Despite often being considered a ‘dinosaur’ technology, the Coronavirus pandemic gave Virtual private network software or (VPNs) a new lease of life as IT teams scrambled to protect their newly remote employees. At the start of the pandemic we wrote about the VPN Fallacy, and the risks that organizations who relied on this technology would face as VPNs became a new attack vector.

In the spring of 2020 we predicted that the global pandemic and the sudden onset of remote working would create the perfect storm for cybercriminals. With companies suddenly closing their doors and rushing to implement new work from home protocols, they had little choice but to hope that their existing cybersecurity tools would be enough to protect their IT systems during the challenging months that lay ahead.

VPNs do not equal cybersecurity

Looking back over the past 12 months, we can conclude that antiquated technologies such as VPNs, firewalls and antivirus were not enough to prevent modern cyberattacks, evident with some of the largest organizations being targeted in recent months. In this blog we’ll look at a recent example of how a cybercriminal gang used an old VPN to breach a company’s network and hold them to ransom.

VPNs as attack vectors

In November 2020, Capcom, a Japanese video game developer and publisher suffered an attack at the hands of the RagnarLocker cybercriminal gang. Hackers managed to take over the network, exfiltrate sensitive data and encrypt the devices which forced the company to shut down some of its IT systems. Capcom recently revealed further details about the attack following an investigation. They concluded that the attack occurred when hackers exploited an old VPN used by staff in the company’s North American office. VPNs had been used as an emergency precaution due to pressures caused by the Coronavirus pandemic. Fortunately for Capcom, only the North American offices were using this particular VPN which has since been removed the network.

Unfortunately, this hasn’t been an isolated incident. Security researchers recently detailed how hackers were exploiting VPN servers to encrypt networks with a new form of ransomware known as Cring – a ransomware variant that targets vulnerable Fortinet Fortigate VPNs. The article references an unnamed European industrial facility who fell victim to this type of attack. Microsoft also issued warnings to healthcare facilities telling them to urgently patch weaknesses in their VPN structure as the REvil ransomware gang was actively exploiting these vulnerabilities leaving them prone to breaches. In another recent report, security researchers found that Chinese hackers had been exploiting newly discovered vulnerabilities in Pulse Secure VPNs.  This particular VPN is widely used and hackers have reportedly used it to break into government agencies, defense companies and financial institutions in the US and Europe.

VPN use on the rise

Here we are a year later and not much has changed. With many countries still locked down and remote working still very much the norm for now, VPNs usage is still increasing and cybercriminals are continuing to exploit the pandemic and this antiquated technology.  As other investigations conclude, it’s very likely that others will join the list alongside Capcom.

Data exfiltration

This and other high profile attacks we’ve documented should serve as a wakeup call to organizations still relying on outdated technology that simply isn’t up to the job. Adjusting to the ‘new normal’ requires a review of cybersecurity defences which should now include data exfiltration prevention. Because without a solution in place to prevent exfiltration, it’s a question of if and not when they will see their sensitive company data being exfiltrated from their network and devices.

To really prevent cyberattacks such as ransomware, organizations must make the assumption that bad actors will get into the network, through unpatched VPNs, via a phishing email or malvertising. Protecting the perimeter isn’t enough to fight modern attacks. Only by monitoring, detecting and blocking the unauthorized transmission of data in real-time can attacks be prevented. Find out where your data is going with a free 7 day data exfiltration assessment for your organization today.