Read the full story
With millions of people still working from home, VPNs continue to be an essential element in ensuring organisations remain secure. VPNs allow remote staff to connect to their organisation’s networks, reducing the risks of data compromise.
For many organisations, there is an assumption that once a VPN is in place, it’s ‘job done’. However, this is a mistake. VPNs can be vulnerable to breaches, allowing malicious actors to access corporate data.
Zyxel, a manufacturer of enterprise routers and VPN devices, has issued an alert that attackers are targeting its devices and changing configurations to gain remote access to a network.
The attacks affect organisations using Unified Security Gateway (USG), ZyWALL, the USG FLEX combined firewall and VPN gateway, Advanced Threat Protection (ATP) firewalls, and VPN series devices running its ZLD firmware.
According to the company: The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as”zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the device’s configuration.
Zyxel notes that firewalls may be affected if users experience issues accessing the VPN, or routing, traffic and login issues. Other signs include unknown configuration parameters and password problems. Administrators should delete all unknown admin and user accounts that have been created by the attackers. You should also delete unknown firewall rules and routing policies.
This is a timely reminder of the importance of VPN penetration testing. Whilst many organisations routinely test their applications and servers, VPNs are often neglected. This can make them a weak link in an organisation’s environment.
Contact CyberCX for expert advice on VPN penetration testing.