulnerabilities in various VPN services. This roundup provides an overview of the most significant incidents and offers recommendations on how organizations can bolster their security measures.

Recent brute force attacks on VPNs

One of the most notable trends in early 2024 has been the rise in brute force attacks targeting VPN providers. Brute force attacks involve cybercriminals using trial and error to guess passwords, login credentials, and encryption keys. Despite being a basic attack method, it can lead to severe breaches if successful, exposing company accounts, systems, and networks to unauthorized access.

Key incidents

Cisco VPN devices

Cisco Secure Firewall VPN devices have been a prime target since mid-March 2024. Attackers have been leveraging anonymization tools like TOR and various proxies to mask their identities and evade detection. The attacks, originating from these anonymization services, pose a significant threat by potentially leading to unauthorized network access and denial of service conditions.

Other targeted VPN providers

In addition to Cisco, several other VPN providers have reported similar attacks, including:

• Checkpoint VPN

• Fortinet VPN

• SonicWall VPN

• Mikrotik

• Draytek

• RD Web Services

• Ubiquiti

These attacks highlight the growing need for robust security measures and constant vigilance in monitoring network activities.

Recommendations

For organizations using any of the affected VPN services, it is crucial to:

• Enable detailed logging on all connected devices.

• Secure default remote access VPN profiles.

• Encourage employees to update their passwords regularly and use single sign-on (SSO) mechanisms.

• Block connection attempts from known malicious sources, using lists like those published by Cisco.

Exploited vulnerabilities in VPN services

Beyond brute force attacks, several VPN services have reported critical vulnerabilities being exploited by attackers. These vulnerabilities often stem from outdated software, misconfigurations, or inherent flaws in the VPN architecture.

Fortinet SSL-VPN devices

In early 2024, Fortinet disclosed several critical remote code execution vulnerabilities (CVE-2024-21762 and CVE-2024-23313) in their FortiOS. Despite the release of patches, many devices remained unpatched, leaving them vulnerable. By April, over 3,000 Fortinet SSL-VPN devices were reported compromised, with administrative access being sold by hackers.

Palo Alto networks vulnerability

In April, Palo Alto Networks disclosed a critical command injection vulnerability (CVE-2024-3400) in their GlobalProtect feature of PAN-OS. This vulnerability allowed unauthenticated remote shell command execution, posing a significant risk to affected systems. Despite a rapid patch release, thousands of devices remained exposed to potential attacks.

Security recommendations

To mitigate these risks, organizations should:

• Apply all available patches and updates promptly.

• Increase monitoring for unusual network activities.

• Implement multi-factor authentication (MFA) for all user accounts.

• Regularly update login credentials and enforce strong password policies

General security measures

In light of these ongoing threats, it is essential for organizations to adopt comprehensive security measures to protect their networks and data. Here are some best practices to enhance overall security:

Zero Trust architecture

Implementing a Zero Trust architecture can significantly reduce the risk of unauthorized access. This approach assumes that threats could exist both outside and inside the network, requiring strict verification for every access request. Zero Trust principles include:

• Continuous monitoring and validation of user and device identities.

• Least privilege access, ensuring users have only the access they need.

• Micro-segmentation, dividing the network into smaller, isolated segments to limit the spread of potential breaches.

Intrusion detection and prevention systems (IDS/IPS)

Deploying IDS and IPS solutions can help detect and prevent malicious activities. These systems monitor network traffic for suspicious patterns and automatically take action to block potential threats. Regularly updating these systems ensures they can recognize and respond to the latest attack vectors.

Regular security audits and penetration testing

Conducting regular security audits and penetration testing can identify vulnerabilities before attackers exploit them. These assessments provide valuable insights into the effectiveness of existing security measures and highlight areas needing improvement.

Employee training and awareness

Human error remains a significant factor in many security breaches. Regular training and awareness programs can help employees recognize phishing attempts, understand the importance of strong passwords, and follow best practices for data protection.

Network segmentation

Segmenting the network into smaller, isolated sections can contain potential breaches and limit the movement of attackers within the network. Each segment can have its own security controls, reducing the risk of widespread damage.

Incident response planning

Having a well-defined incident response plan is crucial for quickly addressing security incidents. This plan should outline the steps to take in the event of a breach, including communication protocols, containment strategies, and recovery procedures. Regularly testing and updating the plan ensures it remains effective.

Why NVIS AI's ZTNA is a better alternative

Given the increasing sophistication of cyber threats, traditional VPNs may no longer provide adequate security. NVIS AI's Zero Trust Network Access (ZTNA) solution offers a more robust and secure alternative for remote access.

Eliminating the public attack surface

One of the key advantages of NVIS AI's ZTNA solution is that it eliminates the public attack surface entirely. By not exposing any public IP addresses, NVIS AI makes it virtually impossible for attackers to block, sniff, or trace network traffic. This significantly enhances security by preventing potential breaches before they can occur.

Superior performance and speed

NVIS AI's ZTNA solution connects network resources directly, peer-to-peer, which reduces latency and improves performance. This ensures that remote users experience speeds similar to or better than being on-premises, enhancing productivity without compromising security.

Easy management with AI provisioning

Managing complex network configurations can be challenging, especially for organizations without dedicated IT staff. NVIS AI simplifies this process with AI Provisioning, allowing even non-technical users to set up and manage secure connections within minutes. This ease of use reduces the burden on IT teams and ensures consistent security across the organization.

Universal connectivity

NVIS AI's solution is compatible with any network resource, including Operational Technology (OT) and Internet of Things (IoT) devices. It remains unaffected by VPN blockers, ensuring uninterrupted access to critical systems and data. This universal connectivity makes NVIS AI a versatile solution for diverse networking environments.

Conclusion

As cyber threats continue to evolve, relying solely on traditional VPNs for remote access can leave organizations vulnerable to attacks. The recent surge in brute force attacks and exploited vulnerabilities highlights the need for more robust security measures. Implementing best practices like Zero Trust architecture, IDS/IPS solutions, regular audits, and employee training can significantly enhance network security.

However, for organizations seeking a more comprehensive and secure solution, NVIS AI's ZTNA technology offers a superior alternative. By eliminating the public attack surface, providing superior performance, simplifying management, and ensuring universal connectivity, NVIS AI helps organizations stay ahead of emerging threats and maintain robust security in an increasingly digital world.

To learn more, schedule a demo or contact our team of experts today.