Despite often being considered a ‘dinosaur’ technology, the Coronavirus pandemic gave Virtual private network software or (VPNs) a new lease of life as IT teams scrambled to protect their newly remote employees. At the start of the pandemic we wrote about the VPN Fallacy, and the risks that organizations who relied on this technology would face as VPNs became a new attack vector.
In the spring of 2020 we predicted that the global pandemic and the sudden onset of remote working would create the perfect storm for cybercriminals. With companies suddenly closing their doors and rushing to implement new work from home protocols, they had little choice but to hope that their existing cybersecurity tools would be enough to protect their IT systems during the challenging months that lay ahead.
VPNs do not equal cybersecurity
Looking back over the past 12 months, we can conclude that antiquated technologies such as VPNs, firewalls and antivirus were not enough to prevent modern cyberattacks, evident with some of the largest organizations being targeted in recent months. In this blog we’ll look at a recent example of how a cybercriminal gang used an old VPN to breach a company’s network and hold them to ransom.
VPNs as attack vectors
In November 2020, Capcom, a Japanese video game developer and publisher suffered an attack at the hands of the RagnarLocker cybercriminal gang. Hackers managed to take over the network, exfiltrate sensitive data and encrypt the devices which forced the company to shut down some of its IT systems. Capcom recently revealed further details about the attack following an investigation. They concluded that the attack occurred when hackers exploited an old VPN used by staff in the company’s North American office. VPNs had been used as an emergency precaution due to pressures caused by the Coronavirus pandemic. Fortunately for Capcom, only the North American offices were using this particular VPN which has since been removed the network.
Unfortunately, this hasn’t been an isolated incident. Security researchers recently detailed how hackers were exploiting VPN servers to encrypt networks with a new form of ransomware known as Cring – a ransomware variant that targets vulnerable Fortinet Fortigate VPNs. The article references an unnamed European industrial facility who fell victim to this type of attack. Microsoft also issued warnings to healthcare facilities telling them to urgently patch weaknesses in their VPN structure as the REvil ransomware gang was actively exploiting these vulnerabilities leaving them prone to breaches. In another recent report, security researchers found that Chinese hackers had been exploiting newly discovered vulnerabilities in Pulse Secure VPNs. This particular VPN is widely used and hackers have reportedly used it to break into government agencies, defense companies and financial institutions in the US and Europe.
VPN use on the rise
Here we are a year later and not much has changed. With many countries still locked down and remote working still very much the norm for now, VPNs usage is still increasing and cybercriminals are continuing to exploit the pandemic and this antiquated technology.  As other investigations conclude, it’s very likely that others will join the list alongside Capcom.
Data exfiltration
This and other high profile attacks we’ve documented should serve as a wakeup call to organizations still relying on outdated technology that simply isn’t up to the job. Adjusting to the ‘new normal’ requires a review of cybersecurity defences which should now include data exfiltration prevention. Because without a solution in place to prevent exfiltration, it’s a question of if and not when they will see their sensitive company data being exfiltrated from their network and devices.
To really prevent cyberattacks such as ransomware, organizations must make the assumption that bad actors will get into the network, through unpatched VPNs, via a phishing email or malvertising. Protecting the perimeter isn’t enough to fight modern attacks. Only by monitoring, detecting and blocking the unauthorized transmission of data in real-time can attacks be prevented. Find out where your data is going with a free 7 day data exfiltration assessment for your organization today.
Related Posts
BlackFog Wins 2024 CyberSecurity Breakthrough Award
BlackFog Wins Coveted ‘AI-based Cybersecurity Innovation of the Year' in the 2024 CyberSecurity Breakthrough Awards Program
Big Game Hunting is on the Rise in Cybercrime
Big game hunting in cybercrime refers to attacks where cybercriminals target large organizations with the goal of demanding hefty ransoms. This article explores the tactics used in these attacks, provides real-world examples, and explains why this form of cybercrime is becoming increasingly common.
RansomHub: The Rise of a New Ransomware Threat
Explore RansomHub, a ransomware group emerging in Feb 2024. Discover their tactics, notable attacks, sophisticated techniques, and links to other cybercriminals.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
TAG Blog Series 3 – How ADX is Integrated by BlackFog
Integrating Anti Data Exfiltration (ADX) solutions is essential for enterprise cybersecurity. This article examines how BlackFog's ADX enhances existing technologies by focusing on prevention and the shift-left paradigm. It illustrates ADX's effectiveness against ransomware and its support for modern managed security service providers, demonstrating how ADX integration creates a comprehensive security solution.
Data Exfiltration Extortion Now Averages $5.21 Million According to IBM’s Report
According to IBM's 2024 Data Breach Report, the financial toll of data exfiltration extortion has surged, with the average cost now reaching $5.21 million per incident. This alarming trend highlights the growing sophistication of cybercriminals and the increasing financial risks organizations face when sensitive data is compromised. As data breaches continue to escalate, businesses must prioritize robust cybersecurity measures to mitigate these costly threats.