Attackers exploiting VPN vulnerabilities


By Dylan Bushell-Embling
Friday, 11 October, 2019

Attackers exploiting VPN vulnerabilities

Advanced persistent threat actors are exploiting known vulnerabilities in unpatched VPN products from vendors Pulse Secure, Fortinet and Palo Alto, the UK's National Cyber Security Centre (NCSC) has warned.

The ongoing threat is targeting both UK and international organisations in the government, military, academic, business, healthcare and other sectors.

Unpatched servers from the three vendors can be remotely accessed by attackers by exploiting authentication bypass vulnerabilities.

Attackers can use the vulnerabilities to retrieve arbitrary files, including potentially those containing authentication credentials.

These stolen credentials can be used to connect to the VPN, providing them the privileges needed to run further exploits.

The vulnerabilities impact Pulse Secure's Pulse Connect Secure service, Fortinet's Fortigate and Palo Alto's Global Protect SSL VPN, the advisory states.

To mitigate the threat, owners of these products should apply the latest patches from the respective vendors and reset authentication credentials associated with affected VPNs and accounts connecting through them, the NCSC said.

Sysadmins who suspect an exploitation may have occurred should revoke any credentials that were at risk of threat, which could include both administrative and user credentials.

VPN configuration settings should also be checked for unauthorised changes and logs should be reviewed and monitored for unusual network traffic or logins. Two-factor authentication for the VPN should also be enabled where possible.

According to Microsoft, an advanced persistent threat group which appears to be linked to the Chinese Government has been targeting unpatched Pulse Secure and Fortinet products since at least July.

Image credit: ©stock.adobe.com/au/spaxiax

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Govt unveils code of practice to boost IoT security

The Australian Government has released a code of practice for IoT devices like smart televisions...

Career opportunities booming in RPA

UiPath has revealed that the COVID-19 pandemic has increased demand for robotic process...

Magento 1 still in wide use despite reaching end of life

Adobe has issued the final patches for version 1 of the popular e-commerce platform Magento, but...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd