VPN hacks may not garner the same level of mainstream attention as other online security threats, but their consequences can be equally, if not more, severe. In a recent interview with Computer Weekly, Cybersecurity expert Ofer Shezaf issued warnings concerning risks associated with the implementation of VPN in organizations.
Shezaf, the director of cyber security at Varonis Systems, cited a few examples of VPN hacks, including the attack on the power supply in Ukraine in December 2015, considered to be the first known instance of a cyber attack that cause a power outage.
Attackers had penetrated the system through a VPN using a hijacked account; the attack interrupted the electricity supply from half the homes in the Ivano-Frankivsk region in Ukraine for several hours
VPN hacks can often be part of highly targeted cyber attacks; seldom they are the work of lone wolves, such as a 2014 case where a fired system administrator at a large US paper manufacturer used VPN remote access to destroy some of the company’s equipment.
The most chilling attack however happens to be the breach of the security division of EMC, known as RSA. EMC is a multinational corporation that sells data storage, information security, virtualization, analytics, and cloud computing products. Their services enable organizations to store, manage, protect, and analyze data. hackers had stolen the private key used to generate all of RSA’s Secure IDs and then used it to penetrate organisations that used Secure ID through their VPN. The organizations included Lockheed Martin.
Two-factor authentication (2FA), can beef up security significantly, but it’s not foolproof. 2FA requires users to supply another kind of authentication besides a password, typically a code sent either via text message or an app, or biometric information such as fingerprints.
But there has been instances when hackers broke through 2FA.
And so, to augment traditional VPN security and 2FA, Shezaf says that “we need to employ analytics to detect attacks.”
Machine learning in particular can play a big role. It can uncover patterns related to how users normally log in through the VPN – from where and when they usually connect and which activities they usually engage in when connected from the outside – and spot any anomalies.
Two consecutive logins from the same account from two different locations? At least one of those is compromised. An unusually large amount of data transfer? Someone is probably siphoning information. You get the idea.