This year has seen no shortage of blockbuster hacks, from the SolarWinds supply chain meltdown to China’s blitz against Microsoft Exchange servers. It’s a lot. But the outsized focus on those hacking sprees obscures another threat that has built steadily in the background for years, with no clean resolution in sight: the sustained assault on virtual private networks.
The latest example of a VPN meltdown—we’re talking corporate connections, not your personal setup—is among the most dramatic. Security firm FireEye this week revealed that it had found a dozen malware families, spread across multiple hacking groups, feasting on vulnerabilities in Pulse Secure VPN. The victims spanned the globe and ranged across the usual high-value targets: defense contractors, financial institutions, and governments. The attackers used their perch to steal legitimate credentials, improving their chances of gaining access that’s both deep and sustained.
Which is the thing about VPN hacks. Since the whole point of a VPN is to create a secure connection to a network, worming into one can save hackers a lot of hassle. “Once hackers have those credentials, they don’t need to use spearphishing emails, they don’t need to bring in custom malware,” says Sarah Jones, senior principal analyst at FireEye. “It’s kind of a perfect situation.”
The campaign that FireEye uncovered is especially ambitious and potentially troubling. It’s too early for firm attribution, but the groups behind it appear to be linked to China, and their targets seem chock full of the kind of sensitive information on which espionage groups thrive. One of the mal ..
Support the originator by clicking the read the rest link below.
