Organizations suffered from a slew of cyber-attacks during the pandemic due to exposed networks and liabilities in the VPNs used by them
IT leaders say that perimeter-guarding infrastructure has been riddled with easily exploitable liabilities that were taken advantage of by the cyber attackers in the past couple of months. The attacks ranged from exploiting a critical issue in F5’s Big IP application delivery software platform to hackers illegally using the organization’s VPN vulnerabilities, to launch ransomware attacks.
Ransomware Attacks are resulting in Longer Downtime for Enterprises
CIOs acknowledge that such attacks end up turning the software and hardware meant for organizational safety into beachheads for the network. F5 had announced the critical liability in its Big-IP application delivery device tagged CVE-2020-5902 on 1st July. Within two days, hackers were already scanning organizational networks to identify systems that exhibited compromised Traffic Management User Interface (TMUI).
The company voluntarily advised its client organizations to install the patch to avoid getting hacked, as the liability was quite easy to hack. IT security leaders advised companies to immediately install fixed versions of the software – and if it had not been done so – to follow incident response protocols to prevent loss of data.
Security leaders were able to set up environments with automation to search for threats and vulnerabilities due to containerized versions of the devices readily available on the market. IT leaders pointed out that the issue was due to technical debts. Each platform had several updates and features added to it for years. Companies have changed hands and security personnel ignored the need to restructure the software which the devices were built on.
CIOs believe that the maintenance of VPN security features is complex, and organizations with lax security protocols expose themselves to severe vulnerabilities. They advise the network admins to deploy strict traffic filtering measures to restrict IP addresses, protocols, and ports traffic to VPN appliances.
Security leaders point out that third-party vendors are bound to fail and organizations should be ready for such scenarios with a fail-proof defense-in-depth plan. Multiple fail-safes are necessary, with layered control to ensure effective solutions.
IT security employees bring up the issue of maintaining security measures, with most of the workforce working from remote locations with minimal-to-zero regards of security. They have been working hard to provide and deploy patches each time a vulnerability is detected. CIOs are pushing for restricting the network architecture to provide a more permanent solution to such attacks. Organizations need to shift the physical databases to the cloud and implement proactive threat prevention policies.
