Malware recently uncovered in Pulse Secure VPNs is an ironic illustration of just how vulnerable these systems are. After the SolarWinds hack and infiltration into Microsoft Exchange’s servers, we may feel a little shock-proof when hearing news stories about breaches.
There is some shared understanding of why cybercriminals target systems on the corporate or government level. Users may feel that their own systems—the virtual private networks used to login for remote work, for instance—are too insignificant to be a target. Unfortunately, that false sense of security now has a clear and present refute.
FireEye Security: Malware and Hacking Groups in Pulse Secure VPN
News broke on May 3, 2021, that a third-party security firm called FireEye had found four major issues present in VPNs set up by tech vendor Pulse Secure. The vulnerabilities included the following:
The last of these is considered to be the most serious and, according to Security Week analysts, could allow unauthenticated, remote code execution attacks that come through licensed server web services. Most experts interpret the attack as being executed by advanced threat actors, and the way in which it is carried out means that users may never see it coming.
Here’s what else has been uncovered:
Threat Groups in the Pulse Secure VPN Attacks
There appear to be two threat groups, the first of which is UNC2630 and has been linked to the Chinese government and tracked as APT5. The second is UNC2717, which is not currently linked to a known entity or threat group. Both of these have targeted defense or government agencies, which is yet another compelling reason that the U.S. government is using resources like the Attila Security telework kit to provide better security for remote workers.
Pulse Secure Advisory
Updated on May 4, 2021, the Pulse Security advisory also details three issues that could expose users to both the aforementioned remote code execution as well as command injection attacks:
The first two of the three identified vulnerabilities are rated critical and have a CVSS score of 9.9 each. CVE-2021-22900 is rated high. Authentication measures may be sufficient to bypass some of the attacks. Pulse Secure spokespeople are strongly recommending that customers apply the supplied update to ensure optimal protection.
Recommended Solution for Pulse Connect Secure Customers
Pulse Secure is categorically recommending that all users update to Pulse Connect Secure 9.1R11.4, which is available now and contains security measures to address these issues.
VPNs: Challenges and Solutions
With more workers than ever still working from home, VPNs are essential to daily work. This means that companies may be reticent to install updates. Downtime represents a productivity loss. However, this breach (among the many others splashed across the headlines) should compel IT departments and business leaders to shore up their best practices.
The reality is that VPNs can be a secure solution that adequately equips a remote workforce. Clearly, not all of these technologies are created equally.
Hardware VPNs vs. Software VPNs
If you haven’t yet considered a hardware VPN instead of a software VPN, you may want to. In many cases, hardware-based VPNs can provide better security, are easier to use, and require less maintenance than their software-based counterparts.
A software-based VPN is achieved by downloading software on each end user device that needs to connect to the network, as well as installing software on the central network to which those devices will need to connect. Software-based VPNs will encrypt data that is transmitted between the end user device and the main network.
Hardware-based VPNs are typically physical devices that connect to an end user device and, when coupled with software installed at the server side within the main network, encrypt communication between the two.
In addition, hardware-based VPNs can typically offer firewall functionality to users as well.
You can learn more about the unique benefits of hardware VPNs, and the specific features they offer, in this in-depth article.
Attila Security GoSilent Cube
Trusted by the U.S. government and businesses around the world, Attila Security provides one of the simplest, safest devices for secure connections. The GoSilent Cube is a hardware VPN that offers plug-and-play functionality within moments, and can be a cost-effective solution to outfit any IP-enabled device. It’s clear that VPNs are an important way to protect data and user information. It’s also clear that a breach can be catastrophic. With Attila Security, you can be confident in top level security: contact us to learn more.
Read the Hardware VPN Buyer's Guide
Which Kind of Hardware VPN is Right for You? Find out!