logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Here’s how VPNs can be Exploited by Attackers

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 6, 2023
    Rewterz
    March 6, 2023
    Rewterz Threat Advisory – CVE-2023-27290 – IBM Observability with Instana missing Vulnerability
    Severity High Analysis Summary CVE-2023-27290 Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently […]
    March 5, 2023
    Rewterz
    March 5, 2023
    Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
    Severity Medium Analysis Summary Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the […]
    March 5, 2023
    Rewterz
    March 5, 2023
    Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
    Severity Medium Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Here’s how VPNs can be Exploited by Attackers

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 6, 2023
    Rewterz
    March 6, 2023
    Rewterz Threat Advisory – CVE-2023-27290 – IBM Observability with Instana missing Vulnerability
    Severity High Analysis Summary CVE-2023-27290 Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently […]
    March 5, 2023
    Rewterz
    March 5, 2023
    Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
    Severity Medium Analysis Summary Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the […]
    March 5, 2023
    Rewterz
    March 5, 2023
    Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
    Severity Medium Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – Lazarus Maldoc, Reuse of Lures
October 9, 2019
Rewterz
Rewterz Threat Alert – “Lost Files” Data Wiper Ransomware Getting Paid Without Recovering Files
October 10, 2019

Here’s how VPNs can be Exploited by Attackers

October 9, 2019

Overview

It is generally believed that data transfers are safest over a VPN connection. However, here is a bad news. They too are vulnerable and can be hacked and used to cause you harm. Earlier this week, vulnerabilities in VPN servers were exploited by Nation-state attackers. Hence, although they make network communication more secure, VPNs too demand their due share of attention from time to time.

Weak Encryption

  • If you’re using a VPN employing an older, breakable encryption algorithm, a data breach surprise just might be on its way to you. Weak encryption alone is enough to let your guards down for attackers; let aside the approaching quantum computing’s powerful brute-force capabilities.
  • Many encryption algorithms have now been discarded or marked as unsafe and vulnerable, including DES, 3DES, SHA-1 and RSA (with small keys); they either have algorithmic flaws or they are susceptible to brute-force methods.
  • Some other products using proprietary encryption methods that promise super-double-plus ninja-grade security lack proofs to their claims.

Use VPNs that reportedly utilize known-good encryption algorithms such as AES, elliptic-curve Diffie-Hellman (ECDH), SHA-256 (or greater), or RSA with a 1536- or 2048-bit key. Also make sure that a strong encryption algorithm is not wrecked by a poor implementation.

Vulnerable Key-Handling

All VPNs rely on encryption keys for doing their security job. Therefore key-handling is a critical phenomenon. For example, in a demonstration at Black Hat USA 2019, researchers Orange Tsai and Meh Chang showed that a vulnerability in a Palo Alto Networks SSL VPN exposed a hard-coded password for the encryption key. This undoubtedly makes the vulnerability much more worse. Vulnerabilities that lead to storing of hard-coded encryption keys insecurely are very dangerous and severe. Unfortunately organizations can do little more than timely patching the vulnerabilities.

Authentication Bypass

Even if your VPN uses an impenetrable encryption, another major criminal gateway can be authentication. When a vulnerability in the VPN allows a threat actor to access critical assets behind the VPN, without demanding a user authentication, resources will end up in the hands of criminals.

For instance, In April Pulse Secure announced a set of vulnerabilities in its Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products. Some of these allowed an attacker to use a specific URI as part of an HTTPS request to gain access to arbitrary files on the destination network. The vulnerability has already been patched, but users who are oblivious to the existence of this vulnerability and have not applied patches are likely to welcome bad news. Moreover, the flaw does not draw attention to itself. The users have to seek the updates proactively to apply timely patches.

Weak Protocols

Majority of VPNs use five protocols. Depending on the strength of a protocol, the strength of a VPN can be evaluated.

  • In the mid-1990s, PPTP (Point-to-Point Tunneling Protocol) was developed and placed into service. Although very fast, more than two decades later, it is now considered unsecure.
  • Likewise, another old protocol L2TP is quick to establish a tunnel, but surprisingly offers no encryption at all. Therefore it can not ensure protection independent of an encryption protocol.
  • Cisco and Microsoft’s contribution to the list of VPN protocols, IKEv2 is a newer protocol often used together with IPSec. Although often used in mobile communications for being able to handle brief interruptions in the connection, IKEv2 is no more a promising protocol. Reason? Thanks to Edward Snowden’s warning that the NSA has learned to break its encryption.

While experts consider these three protocols damaged, there are few choices left.

  • Security engineers say that OpenVPN is currently the best available protocol. Although Fast and secure, it too is complex to set up as a “raw” protocol for in-house employees.
  • Wireguard is another protocol waving from the future, but currently it is not complete.

Free VPNs

Even if an organization keeps track of all available patches and uses the best encryption and protocols, there may be other VPNs being used by their employees that aren’t secure. They may be using VPNs from remote work locations which are apparently free, but are meant to track their online moves. The VPN providers in collaboration with advertising networks often offer these free products to track users online. While advertisements may be bearable, VPN mentor reports that free VPNs are also being used to deploy malware. They may also feed on your bandwidth or overall data per month. Hence, it is best to use VPNs that are secure and are purchased by the organization itself.

Single-Layer Protection

VPNs apart from tunneling encrypted network communication serve other functions too. VPN should mask the end user’s IP address to make tracking more difficult, and should limit possibility of long-duration campaigns. In addition, a VPN may also offer blacklist URL protection (warning against malicious websites).

A VPN provided by the organization ensures that communication between the employee and the enterprise network takes places in an encrypted tunnel. From there on, the organization’s security infrastructure will take over. Third-party VPNs if being used, must be made sure to be as secure as the one provided by the company. 

Weaponized HTTPS

One of the basic tools of safe remote computing, the HTTPS, is being used by criminals as a gateway to cover up their malicious activities. Although this protocol safely carries legitimate traffic, a specially crafted HTTPS request can be used to bypass authentication as a key step in allowing data to be taken from the network. As free certificate authorities rise, the green lock is no more a definite security indicator.

It is crucial to monitor and patch vulnerabilities in the tools that you are using, in order to maintain a healthy and secure usage of VPN. Moreover, monitoring traffic from new sources is also essential to avoid security risks.

Remediation

  • Use VPNs that utilize latest strong encryption algorithms.
  • Keep all tools updated to latest patched versions.
  • Ensure secure key-handling.
  • Use the IKEv2 protocol along with IPSec.
  • Avoid using VPNs with single-layer protection.
  • Only use recommended and known VPNs and avoid using open source or free VPNs at all costs.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo