NSA & FBI Issue Warning for State-Sponsored Attacks that Exploit VPN Infrastructures

Martin Bosshardt
Post by Martin Bosshardt
June 24, 2022
NSA & FBI Issue Warning for State-Sponsored Attacks that Exploit VPN Infrastructures
Multiple US federal agencies have issued a cybersecurity advisory warning about known vulnerabilities being exploited by state-sponsored cyber-attacks. Find out how SCiON addresses these vulnerabilities.

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a warning meant to protect the nation’s critical infrastructure, referencing the People’s Republic of China's (PRC) recent state-sponsored cyber-attacks exploit network providers and devices. While the suggested fixes can mitigate some threats, SCiON can eliminate the entirety of the threat by hiding VPN connections.

The advisory highlights sophisticated techniques used by PRC state-sponsored cyber actors that target and compromise a wide range of networks – from major telecommunications companies to home office routers. While these attacks exploit known vulnerabilities, they are increasingly dangerous as they threaten critical infrastructures and companies' business continuity worldwide.

The advisory highlights how common vulnerabilities are exploited. For example, telecommunications and network service providers were targeted through open source and custom tools to gain access to their VPN connections. The NSA, CISA, and the FBI listed the most common vulnerabilities and exposures of 10 brands, including household names such as Cisco, Fortinet, Netgear, MikroTik, Pulse Secure, and Citrix.

After describing the recommendations of the advisory, here's an outline of how SCiON can not only patch issues but remove the possibility of the problem entirely.

Primary Targets: Telecommunications & Network Service Providers

Major telecommunications and network service providers are on the hit list of these malicious actors, which utilize open-source router-specific software frameworks to identify makes, models, and known vulnerabilities. These tools enabled them to exploit enterprise routers by major industry providers, including Cisco, Fortinet, and MikroTik.

Upon gaining initial access to the network of telecommunications service providers, hackers identified critical users and infrastructure and targeted them to gain access. Armed with valid accounts and credentials, PRC state-sponsored cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure.

Since 2020, PRC state-sponsored cyber actors readily exploit publicly-identified vulnerabilities to compromise unpatched network devices. Network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as access points to victim accounts by using publicly available code to access virtual private network (VPN) services or public-facing applications – without using a distinctive or identifying malware.

This puts company data at risk and endangers business continuity and profits. Attacks such as these are costly and have a direct impact on the reputation of network service providers. Furthermore, these network service providers are critical infrastructures in any modern society relying on them for any basic task. The advisory issues a warning: update your software on time. We propose eliminating the possibility of a problem by securing your VPN connection with SCiON.

General Mitigation Tactics vs The SCiON Solution

General mitigation measures outlined in the advisory include applying patches as soon as possible, disabling unnecessary ports and protocols, and replacing end-of-life network infrastructure. These are old fixes to a problem that keeps evolving; SCiON offers a solution that can eliminate those threats as it hides your VPN connections on the internet.

While VPN has become an essential tool for companies that have adopted the flexible working setup for their employees, its security and privacy benefits are not enough. VPN users exchange encrypted data through a tunnel with the Enterprise IT infrastructure on the receiving end, over the Internet, and that's the weak point.

While VPN technology is necessary, it is not sufficient to placate the threats faced by modern-day companies. A VPN is a private tunnel connecting various points within the company to ensure a safe exchange of information. However, the endpoints of such tunnels are still exposed to the Internet and can be targeted with remote exploitation and DDoS attacks. SCiON hides the tunnel endpoints, which is why SCiON offers holistic protection for your VPN tunnels.

SCiON is a complementary technology to VPN because of its ability to hide paths, in this case, the VPN tunnel. Hidden path communication enables the hiding of specific path segments, i.e. certain path segments are only available for authorized entities as opposed to these segments being publicly available. By not exposing your VPN infrastructure to the public Internet, the risk of becoming a victim of the attacks mentioned above is eliminated.

Anapaya Systems: offering the SCiON solution

Anapaya Systems AG is a Swiss company whose goal is to build an international ecosystem providing SCiON-based services for a more reliable, secure, and stable networking experience. Our solutions provide organizations around the globe with a way to transport critical business data securely and transparently across the network, sending information between corporate sites, trusted partners, and cloud providers. We recently launched the Secure Swiss Finance Network (SSFN) with the Swiss National Bank and SIX. We are located at Anapaya Systems AG, Hardturmstrasse 253, 8005 Zürich, Switzerland and represented by Martin Bosshardt (CEO) and Samuel Hitz (CTO). Click here to book a meeting and discover how we can secure your VPN connection.

Contact Marketing & Communications: ladines@anapaya.net