Archive for category Uncategorized

Covid-19 Exploitation in Cyberspace

As Covid-19 continues to grow in magnitude worldwide, greater is its impact in the cyberspace. With multiple threat actors like the North Korean APT Kimsuky and APT27 leveraging the pandemic for malicious cyber crimes, creative malspam campaigns surface everyday, in an attempt to lure targets into clicking and downloading the malicious attachments.


Most of these campaigns spreading malware like the Koadic RAT, Blackwater, Covidlock Android ransomware, Azorult, KPot infostealer, Remcos RAT, PlugX, BlackNet, WP-VCD, FormBook information-stealing Trojan and other keyloggers have already been reported by Rewterz Threat Intelligence.

Covid-19 Exploitation in Cyberspace is an overview of our research on the ongoing malicious activities that capitalize on the pandemic.


Rewterz Informative Update : Ransomware Impacting Pipeline Operations

Severity

High

Overview

CISA informs of a cyber-attack that was launched recently, affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. A cyber threat actor used a Spearphishing Link to obtain initial access to the organization’s information technology (IT) network before proceeding to its OT network. The threat actor then deployed commodity ransomware to encrypt data on both IT and OT networks.

Impact

Specific assets experienced a Loss of Availability on the OT network. These included human machine interfaces (HMIs), data historians, and polling servers. Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators. The attack did not impact any programmable logic controllers (PLCs) and the victim did not lose control of operations. Operational shutdown had to be implemented.

Response

Deliberate and controlled shutdown of operations had to be implemented for two days, due to lack of cyber-security accommodation in their emergency response plan. A Loss of Productivity and Revenue had to be endured meanwhile, that usually happens when adversaries cause disruption and even damage to the availability and integrity of control system operations, devices, and related processes. Normal operations were resumed afterwards.

Attack Summary

The victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks. The threat actor used commodity ransomware to compromise Windows-based assets on both the IT and OT networks. Because the attack was limited to Windows-based systems, PLCs responsible for directly reading and manipulating physical processes at the facility were not impacted. The victim was able to obtain replacement equipment and load last-known-good configurations to facilitate the recovery process. All OT assets directly impacted by the attack were limited to a single geographic facility.

Although only one geographical control facility was affected, other geographically distinct compression facilities also had to halt operations due to pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline asset lasting approximately two days. The victim acknowledges the lack in their cyber-security knowledge for failing to adequately incorporate cyber-security into emergency response planning.

Remediation

CISA recommends following mitigations to avoid and handle cyber attacks on operational control devices and networks.

Technical and Architectural Mitigations

  • Implement and ensure robust Network Segmentation between IT and OT networks to avoid extension of a cyber attack from IT network to OT network. A demilitarized zone (DMZ) should regulate all communication between the IT and OT networks.
  • Organize OT assets into logical zones by taking into account criticality, consequence, and operational necessity. Define acceptable communication conduits between the zones and deploy security controls to Filter Network Traffic and monitor communications between zones. Prohibit Industrial Control System (ICS) protocols from traversing the IT network.
  • Require Multi-Factor Authentication to remotely access the OT and IT networks from external sources.
  • Implement regular Data Backup procedures isolated from network connections, on both the IT and OT networks.
  • Revise account management policies to ensure that user and process accounts are limited through Account Use Policies, User Account Control, and Privileged Account Management. Organize access rights based on the principles of least privilege and separation of duties.
  • Enable strong spam filters to prevent phishing emails from reaching end users. Implement a User Training program to discourage users from visiting malicious websites or opening malicious attachments. Filter emails containing executable files from reaching end users.
  • Filter Network Traffic to prohibit ingress and egress communications with known malicious Internet Protocol (IP) addresses. Prevent users from accessing malicious websites using Uniform Resource Locator (URL) blacklists and/or whitelists.
  • Update Software including operating systems, applications, and firmware on IT network assets. Use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program. Consider using a centralized patch management system.
  • Set Antivirus/Antimalware programs to conduct regular scans of IT network assets using up-to-date signatures. Use a risk-based asset inventory strategy to determine how OT network assets are identified and evaluated for the presence of malware.
  • Implement Execution Prevention by disabling macro scripts from Microsoft Office files transmitted via email and consider using Office Viewer software to open them.
  • Implement Execution Prevention via application whitelisting, which only allows systems to execute programs known and permitted by security policy.
  • Implement software restriction policies (SRPs) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
  • Restrict Remote Desktop Protocol (RDP) to limit access to resources over network. If RDP is operationally necessary, restrict the originating sources and require Multi-Factor Authentication.

