Credential stuffing Attacks on VPN: Serious Risk for Enterprise
Atharva Chincholkar September 4, 2020 Credential Stealing
Virtual Private Networks (VPNs) systems are widely used by enterprises to provide secure remote access to their employees. VPN allows for easy access to the infrastructure, but it also opens up the corporate network to the internet.
All VPNs use password based authentication which are susceptible to various types of attacks. Many enterprises use 2FA to mitigate such risks. However, attackers can steal the keys and even 2FA may not be enough. Once the attackers are on the network, they have an unrestricted liberty of action or decision : MITM attacks, Credential stuffing, and other attacks become viable.
In the recent times of pandemic, where work-from-home is the new normal, VPN hacks have become a headache for many companies’ security teams with severe consequences if they are successful.
Virtual private networks, No Longer Private
The point of a Virtual Private Network is to enjoy the encryption and security of local networks while not being at remote location, through a en encrypted tunnel, keeping intruders out. The point of VPNs becomes moot if the people you want to hide your data & resources from can actually access them by being in the tunnel with you.
Close to a thousand VPN servers were compromised and the credentials of users and admin accounts stolen by attackers. This allows anyone to login to these networks until these credentials are revoked.
While all the limelight is being captured by ransomware attacks these days, VPN hacks have been hitting headlines for a decade now. Data was stolen from Lockheed Martin in 2011, after the attackers gained network access through their VPN, using leaked SecureID tokens from RSA is one of many stories, we haven't learnt much from.
Another bone chilling story; The attack on Ukraine’s Ivano-Frankivsk region was carried out by getting on the VPN network electrical infrastructure by using stolen credentials. This left half of the region without electricity for several hours.
|Affected Entity||Root Cause||Impact|
|Avast Antivirus||Stolen credentials||Adversaries modified the CCleaner distributed by Avast .|
|Lockheed Martin||CVE-2011-0609||Critical data related to the defence contracts leaked.|
|Pulse Secure||CVE-2019-11510||1000 enterprises are at risk of ransomware attacks.|
|Ukraine Power grid||Malware||Power grid taken offline leading to no electricity for thousands.|
Secure Authentication for VPNs
Learning from the above incidents; stolen credentials are a serious risk even for VPN and 2FA are not helping. Its also evident, in case a CVE is out there for your VPN, you should not avoid the patch but you can avoid passwords with much more ease and convenience. Going passwordless is a very effective way to provide secure & resilient authentication to VPNs.
Check out how Ajit accesses our Palo Alto GlobalProtect without passwords.
Our PureAUTH passwordless authentication platform integrates with all leading VPN solutions including Pulse Secure, Fortinet & Cisco AnyConnect. To know more you can get in touch with our team.