Security in Question – 3 Main Vulnerabilities VPNs Have

  • The cost of cybercrime could top more than $10.5 trillion by 2025 - a three-fold increase on its 2015 costs.
  • 2020 has seen a rise in the use of VPN and other similar network appliances to infiltrate corporate networks with bad intentions.
  • In the age of remote work and mounting challenges to online security, VPNs offer a solid solution to the issue of internet safety.

Cybercrime is rife in the wake of the COVID-19 pandemic. In fact, the UK has seen a 31% increase in security threats online during the height of the health crisis – leading to losses of over £6.2 million. The rise of remote work has posed a new challenge for businesses looking to secure their confidential information through the use of VPNs. However, for all the security virtual private networks offer, they still have their fair share of vulnerabilities.

The UK isn’t alone in having to deal with the rising costs of cybercrime. As the tools at the disposal of hackers becomes stronger, the financial fallout could snowball for organisations around the world.

(Image: Embroker)

As the data above shows, the cost of cybercrime could top more than $10.5 trillion by 2025 – a three-fold increase on its 2015 costs.

In the pandemic, VPN usage soared as more businesses transitioned towards remote work, and while virtual private networks are excellent at offering significant layers of protection to individuals and organisations alike, they’re not without their vulnerabilities. As it’s important to be aware of some of the more fragile facets of VPNs, let’s explore three key vulnerabilities and how to counter them:

The Danger of MITM Attacks

In a security breach known as ‘man in the middle’, or MITM, a criminal can enter a communication channel between an application and a user. The hacker might pretend to be the other party, or even listen in to a conversation without permission.

The user may have no idea that any underhanded activity is taking place, as the MITM can make it appear to be a straightforward information exchange. While a VPN can offer some form of protection from this through encryption, what often happens is that the VPN sends traffic out via a split encrypted tunnel in the name of cost savings, which means endpoints are left unprotected. SDPs avoid this issue by securing open endpoints, for instance. This can help to protect web traffic while safeguarding network access.

The best way of preventing the occurrence of MITM attacks is by avoiding the temptation of cutting costs when it comes to finding the right VPN for your needs. High quality, secure VPNs are less likely to skimp on leaving endpoints unprotected, giving you more comprehensive protection. Fundamentally, if you’re tempted to use a free VPN then it could be great for some casual use and streaming services internationally, but for heavy usage or the handling of sensitive data, be sure to explore more premium options.

No Protection From Phishing Scams

One of the most significant issues with VPNs is that they offer no protection from users if they fall victim to phishing emails. Phishing emails happen when a scammer sends a dubious link to your inbox along with some enticing text. Sometimes the links can pretend to involve parcel tracking, social media messages or just about anything else that could encourage users to part company with their usernames and passwords to websites or platforms.

As phishing generally involves emails and the voluntary giving up of sensitive information, there is very little that VPNs can do, and sometimes the use of a virtual private network can contribute to users feeling a false sense of security, and a level of invincibility in the face of such scams.

With this in mind, it’s vital that you remain vigilant when viewing links that may take you to websites with bad intentions. VPNs can offer a lot in the way of secure browsing, but it’s impossible for them to protect users who are willing to tell their passwords to cyber criminals. As in life, remember if something seems too good to be true, or if something else doesn’t seem quite right, it’s best to double-check the source or avoid giving up information that you wouldn’t supply to a stranger in the street.

2020 has seen a rise in the use of VPN and other similar network appliances to infiltrate corporate networks with bad intentions.

Ransomware VPN Intrusions

2020 has seen a rise in the use of VPN and other similar network appliances to infiltrate corporate networks with bad intentions. Since mid-2019, multiple vulnerabilities have been disclosed in VPN appliances from companies like Pulse Secure, Citrix, Palo Alto Networks and Secureworks among others.

Once proof-of-concept exploit code became publicly available for any of these vulnerabilities, cybercriminals began exploiting the bugs to gain access to corporate networks to steal their data.

While some ransomware incidents using this vector were reported in 2019, it was last year where we saw ransomware groups infiltrate VPN networks on a large scale as an entry point into corporate networks.

Across 2020, VPNs rose as the in vogue new attack vector among cybercriminals, with Citric network gateways and Pulse Secure VPN servers making for repeated targets according to a report published by SenseCy.

VPNs are extremely useful tools to keep your data protected from prying eyes. However, it’s important to pick virtual private networks with the right set of tools for keeping your data safe. Although ransomware attacks can be crippling for a remote business, some VPNs have built-in failsafes to ensure that your data can remain as safe as possible from attack.

For instance, secure VPN services like BlackVPN and BolehVPN have built-in kill switches that instantly disconnects all apps from the internet from the moment the VPN connection drops. Once the device connects back to a VPN server, the internet connection returns to the browser and other programs.

In the age of remote work and mounting challenges to online security, VPNs offer a solid solution to the issue of internet safety. However, it’s important that users do their homework in picking a service that suits their needs. While free VPNs can function well for some use cases, they’re certainly not a good idea for a multinational company with scores of confidential data. Do your research and pick a premium quality VPN that works for you. Although the thought of a subscription service may not seem appealing, it’s far better than seeing your data fall into the wrong hands.

Dmytro Spilka

Dmytro is a CEO at Solvid and founder of Pridicto. His work has been published in Shopify, IBM, Entrepreneur, BuzzSumo, Campaign Monitor and Tech Radar.
https://solvid.co.uk/

Leave a Reply