NSA Says Nation State Threat Actors Are Exploiting VPNs

The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued joint guidance on the use of a virtual private network (VPN). The agencies say that VPNs can be exploited by hackers to compromise devices.

NSA Director tweeted that VPNs may be used to steal credentials, execute malicious code, or read exfiltrate sensitive data. Organizations should invest in their own protection.

VPN gateways are popular targets for adversaries including nation-state sponsored hacking groups. Users should disable unnecessary features like web administration, Remote Desktop Protocol, Secure Shell, and file sharing. These features are most likely to expose users to security flaws. 

The guidance is intended for the Department of Defense, National Security Systems, and the Defense Industrial Base. However, it applies to all enterprise VPN users.

“VPN servers are entry points into protected networks, making them attractive targets. Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices,” said NSA Director Rob Joyce.

 Harden VPNs against compromise by reducing the VPN server’s attack surface through:

• Configuring strong cryptography and authentication
• Running only strictly necessary features
• Protecting and monitoring access to and from the VPN
• Disable the SSL/TLS proprietary or non-standards-based VPN fallback, if possible

For more information on how to select a secure VPN and further harden your network, read the full Information Sheet.