ADACOM Red Alert – 06/03/2023

Recently we have investigated a large number of ransomware cyber-attacks through VPN service.

The cyber-attack methodology is as follows:

• Attacking the users or their device in order to obtain their credentials
• Unauthorized access via VPN using stolen credentials
• Lateral movements of the hacker within the organization’s network
• Identifying a vulnerability and exploiting it in order to become a domain administrator
• Installation of malicious tools
• Data extraction and system encryption

To protect against cyber-attacks through the VPN service, we recommend the following protection mechanisms:

• Installation of the latest security patches on firewalls that provide VPN services
• Provision of the VPN service only to users who are operationally required
• VPN access to Partners should only be provided through a Privilege Access Management solution
• Implementation of Users’ authentication through a Two Factors Authentication (2FA) or Multi Factors Authentication (MFA) solution
• Activation of the passwordless authentication mechanism for the 2FA/MFA solution
• Enabling Risk Based Authentication mechanism for 2FA/MFA solution in order to identify known cyber-attack patterns and high risk diversions
• Providing VPN access only for valid devices provided by the organization
• Hardening the remote devices used to access the VPN. Examples include:
  • Installation of endpoint protection solution
  • Installation of Endpoint Detection and Response solution
  • Activation of Personal Firewall
  • Manage the device through an MDM solution
  • Installation of all latest security patches

In the event that you become aware of or detect any cyber-attack, please do not hesitate to contact ADACOM’s Cyber-attack Emergency Response Team by phone at +30 210 5193760 or by email at cert@adacom.com