Planning and Operational Mitigations

  • Accommodate all possible impacts of cyber attacks in the organization’s emergency response plan.
  • Implement response playbooks to identify criteria to distinguish between events requiring deliberate operational shutdown versus low-risk events that allow for operations to continue.
  • Exercise emergency failure drills and implement alternate control systems, including manual operation to enhance employees’ decision-making experience, while assuming degraded electronic communications. The lessons learned will enhance emergency response playbooks.
  • Identify single points of failure (technical and human) for operational visibility and response planning.
  • Implement segregated communication capabilities between geographically separated facilities.
  • Recognize the physical risks that cyberattacks pose to safety and integrate cybersecurity into the organization’s safety training program.
  • Ensure the organization’s security program and emergency response plan consider third parties with legitimate need for OT network access, including engineers and vendors.

Rewterz Threat Alert – Metamorfo Returns with Keylogger Trick Targeting Financial Firms

Severity

Medium

Analysis Summary

Financial malware Metamorfo is back with a new variant with added technique of forcing victims to retype passwords into their systems which it tracks via a keylogger. Researchers found a new spate of phishing emails targeting users and distributing new variant of Metamorfo malware. Metamorfo was seen targeting Brazilian financial firms and now it’s expanding it’s geographic range.

This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger.

The infection is caused through a phishing emails and that distribute a ZIP archive containing an MSI file (named “view-(AVISO)2020.msi”). Researchers inspected this MSI file’s stream (a sequence of bytes written to files, giving more information about their attributes) and found JavaScript code mixed in with a wide swath of garbage strings.

Impact

  • Information theft
  • Financial loss

Indicators of Compromise

File name

view-(AVISO)2020.msi

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Rewterz Threat Alert – MINEBRIDGE Targets Finance Sector

Severity

Medium

Analysis Summary

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The attack chain employed a known method called “VBS Stomping” to avoid detection. the campaigns, aimed at enabling further malware infections and espionage efforts, were initiated via phishing emails with attached documents containing malicious macros. The emails were coming from fake domains that were geared to add legitimacy to the messages, resulting in a convincing theme running throughout the proceedings.

The Minebridge Payload

The ultimate goal of the document is to infect victims with the Minebridge backdoor. It’s a powerful piece of malware that gives attackers full control of the target environment. Its C2 commands include downloading and executing other malware, downloading arbitrary files, self-deletion and updating, process listing, shutting down and rebooting the system, executing arbitrary shell commands, process elevation, turning on/off TeamViewer’s microphone and gathering system information.

