Ransomware has become the most damaging and expensive cyberattack in recent years. As organizations switched to remote work in response to COVID-19, cybercriminals exploited the increased use of enterprise VPN solutions to spread their malware.
VPN Infrastructure Creates Security Gaps
The COVID-19 pandemic provided a number of opportunities for cybercriminals. As organizations suddenly transitioned to a mostly or wholly remote workforce, new security risks and attack vectors were created.
One of the most common responses to the COVID-19 pandemic was increased usage of VPN infrastructure. VPN argentina provides the ability for remote workers to securely access the enterprise network.
However, they also create significant security challenges for an organization. VPNs are designed to act as a gatekeeper to an organization’s network. This means that they need to be exposed to the public Internet and provide access to the private corporate network.
With VPNs, the barrier between the public Internet and private enterprise network is defined by software. Vulnerabilities in this software – which are common – provide cybercriminals with access to the enterprise network.
VPNs are the Primary Ransomware Infection Vector
In the wake of COVID-19, the widespread shift to remote work focused cybercriminals’ attention and efforts on telework solutions. While tools like the remote desktop protocol (RDP) were the most common ransomware infection vector, VPN vulnerabilities weren’t far behind.
The focus on VPNs as a ransomware infection vector was driven by a number of different factors, including:
- Increased Adoption: With COVID-19, VPN usage by organizations and their employees surged. This meant that more organizations deployed potentially vulnerable VPN infrastructure and that attacks could be lost in the noise.
- Common Vulnerabilities: A number of exploitable vulnerabilities have been discovered and reported in VPN software. This provides cybercriminals with numerous options to try to gain access to enterprise networks.
- Poor Patch Practices: Patch management is a common struggle, and the high availability requirements of VPNs for an organization with a remote workforce exacerbate this issue. As a result, publicly-known vulnerabilities in VPN software remain unpatched.
- Limited Access Control: VPNs authenticate users of the software but provide them with full access to the enterprise network. This makes them an ideal solution for cybercriminals wishing to distribute ransomware or otherwise attack an organization.
The combination of widespread adoption and insecure software make VPNs a valuable tool for cybercriminals.
Minimizing the Security Threats of Remote Access Solutions
VPNs have their problems both in terms of performance and security. Many organizations adopted VPNs during the COVID-19 pandemic because they were a familiar technology that they already had in place. However, during the pandemic, overwhelmed VPN infrastructure impaired employee productivity and network performance.
In the wake of the pandemic, many organizations are looking to more permanently support remote work. However, with this extended support comes the need to ensure that their telework infrastructure meets the needs of the business. While the performance limitations of VPNs are a more visible issue, the security issues of VPN infrastructure are equally important.
For this reason, many organizations are looking for alternatives to traditional VPN-based remote access solutions. A common choice is secure access service edge (SASE), which is a networking and security solution designed for the modern network. SASE is implemented as a network of cloud-based appliances that combine the network optimization of software-defined WAN (SD-WAN) with an integrated security stack. This combination allows traffic to be optimally and securely routed between any pair of geographically-distributed SASE points of present (PoPs) without losing traffic visibility or security.
One of the security features of SASE solutions is zero-trust network access (ZTNA), which is also called a software-defined perimeter (SDP). ZTNA/SDP is a replacement for VPNs that – when integrated into a SASE solution – provides a number of performance and security benefits, such as:
- Zero Trust Access: VPNs provide a user with unfettered access to the enterprise network, making it easy to spread ransomware or perform other attacks. With ZTNA/SDP, access requests are granted on a case-by-case basis using zero trust principles, which limits the impact of a compromised account.
- Integrated Security: VPNs perform no inspection of the traffic that they carry, making it easy to use them as a delivery method for ransomware. SASE PoPs integrate a full security stack, enabling them to inspect all traffic flowing over them before forwarding it to its destination.
- Global Deployment: SASE PoPs are hosted in the cloud, meaning that they can be deployed anywhere. This eliminates the need to backhaul all business traffic through the enterprise network (via a VPN) for security inspection before forwarding it on to its actual destination.
- Managed Security: VPNs are a leading ransomware attack vector because they commonly contain unpatched, exploitable vulnerabilities. SASE is available as a managed service, meaning that, if a vulnerability is discovered, the service provider is responsible for quickly fixing the issue, closing the security gap.
SASE solutions are designed to meet the networking and security needs of the modern enterprise. At the same time, they also provide a solution to the explosion of ransomware attacks exploiting remote access solutions.