By

SSLVPN/WebVPN solutions should now reportedly be replaced by organizations with safer alternatives after multiple cyberattacks proved to be due to their vulnerabilities, as advised by the Norwegian National Cyber Security Centre (NCSC). 

The NCSC officially advises SSL VPN/WebVPN product customers to convert to IPsec with Internet Key Exchange (IKEv2) instead of Internet Protocol Security (IPsec).

ScreenConnect Flaw Exploit: North Korean Hackers Infect Targets With Toddleshark Malware
(Photo: Towfiqu barbhuiya from Unsplash) A new malware variant called Toddleshark surfaced recently after Kimsuky, a group of North Korean hackers, exploited ScreenConnect flaws.

SSL/TLS protocols, SSL VPN, and WebVPN offer secure remote access to a network via the Internet. An "encryption tunnel" secures the link between the user's device and the VPN server. IPsec with IKEv2 encrypts and authenticates every packet with frequently renewed essential keys to secure connections.

The cybersecurity group acknowledges that IPsec with IKEv2 has shortcomings but thinks that moving to it would drastically lower the attack surface for incidents involving secure remote access because it is less forgiving of configuration errors than SSLVPN.

The United States and the United Kingdom are among the other nations that have advised adopting IPsec over alternative protocols.

Read Also: Hong Kong's Privacy Watchdog Starts Data Leak Probe Urges to Notify 17,000 Affected Individuals 

VPN Alternatives

In situations where IPsec connections aren't feasible, the NCSC advises switching to 5G broadband. The NCSC has also provided temporary alternatives for companies whose VPN solutions do not support IPsec with IKEv2. These companies require time to plan and carry out the conversion.

These include enforcing stringent geofencing regulations, centrally recording VPN activity, and preventing access from VPN, Tor exit node, and VPS providers.

In contrast to IPsec, an open standard that most businesses adhere to, SSLVPN lacks a standard that forces network equipment manufacturers to develop their protocol version.

However, this has resulted in several vulnerabilities in SSL VPN solutions like Cisco, Fortinet, and SonicWall being found over time, which hackers actively use to compromise networks.

Nissan External VPN Attack

This was abundantly clear when a threat actor targeted Nissan's external VPN, took down a few company systems, and demanded a ransom. The company claims that none of its systems were encrypted during the attack. 

Working with independent cybersecurity experts, the company assessed the situation, took control of the issue, and removed the threat. After further investigation, it was found that the hacker had accessed a small number of files on local and network devices, most of which contained information relevant to businesses.

Nevertheless, on February 28, the company found certain personal data in the data—mostly concerning former and current NNA [Nissan] employees—including Social Security numbers.

A cybersecurity expert believes that the hacker most likely obtained an identification code or multi-factor authentication token from an actual Nissan employee to gain access to the company's VPN.   

According to Erich Kron, a cybersecurity awareness advocate at KnowBe4, concentrating on the VPN would often allow bad actors to avoid detection and get beyond many enterprise security safeguards.  

Related Article: Unnamed Australian Healthcare Provider Hacked: National Cyber Security Coordinator Confirms 

Written by Aldohn Domingo

(Photo: Tech Times)

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: VPN SSLVPN WebVPN Norway Norway National Cyber Security Centre Norway NCSC Cybersecurity Cyberattack Cybercrime
Join the Discussion