Attacks on VPN devices increased by over 1000% in Q1 2021

VPN devices

At the same time, experts note a decline in the activity of malware, botnets and other threats.

The number of attacks on VPN devices manufactured by Fortinet and Pulse Secure increased significantly in Q1 2021 due to attempts by hacker groups to take advantage of known vulnerabilities in VPN solutions that organizations have not yet fixed.

In particular, according to the company Nuspire, which provides network security services, during this period the number of attacks on Fortinet SSL-VPN products increased by 1916%, Pulse Connect Secure VPN – by 1527%. In the first case, the attackers exploited the CVE-2018-13379 vulnerability, which allows downloading files, and in the second, the attacks focused on the CVE-2019-11510 vulnerability, which allows you to read files.

Although vendors have released updates long ago, many organizations continue to ignore the numerous warnings from security experts and leave problems unpatched, which hackers exploit.

Despite the sharp increase in the number of attacks on VPN devices, experts note a decline in the activity of malware, botnets and other threats. In particular, the activity of malware in the first quarter of this year decreased by 54% compared to the last quarter of 2020, botnets – by 11%, and the number of attempts to exploit vulnerabilities (excluding attacks on VPN) fell by almost 22%.

According to experts, the reason for the decline is associated with the January operation of law enforcement agencies to neutralize the Emotet malware, but this is only a temporary lull.

“I think another malware family-like TrickBot will be trending or new malware will take its place. Attackers will not stop spreading malware. They will adapt and switch to something new, ”says Sean Nikkei, a specialist at Digital Shadows.

According to Nuspire analyst Josh Smith, organizations should pay attention to the security of VPNs and Microsoft’s Remote Desktop Protocol, another favourite target of attackers. In particular, monitor, promptly apply security updates and implement multi-factor authentication (MFA).

“End users can be annoyed at having to enter MFA codes, but in the event of a credential leak for remote access services, MFA can be a critical factor in whether the hack succeeds or is blocked from attackers,” Smith said.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply