In recent times several VPN and remote access products have been harmed by hackers. Several sources have reported over last week about the vulnerabilities found in VPNs, which increased at a higher peak for remote work during the COVID-19 Pandemic.
Cybersecurity companies like FireEye have noticed the vulnerabilities being exploited wildly in the government and financial organizations. Since the continuous threat from the hackers, many organizations aren’t completing updates. Last year there was a massive supply chain attack on the SolarWinds Orion platform.
The hacker who broke into the SolarWinds Orion platform connected to the entity’s network via a Pulse Secure VPN appliance, and moved to the SolarWinds Orion server, installed malware referred by the security researchers as Supernova, and then collected credentials. Vulnerability in the Pulse Secure VPN appliances has been exploited in several other instances lately.
The Russian foreign intelligence service hackers have frequently used public known vulnerabilities in initial attack stages. The current attacks on Fortinet’s FortiGate VPN and Pulse Secure’s Pulse Connect Secure VPN, as well as VMware’s Workspace One Access and Citrix’s Application Delivery Controller and Gateway.
Hackers use these weaknesses to target a large scale of systems and obtain their authentication credentials to allow further access. There have been recent reports suggesting that a joint cybersecurity advisory by the FBI and CISA said APTs may be exploiting several Fortinet FortiOS vulnerabilities.
It appears to be that many organizations including the government have not completed updates, as hackers continually take advantage of old vulnerabilities.