VPNs have long been considered a safe way for employees to securely connect to company systems remotely. But today, cybercriminals are increasingly targeting VPN access as a way into business networks.
Instead of hacking directly through firewalls, attackers are going after:
- Vulnerable remote access tools
2. Stolen VPN usernames and passwords
3. Weak or missing multi-factor authentication (MFA)
4. Outdated VPN software
Once attackers gain VPN access, they can often move through a network while appearing to be a legitimate user.
The NSA and CISA recently warned that VPNs have become “attractive targets” for cyberattacks because they provide direct access into protected business environments.
https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/
Microsoft has also reported cases where attackers created fake VPN software downloads designed to steal employee credentials.
https://www.microsoft.com/en-us/security/blog/
Additionally, CISA has issued multiple alerts around active attacks targeting VPN devices from vendors like Ivanti and SonicWall.
Source: https://www.cisa.gov/news-events/cybersecurity-advisories
So what should you do?
A VPN is still important — but it should not be your only layer of protection.
Organizations should make sure they have:
- Multi-factor authentication (MFA) enabled
- Regular VPN updates and patching
- Endpoint protection and monitoring
- Access controls and account reviews
- Security awareness training for employees