Picture1a.png
Picture2.png

Impact

Complete takeover of the target environment

Indicators of Compromise

MD5

  • 05432fc4145d56030f6dd6259020d16c
  • 0be9911c5be7e6dfeaeca0a7277d432b
  • 0dd556bf03ecb42bf87d5ea7ce8efafe
  • 15edac65d5b5ed6c27a8ac983d5b97f6
  • 1e9c836f997ddcbd13de35a0264cf9f1
  • 21aa1066f102324ccc4697193be83741
  • 22b7ddf4983d6e6d84a4978f96bc2a82
  • 2333fbadeea558e57ac15e51d55b041c
  • 2b9961f31e0015cbcb276d43b05e4434
  • 2c3cb2132951b63036124dec06fd84a8
  • 4de9d6073a63a26180a5d8dcaffb9e81
  • 505ff4b9ef2b619305d7973869cd1d2b
  • 52d6654fe3ac78661689237a149a710b
  • 53e044cd7cea2a6239d8411b8befb4b7
  • 5624c985228288c73317f2fa1be66f32
  • 598940779363d9f4203fbfe158d6829b
  • 60bdea2c493c812428a8db21b29dd402
  • 681a77eba0734c0a17b02a81564ae73f
  • 6b7d9268c7000c651473f33d088a16bd
  • 6d6f50f7bba4ae0225e9754e9053edc0
  • 6de77c1b4e8abaaf304b43162252f022
  • 7004fadfa572d77e24b33d2458f023d1
  • 71988460fd87b6bff8e8fc0f442c934b
  • 722981703148fa78d41abbae8857f7a2
  • 818f7af373d1ec865d6c1b7f59dc89e5
  • 832052b0f806f44b92f6ef150573af81
  • 836125ae2bed57be93a93d18e0c600e8
  • 86d60bce47c9bb6017e3da26cab50dcf
  • 8919458aec3dcc90563579a76835fc54
  • 8d7e220af48fceee515eb5e56579a709
  • 91b8ec04d8b96b90ea406c7b98cc0ad6
  • 959eb0696c199cbf60ec8f12fcf0ea3c
  • 95ec5e8d87111f7f6b2585992e460b52
  • 9606cf0f12d6a00716984b5b4fa49d7d
  • 9f7fed305c6638d0854de0f4563abd62
  • a11c0b9f3e7fedfe52b1fc0fc2d4f6d1
  • a47915a2684063003f09770ba92ccef2
  • a917b2ec0ac08b5cde3678487971232a
  • ad06205879edab65ed99ed7ff796bd09
  • ad910001cb57e84148ef014abc61fa73
  • b1ce55fca928cf66eaa9407246399d2c
  • b9249e9f1a92e6b3359c35a8f2a1e804
  • bd6880fb97faceecf193a745655d4301
  • be2597a842a7603d7eb990a2135dab5e
  • cf5470bfe947739e0b4527d8adb8486a
  • d593b7847ec5d18a7dba6c7b98d9aebf
  • d7ee4ffce21325dfe013b6764d0f8986
  • de4d7796006359d60c97a6e4977e4936
  • e0069cd3b5548f9fd8811adf4b24bf2e
  • e1ea93fa74d160c67a9ff748e5254fe0
  • ea15d7944c29f944814be14b25c2c2b1
  • f22a4abd5217fa01b56d064248ce0cc5
  • f3cb175e725af7f94533ecc3ff62fa12
  • f6533e09a334b9f28136711ea8e9afca
  • f7daaea04b7fe4251b6b8dabb832ee3a
  • fb1555210d04286c7bcb73ca57e8e430
  • 01067c8e41dae72ce39b28d85bf923ee
  • 1601137b84d9bebf21dcfb9ad1eaa69d
  • 1c883a997cbf2a656869f6e69ffbd027
  • 2ed49bd499c9962e115a66665a6944f6
  • 3b948368fe1a296f5ed18b11194ce51c
  • 4148281424ff3e85b215cd867746b20c
  • 54f22fbc84f4d060fcbf23534a02e5f6
  • 5a3d8348f04345f6687552e6b7469ac1
  • 607d28ae6cf2adb87fcb7eac9f9e09ab
  • 9ba3275ac0e65b9cd4d5afa0adf401b4
  • 9becd2fd73aa4b36ad9cd0c95297d40b
  • 9cce3c9516f0f15ce18f37d707931775
  • 9faf9e0c5945876c8bad3c121c91ea15
  • a37e6eeb06729b6108649f21064b16ef
  • ab8dc4ba75aad317abb8ee38c8928db0
  • b8817253288b395cb33ffe36e0072dc9
  • cb5e5d29f844eb22fecaa45763750c27
  • cffda37453e1a1389840ed6ebaef1b0d
  • dc0e1e4ec757a777a4d4cc92a8d9ef33
  • e5c7e82670372e3cf8e8cab2c1e6bc17
  • f93062f6271f20649e61a09c501c6c92

