{"id":13255,"date":"2020-11-23T22:04:28","date_gmt":"2020-11-23T16:34:28","guid":{"rendered":"https:\/\/www.stechguide.com\/?p=13255"},"modified":"2020-11-23T22:04:28","modified_gmt":"2020-11-23T16:34:28","slug":"vpn-vulnerability-most-targeted-by-chinese-hackers","status":"publish","type":"post","link":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/","title":{"rendered":"VPN Vulnerability Most Targeted By Chinese Hackers"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Virtual private networks (VPNs) are a commonly-used remote access solution. However, this does not mean that they are a good or secure one. VPNs are prone to vulnerabilities, and cybercriminals take advantage of this fact. The insecurity of VPNs, combined with their other shortcomings, is a good reason to consider upgrading to a <\/span><a href=\"https:\/\/www.catonetworks.com\/blog\/work-from-anywhere-for-everyone-a-modern-vpn-alternative-to-deploy-now\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">VPN alternative<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h3><b>VPNs Are a Good Target for Cybercriminals<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The majority of cyberattacks begin as a phishing email. However, for those that don\u2019t, targeting an unpatched vulnerability in an exposed service is also a popular approach. In many cases, cybercriminals can discover and exploit these vulnerabilities automatically using scripts that look for and attack services with known vulnerabilities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">VPNs are a good target for cybercriminals for a number of reasons, including:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Exposure:<\/b><span style=\"font-weight: 400;\"> VPN gateways are designed to allow remote users to gain access to the enterprise network. For this reason, they must be exposed to the public Internet to allow employees to authenticate and connect.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Importance:<\/b><span style=\"font-weight: 400;\"> As remote work grows, VPNs are becoming critical infrastructure for many organizations. Cybercriminals can deny access to VPN infrastructure as part of a Denial of Service (DoS) attack or to force a target to pay a ransom.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Login Portals:<\/b><span style=\"font-weight: 400;\"> Remote users need to authenticate to the VPN service in order to gain access. Cybercriminals take advantage of this fact and use VPN login portals in credential stuffing attacks to test weak or breached passwords and attempt to gain access to user accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Unrestricted Access:<\/b><span style=\"font-weight: 400;\"> A VPN is designed to provide a secure connection between an employee and the enterprise network. It does not include functionality to restrict access to certain resources or to perform security inspection on the traffic flowing over it.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Vulnerability:<\/b><span style=\"font-weight: 400;\"> VPN vulnerabilities are common. It is not usual for a VPN vendor to have at least one high severity vulnerability discovered each year, and often more than one is discovered.<\/span><\/li>\n<\/ul>\n<h3><b>Chinese Cyber Threat Actors Exploit VPN Vulnerabilities<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Not every vulnerability is created equal. Of the many vulnerabilities that are discovered each year, only a fraction of them are actively exploited in the wild. Whether or not a particular vulnerability will be exploited is based on a variety of factors, including potential impact, use of the vulnerable software, speed of patch deployment, and more.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When developing a patch management program, it can be difficult to determine which updates should be a priority. A good starting point is the vulnerabilities that attackers are actively targeting in their campaigns.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The United States\u2019 National Security Agency (NSA) <\/span><a href=\"https:\/\/www.zdnet.com\/article\/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span style=\"font-weight: 400;\">published a list<\/span><\/a><span style=\"font-weight: 400;\"> of the top twenty-five vulnerabilities that are currently being targeted by Chinese attackers. The list covers a wide variety of different software and vulnerabilities, but right at the top is a VPN vulnerability. Topping the NSA\u2019s list is a vulnerability in the Pulse Secure VPN. A specially designed malicious request can allow an attacker to read files on the server. This file read can be used to expose keys, passwords, or other sensitive information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If an attacker can exploit the Pulse Secure vulnerability (or any VPN vulnerability), there is a chance that they can compromise a user account or bypass the authentication on a VPN. If so, they can take advantage of the VPN\u2019s intended functionality: to allow remote access to the enterprise network.