Despite often being considered a ‘dinosaur’ technology, the Coronavirus pandemic gave Virtual private network software or (VPNs) a new lease of life as IT teams scrambled to protect their newly remote employees. At the start of the pandemic we wrote about the VPN Fallacy, and the risks that organizations who relied on this technology would face as VPNs became a new attack vector.
In the spring of 2020 we predicted that the global pandemic and the sudden onset of remote working would create the perfect storm for cybercriminals. With companies suddenly closing their doors and rushing to implement new work from home protocols, they had little choice but to hope that their existing cybersecurity tools would be enough to protect their IT systems during the challenging months that lay ahead.
VPNs do not equal cybersecurity
Looking back over the past 12 months, we can conclude that antiquated technologies such as VPNs, firewalls and antivirus were not enough to prevent modern cyberattacks, evident with some of the largest organizations being targeted in recent months. In this blog we’ll look at a recent example of how a cybercriminal gang used an old VPN to breach a company’s network and hold them to ransom.
VPNs as attack vectors
In November 2020, Capcom, a Japanese video game developer and publisher suffered an attack at the hands of the RagnarLocker cybercriminal gang. Hackers managed to take over the network, exfiltrate sensitive data and encrypt the devices which forced the company to shut down some of its IT systems. Capcom recently revealed further details about the attack following an investigation. They concluded that the attack occurred when hackers exploited an old VPN used by staff in the company’s North American office. VPNs had been used as an emergency precaution due to pressures caused by the Coronavirus pandemic. Fortunately for Capcom, only the North American offices were using this particular VPN which has since been removed the network.
Unfortunately, this hasn’t been an isolated incident. Security researchers recently detailed how hackers were exploiting VPN servers to encrypt networks with a new form of ransomware known as Cring – a ransomware variant that targets vulnerable Fortinet Fortigate VPNs. The article references an unnamed European industrial facility who fell victim to this type of attack. Microsoft also issued warnings to healthcare facilities telling them to urgently patch weaknesses in their VPN structure as the REvil ransomware gang was actively exploiting these vulnerabilities leaving them prone to breaches. In another recent report, security researchers found that Chinese hackers had been exploiting newly discovered vulnerabilities in Pulse Secure VPNs. This particular VPN is widely used and hackers have reportedly used it to break into government agencies, defense companies and financial institutions in the US and Europe.
VPN use on the rise
Here we are a year later and not much has changed. With many countries still locked down and remote working still very much the norm for now, VPNs usage is still increasing and cybercriminals are continuing to exploit the pandemic and this antiquated technology.  As other investigations conclude, it’s very likely that others will join the list alongside Capcom.
Data exfiltration
This and other high profile attacks we’ve documented should serve as a wakeup call to organizations still relying on outdated technology that simply isn’t up to the job. Adjusting to the ‘new normal’ requires a review of cybersecurity defences which should now include data exfiltration prevention. Because without a solution in place to prevent exfiltration, it’s a question of if and not when they will see their sensitive company data being exfiltrated from their network and devices.
To really prevent cyberattacks such as ransomware, organizations must make the assumption that bad actors will get into the network, through unpatched VPNs, via a phishing email or malvertising. Protecting the perimeter isn’t enough to fight modern attacks. Only by monitoring, detecting and blocking the unauthorized transmission of data in real-time can attacks be prevented. Find out where your data is going with a free 7 day data exfiltration assessment for your organization today.
Related Posts
The 5 Biggest Ransomware Attacks of 2024
Cybersecurity was still very much dominated by ransomware attacks in 2024. In this article we look back at five of the most notable incidents of the year.
BlackFog and Carahsoft Partner to Enhance Ransomware Protection in the Public Sector
BlackFog partners with Carahsoft to bring AI-powered ransomware protection to government agencies, enhancing Public Sector cybersecurity.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
Data Leakage Protection: Don’t Let Your Data Slip Away
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
Compliance as a Service (CaaS) Explained in Simple Terms
Find out how compliance as a service (CaaS) makes tackling regulatory challenges like HIPAA, GDPR, and PCI easy.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.