According to recent news articles, a large Israeli company Shirbit insurance is being extorted by a group of hackers called the Black Shadow. The hackers are demanding the insurance company pay them more than a million dollars of ransom money in Bitcoin, or they’ll release sensitive corporate data publicly in stages until their demands are met.
According to Clear Sky, Shirbit didn’t update the VPN in time: “All Shirbit needed to do was to download and install a patch for the Pulse VPN’s security hole.”
Additional sources point to the Pulse VPN exploit as a substantial cause of the Shirbit insurance company breach.
A successful VPN ransomware cyber-attack can be devastating, both to the targeted company’s finances and reputation as well as to the public whose personal data is exposed. In the Shirbit attack, the hackers’ identification and motivation are still being investigated.
Using Virtual Private Networks (VPN)
Enterprises deploy an assortment of security technologies and implement policies to safeguard their valuable data. One software tool often used for employee secure remote access is the corporate VPN. VPN technology extends a private network across a public network, enabling users to send and receive data as if their computing devices were directly connected to their company’s private, inner network.
VPN Security Vulnerabilities
A serious problem can arise when corporate VPNs are used as the main remote access solution. Instead of acting as a security control, a VPN gateway becomes a threat surface for hackers. Hackers desiring to breach a company’s network often attack the company’s VPN gateway. If the exploitation is successful, a breach can enable malicious access to a broad range of protected servers, data, and accounts.
The US National Security Agency (NSA) often issues warning that VPNs can be vulnerable to attacks if not properly secured. The alerts are compounded by the COVID-19 pandemic surge with an increasing number of remote ‘work from home’ (WFH) employees adapting to COVID-related office closures and other disruptions.
The latest exposed VPN Common Vulnerabilities and Exposures (CVEs):
What Are Zero-Day Attacks
Zero-day exploits are a particularly dangerous form of attack because the hacker strikes a vulnerability unknown to the software developer or vendor. The ‘Zero’ refers to the number of days the software developer or vendor have been aware of the vulnerability, i.e., zero days. Hackers can exploit a zero-day vulnerability before it is known or patched.
From Zero-Day to Day One – to CVE and Patch
Following a zero-day breach, the vulnerability becomes a ‘One-Day’ vulnerability. Then usually, a CVE is published, and eventually, a security patch is developed and becomes available to users by the relevant vendor. The users need to deploy the patch to prevent hackers from exploiting the vulnerability that is now publicly known – in many aspects, this is even a riskier time than when the vulnerability was only ‘Zero Day’.
There are at least three key factors that make VPN patching difficult for an enterprise:
- Application compatibility (time investment)
- Patch testing and rollback (testing investment)
- Change control (organization downtime)
Patching Is Time, Cost, and Effort Well Spent
Studies continue to recommend that companies must not risk compromising access to back-end services and data by using tools that do not meet established security policies and that do not implement Zero Trust Network Access (ZTNA) principles.
However, IT personnel should not have to chase after a continuous flow of new patches for each new vulnerability. What’s needed is a modern solution that does not rely solely on patches and still addresses each important and crucial layer in your organization’s IT environment.
Safe-T’s ZoneZero® Solution
Safe-T ZoneZero® revolutionizes secure access by providing Zero Trust Network Access (ZTNA) features to enhance your organization’s current infrastructure, with or without VPNs. The ZoneZero® Perimeter Access Orchestration platform provides the central management of all secure access technologies.
Safe-T ZoneZero® integrates seamlessly with your company’s existing VPN and firewall infrastructure for the purpose of adding hardened security features. ZoneZero® is designed to prevent or mitigate unwanted intrusions by utilizing a patented software component implemented together with, and enhancing, your company’s existing IT infrastructure.
A main result of a ZTNA architected network is improved and continuous user authentication. IdM and MFA vendors supply a variety of authentication controls, however, ZoneZero® is unique in offering the ability to add MFA to legacy VPNs and other backend non-web services which usually do not support orchestrated MFA. Such as SMB, RDP, VMWare vSphere, SSH, SFTP, VDI, etc.
ZoneZero® VPN adds an additional layer of verification and control. Once a VPN connection is established it exposes only services the user/device currently needs that meet the criteria to enable the user to connect.
Info: Compare this with a typical VPN solution that extends the full, broad network to the VPN connection endpoint.
Orchestrate Perimeter Rule Based Access end-to-end ANY-Service, Context, Identity with Safe-T ZoneZero® Features. A solution that provides your organization secure remote and local access to corporate services while integrating seamlessly across all legacy infrastructure, authentication, and hosting services.
With Safe-T ZoneZero® solution – You can prevent the attack!
The Solution – ‘Safe-T ZoneZero®’
ZoneZero® solution supports any client-based VPN solution.
ZoneZero® solution supports any client-less based VPN solution.
ZoneZero® solution allows the addition of 2FA/MFA to any VPN solution used.
Deploy ZoneZero® solution as a single appliance, a highly available appliance or as distributed highly available appliances.
ZoneZero® solution allows integration with any IDP, MFA, and/or VPN.
ZoneZero® solution provides continuous authentication by adding 2nd stage MFA for any backed services.
ZoneZero® solution eliminates identity takeover fraud while delivering a seamless user experience.
ZoneZero® solution separates the authentication layer from the access layer.
ZoneZero® solution isolates VPN server – reduces vulnerabilities scope.
ZoneZero® solution delivers an authentication gateway and Application gateway for internal resources.