Iran-based Threat Actors Target VPNs
The Cybersecurity and Infrastructure Security Agency and a host of private cybersecurity firms announced the discovery of Iran-based threat actors targeting VPN clients and devices.
This is one of the more frightening attacks out there these days because of the devastation it could inflict on your organization. It doesn’t matter if your VPN sits behind a current generation firewall or not – the fact is your VPN is connected to your office network, and you are at risk as long as the attack is viable and your VPN is working.
According to the CISA and the FBI, the threat actor is targeting IT, government, healthcare, financial, insurance and media sectors throughout the United States. The actor uses mass scanning and tools like Nmap to identify open ports. Once those ports are identified, the threat actor exports Common Vulnerabilities and Exposures related to VPN infrastructure to gain initial access to a targeted network.
The threat actor collects credentials, including by accessing password managers like KeyPass, and uses 7-Zip to archive data.
We are encouraging our clients to consider moving to Windows Virtual Desktops as a means for connectivity. This is 2W Tech’s preferred method for remote connections because it is secure and tied to Microsoft Azure and the local clients’ networks, making your connections much more secure than a VPN.
Coming up with comprehensive security solutions to avoid data breaches or mitigate their effects on your operations is a large task. There’s no need your organization has to attempt this without help. 2W Tech has vast experience in the cybersecurity space. Contact us today.