COVID-19: With Everyone Wokring from Home, VPN Security Has Now Become Paramount (Mar 18, 2020)
Government and security officials have recently begun voicing their concerns for companies to secure their Virtual Private Network (VPN) servers due to the recent novel coronavirus (COVID-19) outbreak. The coronavirus has caused many employees to work from home and are using company VPN’s to access sensitive company information. Representatives from the SANS Internet Storm Center (ISC), Department of Homeland security and the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) are advising employers to take necessary precautions to prevent exploitation of their VPN servers.
Recommendation: It is advised that all individuals ensure that any VPN servers being used for professional purposes are up to date with patches and that multi-factor authentication is enforced on accounts to ensure no unauthorized individuals are able to gain access. Employees are at risk of phishing campaigns that steal VPN credentials, which is why administrators must monitor log traffic of VPN usage to certify that only legitimate individuals gain access to the VPN.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.