By Nathan Whittacre

Online security threats are constantly on the rise, so it's crucial for businesses of all sizes to stay informed and take proactive measures to protect themselves. Recent reports have highlighted a new wave of attacks targeting virtual private networks (VPNs), which are essential for remote work and secure online communication. In this article, we'll break down what you need to know about these attacks and key steps to SSLVPN attack protection, even if you're not a cybersecurity expert.

What's Happening With the VPN Attacks?

Cisco's Talos security team has warned about a large-scale credential compromise campaign. This means that attackers are trying to break into VPN, SSH, and web application accounts using a variety of techniques. The attacks aren't limited to a specific industry or region, and the attackers are targeting both known generic usernames and specific usernames associated with particular organizations.

If you remember a few years back, the Colonial Pipeline attack was due to VPN credentials being used to gain access into the critical systems and shut down gasoline supplies to more than one-third of the United States. This is why we’re sounding the red alarms on this new attack.

The attackers use lists of usernames and passwords to gain access, which they've obtained from various sources. These lists contain over 2,000 usernames and nearly 100 passwords. In addition, they've identified almost 4,000 IP addresses that are sending out malicious login attempts. What's particularly concerning is that many of these IP addresses originate from anonymizing networks like TOR, making it harder to trace where the attacks are coming from.

What Are the Risks?

When attackers gain unauthorized access to a VPN, they can do a lot of damage. They might steal sensitive data, disrupt business operations, or even lock you out of your own accounts. This can lead to business downtime, loss of customer trust, and, in some cases, financial loss.

One of the most significant risks is denial-of-service (DoS) attacks. This happens when attackers flood a network with so many login attempts that it becomes overwhelmed and stops working properly. Account lockouts are another common problem, where repeated failed login attempts cause accounts to be temporarily or permanently locked.

At Stimulus Technololgies, we have seen all these attacks against client firewalls, causing users not be able to login to the systems, and routers becoming unresponsive due to all the attempted logins.

What Are the Attackers Targeting?

The attackers seem to be indiscriminate in their targets. They're trying to break into a variety of VPN services and other network applications. The list includes:

    • Cisco Secure Firewall VPN

    • Checkpoint VPN

    • Fortinet VPN

    • SonicWall VPN

    • Remote Desktop Web Services

    • Mikrotik

    • Draytek

    • Ubiquiti

These services are used by a wide range of businesses, from small home offices to large enterprises. This means that no matter the size of your business, you're potentially at risk.

Key Steps for SSLVPN Attack Protection

It's crucial to take steps to protect your business from these attacks. Here are some practical measures you can implement to enhance your network security. Here are some steps for SSLVPN attack protection:

    1. Enable Detailed Logging: This allows you to track who is accessing your network and identify suspicious activity. If possible, send the logs to a remote server for additional security.

    1. Secure Default Remote Access Accounts: If you have default remote access accounts, make sure they're secure or sinkhole them if they're not in use.

    1. Remove Old User Accounts: Verify that all the accounts for VPN access are valid.

    1. Block Malicious Sources: Use firewalls to block connection attempts from known malicious IP addresses. Cisco has already created a block list that you can use to protect your network.

    1. Geographic IP address blocking: Only allow countries where you have business or employees to access your network.

    1. Implement Access Control Lists: These lists help filter out unauthorized public IP addresses and prevent them from initiating remote VPN sessions.

    1. Use Certificate-Based Authentication: This adds an extra layer of security to your VPNs, ensuring that only authorized users can access them.

    1. Run the Latest Firmware: Ensure your firewall is running the latest release of firmware from your vendor.

By implementing these security measures, you can reduce the risk of unauthorized access and protect your business from these types of attacks. Additionally, staying informed about the latest security threats and working with your IT team or security experts can help you stay ahead of potential dangers.

Cybersecurity is a critical aspect of running a business in today's digital world. While these recent SSLVPN attacks are concerning, you can take proactive steps to protect your business. By understanding the risks, implementing security measures, and staying informed, you can safeguard your business and ensure that your data and operations remain secure.

Secure Your Network with Stimulus: Contact Us for a Firewall Review and Penetration Test

Is your business protected from the latest cyber threats? With recent attacks targeting VPNs and network services, it's more important than ever to ensure your firewall settings are up to date and your security measures are effective.

Don't leave your business vulnerable! Contact Stimulus Technologies today for a comprehensive firewall review and external penetration test. Our expert team will help you identify vulnerabilities, strengthen your defenses, and keep your business safe from unauthorized access and cyberattacks.

Your business's security is our priority—call us today!