With millions (or more likely, billions) of users still working from home – or returning to work-from-home due to the COVID-19 resurgence, VPNs provide essential connectivity for keeping users productive and business ticking along despite pandemic restrictions.
Hackers – ever alert to organizations’ most vulnerable points – have declared open season on the very VPNs that keep us connected and productively working. And the hunt has become much less of a challenge given that, despite well-publicized warnings and alerts, many organizations have neglected to patch dangerous vulnerabilities in their VPNs. And we’re not talking only about mom-and-pop shops: Leading banks, finance firms, and government organizations worldwide have likewise left their networks highly exposed to attack.
This is no mere speculation: Just a few days ago, a hacker posted a list of “one-line exploits to steal VPN credentials” from tens of thousands of unpatched Fortinet VPNs. The exploit allows attackers to access VPN sslvpn_websession files to steal login credentials. And with those credentials, of course, they can compromise full networks, moving within to scope out resources and applications, steal data, and deploy ransomware.
The exploit is old news: It was disclosed over one year ago, and patches were immediately issued. What is news is that a threat actor has shared a list of almost 50K as-yet-unpatched exploitable devices, making it easier than ever to attack organizations that have been slow to take action.
We all know that errors happen: People get distracted, processes get interrupted and patching gets delayed. But the question is not if errors happen, but what happens when they do – since it’s inevitable that they will. Vulnerabilities will be discovered, patching delayed.
That’s why, when it comes to security, a belt-and-suspenders approach is always a smart choice. This is particularly true when known-vulnerable technologies, such as VPNs, are in play. Of course, there is no substitute for applying patches as soon as they are released to protect against published exploits. But even if known bugs are patched, VPNs are vulnerable to brute-force and man-in-the-middle attacks.
Ericom Application Isolator (EAI) is a Zero Trust Network Access software solution that ensures that valuable data, applications and resources stay protected, even if front-line VPN defenses are breached. Using a least-privilege identity-based microsegmentation approach, it enables authenticated users to see only the apps they are authorized to access. Note the word “see”. EAI cloaks apps, resources and data from the view of any unauthorized users, who are not even aware that they exists on the network. And if they do not know it’s there, they cannot attack it.
While microsegmenting access is not unique to EAI, here’s what is: EAI Advanced Edition includes an automated policy builder that creates and applies user-level least-privilege access policies, hands-free, even for companies with tens of thousands of users. By eliminating the time-consuming, difficult and subject-to-error job of hand-crafting individual user access policies, EAI takes true granular microsegmentation from an ideal to reality.
If your organization is depending on VPNs to keep users working remotely, you can’t afford to be the next victim of a VPN-enabled breach. Contact us to learn more about EAI or download the free EAI Standard Edition and give it a try.