CISA has released an advisory regarding Enterprise VPN security with regards to organizations that may use VPNs to support work from home during the impacts of Coronavirus Disease 2019 (COVID-19).
The advisory reminds that VPNs are a target for malicious actors and publicly known vulnerabilities are actively exploited. Because VPNs typically are up 24/7, organizations are less likely to update them due to the associated downtime. Along with targeting VPNs, malicious actors may increase phishing attempts specifically targeting teleworkers in an attempt to steal credentials.
Phishing emails surrounding the COVID-19 can take different forms within your inbox, including:
In a recent email detected by our own SAT team, a cybercriminal used this particular tactic to try and infiltrate a client’s network, claiming to be from a legitimate organization offering information regarding the coronavirus.
How to prevent
Multifactor authentication (MFA), which cross-verifies users via two different forms of identification prior to login, is a good best practice to protect against phishing attacks. If MFA is not an option for your organization, creating strong, unique user passwords should be required.
Another consideration is that organization’s VPNs may only support a limited amount of VPN connections, creating a bottleneck for teleworkers effecting business operations. Organizations should ensure their VPN solutions are updated during this critical period and they should alert employees to expect an increased number of phishing attempts.
How to tell if your VPN is updated:
IT Staff should test VPN connection limitations to allow organizations to plan for prioritization of VPN user usage and rate limiting if required.
*As a reference, CISA has a page dedicated for Social Engineering and Phishing Attack awareness that can be found here: https://www.us-cert.gov/ncas/tips/ST04-014