SHA-256

  • 182ccc7f2d703ad732ffee0e1d9ae4ae5cf6b8817cc33fd44f203d31868b1e97
  • 65ead629a55e953b31668aac3bd373e229c45eb1871d8466f278f39ebcd5d26b
  • 48f6810e50d08c2631f63aae307a7724dba830430f5edd4b90b4b6a5b3c3ca85
  • 03ff2b3067aa73ecd8830b6b0ea4f7cfa1c7476452b26227fb433265e7206525
  • 23da418912119a1358c9a1a4671ba60c396fff4c4de225fe6a225330147549a7
  • 86d839e1d741445f194965eee60d18bd292bec73e4889089e6caf9877581db12
  • fc39cb08cae90c661e00718e2a0051b5de3dcb7cddde919b9ffd2d79bf923d1f
  • 57671d5154e707da0ee6139485f45a50fa9221852ebb65781d45a2660da7d0cb
  • e41b89869c2b510c88acd1ed9fd4a6dfe89222a81c6c1241a69af3b7f812f712
  • b6dbb902125e7bf6f6701b654cbff4abaf2e853441cf34045ac19eff5ed8ce84
  • 7b1d4774176976ffcb2075889557f91a43c05fb13f3bc262bbaec4d7a0a827e6
  • abb05ba50f45742025dd4ebff2310325783da00fb7bc885783e60a88c5157268
  • d6a0e62fe53116c9b5bccd2a584381e2ca86e35490d809ce1900603d5e6b53eb
  • 6e76d648d446e6a70acdd491f04c52d17f9f0e1ef34890c6628c4f48725b47c8
  • 99559a5f06b0279ed893d2799b735dae450a620f6cea2ea58426d8b67d598add
  • 1358b0ccae9dbb493228dc94eb5722c8d34c12227a438766be83df8c1c92a621
  • 383c86deed8797e0915acf3e0c1b6a4142c2c5ecb5d482517ed2ade4df6f36fd
  • 0aaa66dc983179bffdb181079f3b786b6cd587c38c67ba68b560db0bd873278a
  • 6e39ffecab4ca0bd7835a2e773ebfc3f6d909a0a680f898e55f85ed00728666d
  • ddf33eff293ffc268dfd0a33dddef97aefe9e010ec869dc22c221d197eb85740
  • 8f50ddc1519e587597882a6bd0667653c36a8064b56ee5ff77665db2faf24710
  • cccd6b46f950caec5effdd07af339be78691974fec5f25d923932b35edb95c4a
  • 8167d41ad30f5d451791878815e479965b2f5213231f26819ecaf4fcc774ab12
  • a3070ee10dd5bcd65a45b72848c926db2602e5297641452edff66e7133cdce9c
  • cbe4b73c0c95c207ccde9d9bd80f541cf90cad18ba5abc3fe66a811ead1601c2
  • e162a70a6e27fe23379d3a17a3a727d85a94b79416d81ec3b4ea80d329e96830
  • 0fbde653bef4642626f2996a41a15a635eb52cd31eacce133d28301b902d67df
  • 6c134908ad74dfa1468a1166e7d9244695f1ffeff68bfd4eec4b35820b542b8a
  • aad0537924bacddd0d5872f934723e765dbb182f2804c6f594f9b051937495ec
  • 3eefa7072344e044c0a6abb0030f3f26065bf6a86bb50ea38473dd7ac73904fb
  • 0520e68a4b73c3b41e566cf07be54e1f1cb59c59c303fe3390e0687f9af1a58a
  • ccb5f8734befd6ab218513e16a57679a8fb43b2732e19233ee920d379045e318
  • 3f8e38ccf71f122b65fdc679db13e3de3bb4b4fc04b8ab6f955d02e0bca10fae
  • f4f062fd7b98365ed6db993b1da586dd43e5cdcc2f00a257086734daf88c9abb
  • 6c5f72ddf0262838a921107520cdc12ba8e48dbafab4a66732a350095dd48e9f
  • d35ac29ea6e064b13d56f6a534022f253cf76b98e10a7ea1cbfa086eefd64f4b
  • 7b16ce0d2443b2799e36e18f60fe0603df4383b1a392b0549c3f28159b1ca4d4
  • 8578bff803098bf5ca0d752d0a81f07659688a32cbfc946728e5ab0403f5c4ba
  • d560f8717f4117d011f40c8880081d02d1455a41c93792e1600799d3e5ee9421
  • c9a6f7b0603779690c1d189850403f86608a3c5e1cd91e76fd31c4f119ae256b
  • c6214ec7909ce61d6ec3f46f5a7ec595d8cc8db48965c5baee8a346632cbe16d
  • 0695e5e49a297c980b96f76bf10e5540de188d6a6a162e38f475418d72a50032
  • 23840c587e4e9588b3d0795d4d76a4f3d4d5b2e665ce42dde0abcd1e0a2ba254
  • 6288d3de1f1aa05fa0a5f0c8eb9880d077f034fc79fc20f87cbfcc522aa803cb
  • 6357fdb8f62948d489080b61caf135e6aaba32dcdb7dc49b0efafef178b3b54f
  • 5df3a6afb1a56fa076c6db716d5a050455158941ec962546a8799fc80ccfa573
  • 92e94482dee75261c8ebdcbb7ace382a097cca11bcdc675bbe2d7b3f67525f84
  • ee8ba1c5329d928d542bfa06eec2c0a3e3b97dcc20382ddbc27bc420ceaeb677
  • 6046d6aed3f4ee2564d6be540d46bcdc0bebce11a1ced4b9ddbfa1a41084411c
  • 92c10ef23209e09abb17e41d67301f0e3f7d9e7ddfc7c1a66140c4986d72bee7
  • 5898b41ca4f4777ad04d687f93548129ccb626d2f5e6e100b0a037c3d40a7444
  • 858b4070f8b83aa43fd6a5189a8ed226ce767a64972db893e36550a25b20be94
  • 5a5385df469459cd56f6eecbf4b41b8c75aa17220c773501eaec22731f3a41bb
  • 9136c36ccd0be71725e8720a6cfdbdd38d7eea3998228c69ed4b52e78ba979c4
  • 6abd90d718113482a5bcd36e35b4ea32c469f94fc2cfb9c1c98214efbf64c352
  • 36da56815dc0c274fc8aacdfffbc4d5e500025ccd1147cad513d59b69ab955d

