NSA, CISA Provide VPN Security Tips For Hacker Protection

Share post:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued guidelines to improve the security of virtual private network (VPN) solutions.

Both agencies co-authored the document to help organizations improve their defenses against attacks by nation-state cybercriminals who exploited bugs in VPN systems to “steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device.”

Organizations should also purchase products from reputable vendors who already have experience in fixing known vulnerabilities quickly.

Both agencies recommend reducing the server’s attack surface by:

  • Strong cryptography and authentication
  • Running on strictly necessary features
  • Protection and monitoring of access to and from the VPN

The guidelines come after financially motivated and state-supported cybercriminals have recently focused on exploiting VPN vulnerabilities to achieve their goal.

The attack vector has attracted government-backed hackers who leveraged vulnerabilities in VPN devices to enter networks of government organizations and defense companies in many nations.

Ransomware gangs have also shown a massive interest in this type of network access vector. At least seven operations have exploited bugs in VPN solutions from Fortinet, Ivanti Pulse and SonicWall.

Cring, Ragnar Locker, Black Kingdom, HelloKitty, LockBit, REvil or Conti ransomware operations have exploited the systems of many companies by exploiting VPN security issues.

For more information, read the original story in Bleeping Computer.

SUBSCRIBE NOW

Related articles

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

AI Agents Could Surpass Humans as Primary App Users by 2030, Accenture Predicts

AI agents are poised to transform the way we interact with digital systems, potentially becoming the primary users...

Data Stolen From Thousands of Popular Mobile Apps: Cyber Security Today for January 13th, 2025

Massive location data harvesting steals data using thousands of popular mobile apps, hackers find new ways of breaching...

NVIDIA Puts A Supercomputer On The Desktop: Hashtag Trending for Monday January 13, 2025

Nvidia launches a mini AI supercomputer that could change computing forever, Microsoft shows that small AI models can...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways