December 10, 2024
Secure your VPN and prevent cyberattacks before the Holidays
The Dubex Incident Response team has been quite busy lately. We’ve observed that one of the most common methods adversaries use to gain access to networks is through VPN solutions that lack two-factor authentication (2FA).
We’ve noticed that some customers have 2FA enabled for certain user groups but not others. This could be due to service accounts that cannot function with 2FA, or even a misconfiguration where a specific type of OS does not require 2FA.
Once an adversary gains access to the network, it becomes relatively easy for them to access servers and either perform Kerberoasting or dump your entire AD database. They can then decrypt this data at their leisure to find accounts with administrative rights for later use or sale.
Some of you may not detect these attacks and are therefore unaware that a more destructive attack may be imminent. Others detect it but face a significant cleanup task, including password changes for users, service accounts, Kerberos, reporting to Danish data protection authorities, tightening VPN access, and more.
It’s quite unfortunate when you consider how easy it is to prevent.
Therefore, we at the Dubex Incident Response team strongly recommend implementing two-factor authentication as an extra security layer on your VPN, preferably before the holiday season. It’s not enjoyable to work under the flickering blue light of a screen while your family enjoys the holidays. We are more than happy to assist you during these days, but we would prefer that you get to enjoy the holidays.
5 security tips from us to you
- If implementing 2FA before the holidays is too extensive, consider disabling remote access during the holidays. If your employees can’t access it, neither can the adversaries.
- Ensure logging is in place. If an adversary gains access, it is much easier to ensure accurate reporting and knowledge of their activities.
- Set up geofencing – perhaps only allow access from Denmark. Yes, we know that adversaries can rent a Danish IP address, but this will still filter out most of them.
- Create an AD group and allow only these users to access via VPN.
- Ensure your firewall is patched – many vulnerabilities are circulating at the moment.
Secure your VPN now
By implementing these simple yet effective security measures, you can significantly reduce the risk of cyberattacks targeting your VPN. As we approach the holiday season, now is the time to strengthen your defenses and ensure your network is secure. Act today to protect your organisation and avoid the stress of a potential breach.
If you need assistance with securing your VPN or implementing 2FA, the Dubex Incident Response team is here to help.