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Rewterz Threat Advisory – ICS: Medtronic Conexus Radio Frequency Telemetry Protocol

Severity

High

Analysis Summary

CVE-2019-6538

The Conexus telemetry protocol utilized within this ecosystem does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.

CVE-2019-6540

The Conexus telemetry protocol utilized within this ecosystem does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.

Impact

  • Improper Access Control 
  • Cleartext Transmission of Sensitive Information

Affected Vendors

Medtronic

Affected Products

MyCareLink Monitor

CareLink Monitor
CareLink 2090 Programmer
specific Medtronic implanted cardiac devices

Remediation

For the list of more affected products, please refer to ICS advisory:

https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01


Here’s how VPNs can be Exploited by Attackers

Overview

It is generally believed that data transfers are safest over a VPN connection. However, here is a bad news. They too are vulnerable and can be hacked and used to cause you harm. Earlier this week, vulnerabilities in VPN servers were exploited by Nation-state attackers. Hence, although they make network communication more secure, VPNs too demand their due share of attention from time to time.

Weak Encryption

  • If you’re using a VPN employing an older, breakable encryption algorithm, a data breach surprise just might be on its way to you. Weak encryption alone is enough to let your guards down for attackers; let aside the approaching quantum computing’s powerful brute-force capabilities.
  • Many encryption algorithms have now been discarded or marked as unsafe and vulnerable, including DES, 3DES, SHA-1 and RSA (with small keys); they either have algorithmic flaws or they are susceptible to brute-force methods.
  • Some other products using proprietary encryption methods that promise super-double-plus ninja-grade security lack proofs to their claims.

Use VPNs that reportedly utilize known-good encryption algorithms such as AES, elliptic-curve Diffie-Hellman (ECDH), SHA-256 (or greater), or RSA with a 1536- or 2048-bit key. Also make sure that a strong encryption algorithm is not wrecked by a poor implementation.