<\/span><\/p>\n<h3><b>Replacing VPNs with a Modern WAN Solution<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">VPNs have a number of different issues. A major problem with VPNs is that they were designed for a network infrastructure that no longer exists; one where the majority of an organization\u2019s users and resources were located on the corporate LAN. As resources and users move to the cloud and telework, attempting to use VPNs for the corporate WAN creates significant issues with network latency and performance.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is in addition to the security issues associated with a VPN-based WAN. VPN vulnerabilities are common, yet many organizations lag behind on their vulnerabilities management programs. This combination places these companies at risk of attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The use of a modern WAN solution, like SASE, helps to eliminate these VPN-specific issues. SASE offers a number of different features that VPNs lack, such as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Integrated Security:<\/b><span style=\"font-weight: 400;\"> A SASE point of presence (PoP) includes a fully integrated security stack. This enables it to provide the same level of security as routing traffic through the headquarters network without relying on centralized security infrastructure.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Network Optimization:<\/b><span style=\"font-weight: 400;\"> SASE PoPs integrate software-defined WAN (SD-WAN) functionality that enables optimal traffic routing between SASE PoPs. This optimized routing minimizes the latency of the SASE network.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Location Independence:<\/b><span style=\"font-weight: 400;\"> Many VPNs are implemented as physical appliances deployed on the corporate LAN. SASE PoPs are located in the cloud, enabling them to be deployed geographically near common traffic sources and destinations (cloud infrastructure, remote users, etc.). This minimizes the latency incurred by users due to their use of the SASE-based WAN.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">These features enable SASE to provide superior network performance and security compared to VPNs. However, the design of SASE also means that it is easy to implement it as a managed offering. This enables organizations to hand over responsibility for maintenance, eliminating the risk associated with managing the vulnerabilities that are so common with VPN solutions.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtual private networks (VPNs) are a commonly-used remote access solution. However, this does not mean that they are a good or secure one. VPNs are prone to vulnerabilities, and cybercriminals take advantage of this fact. The insecurity of VPNs, combined with their other shortcomings, is a good reason to consider upgrading to a VPN alternative. <\/p>\n","protected":false},"author":1,"featured_media":11075,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_jetpack_memberships_contains_paid_content":false,"jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[12892],"tags":[13267,14332],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>VPN Vulnerability Most Targeted By Chinese Hackers<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VPN Vulnerability Most Targeted By Chinese Hackers\" \/>\n<meta property=\"og:description\" content=\"Virtual private networks (VPNs) are a commonly-used remote access solution. However, this does not mean that they are a good or secure one. VPNs are prone to vulnerabilities, and cybercriminals take advantage of this fact. The insecurity of VPNs, combined with their other shortcomings, is a good reason to consider upgrading to a VPN alternative.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/\" \/>\n<meta property=\"og:site_name\" content=\"STechGuide\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stechguide\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/stechguide\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-23T16:34:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stechguide.com\/wp-content\/uploads\/2019\/05\/VPN-app-for-android.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"394\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sumit\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sTechGuide\" \/>\n<meta name=\"twitter:site\" content=\"@stechguide\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sumit\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/\",\"url\":\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/\",\"name\":\"VPN Vulnerability Most Targeted By Chinese Hackers\",\"isPartOf\":{\"@id\":\"https:\/\/www.stechguide.com\/#website\"},\"datePublished\":\"2020-11-23T16:34:28+00:00\",\"dateModified\":\"2020-11-23T16:34:28+00:00\",\"author\":{\"@id\":\"https:\/\/www.stechguide.com\/#\/schema\/person\/b46e405fdc018996326a4c26ad134b06\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stechguide.