Page 58 - Cyber Defense eMagazine April 2021 Edition
P. 58
irtual private networks (VPNs) are an integral part of many
Vorganizations’ security framework to ensure that private
information remains secure within their networks. Since the
beginning of the pandemic, there has been an increased need for VPNs
to accommodate employees continuing to work from home - in fact,
according to a Top10VPN report, VPN demand was over a third higher
than average during the first months of the pandemic, demonstrating
how essential VPNs and security are to companies.
There are few services that can compete with the capabilities of a VPN,
which provide users with end-to-end encryption of data, anonymized
online activity and traffic, and the ability to
securely connect to networks – especially public networks. VPNs also
allow users to hide their locations, providing a level of privacy so no
one can track where they are going, or coming from, and the content
that is being looked at, which ultimately prevents hackers from spying
and exploiting information from employees. Despite how its services
are advertised, there currently lacks a reliable way to test VPN security
before it hits the market, which has led to a number of vulnerabilities left
unchecked for hackers to take advantage of.
In August 2020, the Federal Bureau of Investigation and
Cybersecurity and Infrastructure Security Agency released a
cybersecurity advisory to bring attention to a vishing campaign that was
executed through misleading VPN logins. Hackers
registered domains and created phishing pages by duplicating a com-
pany’s internal VPN login page - even capturing the
two-factor authentication (2FA) and one-time passwords (OTP) needed
to log in. From there, the cybercriminals posed as
members of an employee’s IT department and convinced the
targeted employee that a new VPN link would be sent that
required their login. Once the employee logged in, the hacker
recorded the credentials and used it in real-time to gain access to cor-
porate tools and company information using the employee’s account.
With the absence of global security standards for VPNs, these types of
attacks are made possible, leaving end-users exposed, even when they
thought they were safe. With more companies looking to use VPNs as
employees continue working from home, how can they ensure that the
VPN is trustworthy and that their private information remains secure?
58 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.