{"id":102117,"date":"2019-08-31T11:28:03","date_gmt":"2019-08-31T15:28:03","guid":{"rendered":"http:\/\/rbach.net\/index.php\/"},"modified":"2022-10-22T12:02:26","modified_gmt":"2022-10-22T16:02:26","slug":"are-your-vpns-virtual-pwnd-networks","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/are-your-vpns-virtual-pwnd-networks\/","title":{"rendered":"Are Your VPNs – Virtual Pwnd Networks"},"content":{"rendered":"

Updated October 21, 2019<\/strong> – The U.S. and U.K. spy agencies have issued separate cybersecurity advisories on 10\/21\/2019 urging users to patch and mitigate the VPN holes discussed below. The NSA<\/a> advisory<\/a> (PDF) warns that “multiple nation-states advanced persistent threat (APT) actors have weaponized” the flaws. The U.K.’s National Cyber Security Centre (NCSC<\/a>) advisory is here<\/a>.<\/p>\n

—<\/p>\n

Updated September 29, 2019 – <\/strong>SafeBreach Labs<\/a>\u00a0discovered<\/a>\u00a0a vulnerability in Forcepoint\u2019s<\/strong><\/a> VPN client software<\/strong>. The flaw will give attackers unfettered access to its users\u2019 Windows computers.<\/p>\n

In its\u00a0article detailing the bug<\/a>, Forcepoint explained The flaw enables an attacker<\/strong> to insert their own executable which will run with administrative privileges<\/strong>, giving the attackers administrative access to the system. Forcepoint gave the bug a CVE number of\u00a02019-6145<\/a> and a base severity score of 6.7. According to a\u00a0 Forcepoint knowledge base article<\/a>, the flaw is patched in version 6.6.1 of the Forcepoint VPN Client for Windows.<\/p>\n

—<\/p>\n

Updated September 10, 2019 –\u00a0<\/strong> ZDNet<\/em><\/a> is reporting<\/a> that the Chinese state-sponsored hacker group APT5<\/strong> is targeting<\/strong> enterprise VPN servers from Fortinet and Pulse Secure<\/strong> since the security flaws discussed below became public knowledge last month. FireEye<\/a> reports<\/a> (PDF) that APT5 has been active since 2007 and has targeted multiple industries.<\/p>\n

APT5 was reportedly one of the first to start scanning the internet and then later attempt to exploit vulnerabilities in the Fortinet and Pulse Secure VPN servers. The attackers sought to steal files storing password information or VPN session data from the affected products. These files would have allowed attackers to take over vulnerable devices.<\/p>\n

—<\/p>\n

\"Are<\/a>Everybody loves their virtual private networks<\/strong><\/a>. SSL VPNs provide a convenient way for business users to connect to corporate networks while out of the office. A recent study<\/a> by FlexJobs<\/a> found 30% of workers have left a job because it did not offer flexible work options like remote work<\/strong>. Further, the report said, that 80% of staff would be more loyal to their employers if they had flexible work options and 52% of workers have tried to negotiate flexible work arrangements<\/strong> with their employer.<\/p>\n

\"Great<\/a><\/strong>Hackers love VPNs too<\/h3>\n

Last month VPNpro<\/em><\/a> found<\/a> that the majority of VPN services have close ties to China<\/strong>. CSO Online<\/a><\/em> points out<\/a> that if you are running a VPN that is developed and owned in China, then there is a serious chance that your information is not as private<\/strong> as you think. Every technology company that operates within China, including ISPs, are required to comply with any Chinese governmental request for data<\/strong>. That includes your data<\/strong>. The Chinese government has a long and well-documented history of hacking, favoring, and helping local businesses at the expense of foreign companies.<\/strong><\/p>\n

VPNpro<\/em> also found<\/a> that some Chinese firms own different VPNs split among different subsidiaries<\/strong>. For example, the Chinese company Innovative Connecting owns three separate businesses that produce VPN apps: Autumn Breeze 2018<\/a>, Lemon Cove, and All Connected. In total, Innovative Connecting produces 10 seemingly unconnected VPN products, the study shows.<\/p>\n

\"VPN<\/a><\/strong>China is not the only concern<\/h3>\n

VPNpro<\/em> also found that seven of the top VPN services are owned by Gaditek, based in Pakistan. This means the Pakistani government<\/strong> can legally access any data without a warrant and data can also be freely handed over to foreign institutions, according to VPNpro<\/em>.<\/p>\n

VPNpro<\/em> identified a further four companies: Super VPN & Free Proxy, Giga Studios, Sarah Hawken, and Fifa VPN, which together own 10 VPN services \u2013 where the parent company, and therefore the company of origin, is completely hidden<\/strong>.<\/p>\n

If that is not scary enough<\/strong> – There are new reports that attackers are now targeting the devices used to attach VPNs to the network. Help Net Security<\/a><\/em> reports<\/a> that attackers are exploiting known flaws in Pulse Connect Secure SSL VPN and Fortigate SSL VPN<\/strong> installations.<\/p>\n

Flaws VPN installations<\/h3>\n

These attacks could allow attackers to steal passwords and gain full, remote access to an organization’s networks<\/strong>. Attackers have been targeting two vulnerabilities:<\/p>\n