To mitigate the impacts of Coronavirus Disease 2019 (COVID-19), more organizations are electing to have their employees work remotely from home. With that responsibility, more organizations will need to adopt a heightened level of security to protect themselves from attackers who look to exploit weaknesses in enterprise virtual private networks (VPNs).
The Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to be extra vigilant when it comes to VPN security. With the ramp-up of more teleworkers, CISA warns bad actors will likely take advantage of unpatched VPN systems and other infrastructure used for remote access.
As preparations and fears of the Coronavirus threat increase, VPNs will become even more important to be available 24/7.
As a result, more and more cyber crooks are looking to target VPNs given the high dependency and convenience of working from home.
“Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks,” CISA warned in the advisory.
In addition, bad actors will likely increase the number and frequency of phishing emails and attacks.
Security Mitigations
CISA provided multiple good mitigations to help reduce the impact of VPN-related attacks:
- Update patches on VPNs, network infrastructure and systems used for remote access (such as laptops, modems/routers, etc.).
- Increase employee awareness of phishing attacks.
- Increase focus on log review, attack detection, and incident response and recovery.
- Implement multi-factor authentication (MFA) for remote connectivity via VPNs.
- Prepare for “mass usage” and also test availability of VPN connections and prioritize users who require higher bandwidths.
Finally, users or organizations can contact CISA to report cybersecurity incidents, phishing, malware or other cybersecurity issues.