Vulnerable Key-Handling

All VPNs rely on encryption keys for doing their security job. Therefore key-handling is a critical phenomenon. For example, in a demonstration at Black Hat USA 2019, researchers Orange Tsai and Meh Chang showed that a vulnerability in a Palo Alto Networks SSL VPN exposed a hard-coded password for the encryption key. This undoubtedly makes the vulnerability much more worse. Vulnerabilities that lead to storing of hard-coded encryption keys insecurely are very dangerous and severe. Unfortunately organizations can do little more than timely patching the vulnerabilities.

Authentication Bypass

Even if your VPN uses an impenetrable encryption, another major criminal gateway can be authentication. When a vulnerability in the VPN allows a threat actor to access critical assets behind the VPN, without demanding a user authentication, resources will end up in the hands of criminals.

For instance, In April Pulse Secure announced a set of vulnerabilities in its Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products. Some of these allowed an attacker to use a specific URI as part of an HTTPS request to gain access to arbitrary files on the destination network. The vulnerability has already been patched, but users who are oblivious to the existence of this vulnerability and have not applied patches are likely to welcome bad news. Moreover, the flaw does not draw attention to itself. The users have to seek the updates proactively to apply timely patches.

Weak Protocols

Majority of VPNs use five protocols. Depending on the strength of a protocol, the strength of a VPN can be evaluated.

  • In the mid-1990s, PPTP (Point-to-Point Tunneling Protocol) was developed and placed into service. Although very fast, more than two decades later, it is now considered unsecure.
  • Likewise, another old protocol L2TP is quick to establish a tunnel, but surprisingly offers no encryption at all. Therefore it can not ensure protection independent of an encryption protocol.
  • Cisco and Microsoft’s contribution to the list of VPN protocols, IKEv2 is a newer protocol often used together with IPSec. Although often used in mobile communications for being able to handle brief interruptions in the connection, IKEv2 is no more a promising protocol. Reason? Thanks to Edward Snowden’s warning that the NSA has learned to break its encryption.

While experts consider these three protocols damaged, there are few choices left.

  • Security engineers say that OpenVPN is currently the best available protocol. Although Fast and secure, it too is complex to set up as a “raw” protocol for in-house employees.
  • Wireguard is another protocol waving from the future, but currently it is not complete.

Free VPNs

Even if an organization keeps track of all available patches and uses the best encryption and protocols, there may be other VPNs being used by their employees that aren’t secure. They may be using VPNs from remote work locations which are apparently free, but are meant to track their online moves. The VPN providers in collaboration with advertising networks often offer these free products to track users online. While advertisements may be bearable, VPN mentor reports that free VPNs are also being used to deploy malware. They may also feed on your bandwidth or overall data per month. Hence, it is best to use VPNs that are secure and are purchased by the organization itself.

Single-Layer Protection

VPNs apart from tunneling encrypted network communication serve other functions too. VPN should mask the end user’s IP address to make tracking more difficult, and should limit possibility of long-duration campaigns. In addition, a VPN may also offer blacklist URL protection (warning against malicious websites).

A VPN provided by the organization ensures that communication between the employee and the enterprise network takes places in an encrypted tunnel. From there on, the organization’s security infrastructure will take over. Third-party VPNs if being used, must be made sure to be as secure as the one provided by the company. 

Weaponized HTTPS

One of the basic tools of safe remote computing, the HTTPS, is being used by criminals as a gateway to cover up their malicious activities. Although this protocol safely carries legitimate traffic, a specially crafted HTTPS request can be used to bypass authentication as a key step in allowing data to be taken from the network. As free certificate authorities rise, the green lock is no more a definite security indicator.

It is crucial to monitor and patch vulnerabilities in the tools that you are using, in order to maintain a healthy and secure usage of VPN. Moreover, monitoring traffic from new sources is also essential to avoid security risks.

Remediation

  • Use VPNs that utilize latest strong encryption algorithms.
  • Keep all tools updated to latest patched versions.
  • Ensure secure key-handling.
  • Use the IKEv2 protocol along with IPSec.
  • Avoid using VPNs with single-layer protection.
  • Only use recommended and known VPNs and avoid using open source or free VPNs at all costs.

Copyright © Rewterz. All rights reserved.