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"VPN Vulnerability Most Targeted By Chinese Hackers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stechguide.com\/#website\",\"url\":\"https:\/\/www.stechguide.com\/\",\"name\":\"STechGuide\",\"description\":\"Tech News, Tips and Rooting Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stechguide.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stechguide.com\/#\/schema\/person\/b46e405fdc018996326a4c26ad134b06\",\"name\":\"Sumit\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stechguide.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96f450f95b8a5dcb93928aed450ba912?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96f450f95b8a5dcb93928aed450ba912?s=96&d=mm&r=g\",\"caption\":\"Sumit\"},\"description\":\"Sumit is a Tech and Gadget freak and loves writing about Android and iOS, his favourite past time is playing video games.\",\"sameAs\":[\"https:\/\/www.stechguide.com\/\",\"https:\/\/www.facebook.com\/stechguide\/\",\"https:\/\/twitter.com\/sTechGuide\"],\"url\":\"https:\/\/www.stechguide.com\/author\/sumit227\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VPN Vulnerability Most Targeted By Chinese Hackers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/","og_locale":"en_US","og_type":"article","og_title":"VPN Vulnerability Most Targeted By Chinese Hackers","og_description":"Virtual private networks (VPNs) are a commonly-used remote access solution. However, this does not mean that they are a good or secure one. VPNs are prone to vulnerabilities, and cybercriminals take advantage of this fact. The insecurity of VPNs, combined with their other shortcomings, is a good reason to consider upgrading to a VPN alternative.","og_url":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/","og_site_name":"STechGuide","article_publisher":"https:\/\/www.facebook.com\/stechguide\/","article_author":"https:\/\/www.facebook.com\/stechguide\/","article_published_time":"2020-11-23T16:34:28+00:00","og_image":[{"width":700,"height":394,"url":"https:\/\/www.stechguide.com\/wp-content\/uploads\/2019\/05\/VPN-app-for-android.jpg","type":"image\/jpeg"}],"author":"Sumit","twitter_card":"summary_large_image","twitter_creator":"@sTechGuide","twitter_site":"@stechguide","twitter_misc":{"Written by":"Sumit","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/","url":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/","name":"VPN Vulnerability Most Targeted By Chinese Hackers","isPartOf":{"@id":"https:\/\/www.stechguide.com\/#website"},"datePublished":"2020-11-23T16:34:28+00:00","dateModified":"2020-11-23T16:34:28+00:00","author":{"@id":"https:\/\/www.stechguide.com\/#\/schema\/person\/b46e405fdc018996326a4c26ad134b06"},"breadcrumb":{"@id":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.stechguide.com\/vpn-vulnerability-most-targeted-by-chinese-hackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stechguide.com\/"},{"@type":"ListItem","position":2,"name":"VPN Vulnerability Most Targeted By Chinese Hackers"}]},{"@type":"WebSite","@id":"https:\/\/www.stechguide.com\/#website","url":"https:\/\/www.stechguide.com\/","name":"STechGuide","description":"Tech News, Tips and Rooting Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stechguide.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.stechguide.com\/#\/schema\/person\/b46e405fdc018996326a4c26ad134b06","name":"Sumit","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stechguide.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96f450f95b8a5dcb93928aed450ba912?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96f450f95b8a5dcb93928aed450ba912?s=96&d=mm&r=g","caption":"Sumit"},"description":"Sumit is a Tech and Gadget freak and loves writing about Android and iOS, his favourite past time is playing video games.","sameAs":["https:\/\/www.stechguide.com\/","https:\/\/www.facebook.com\/stechguide\/","https:\/\/twitter.com\/sTechGuide"],"url":"https:\/\/www.stechguide.com\/author\/sumit227\/"}]}},"jetpack_featured_media_url":"https:\/\/www.stechguide.com\/wp-content\/uploads\/2019\/05\/VPN-app-for-android.jpg","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/posts\/13255"}],"collection":[{"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/comments?post=13255"}],"version-history":[{"count":0,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/posts\/13255\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/media\/11075"}],"wp:attachment":[{"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/media?parent=13255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/categories?post=13255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stechguide.com\/wp-json\/wp\/v2\/tags?post=13255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}