ADACOM Red Alert – 06/03/2023

Recently we have investigated a large number of ransomware cyber-attacks through VPN service.

The cyber-attack methodology is as follows:

  • Attacking the users or their device in order to obtain their credentials
  • Unauthorized access via VPN using stolen credentials
  • Lateral movements of the hacker within the organization’s network
  • Identifying a vulnerability and exploiting it in order to become a domain administrator
  • Installation of malicious tools
  • Data extraction and system encryption

To protect against cyber-attacks through the VPN service, we recommend the following protection mechanisms:

  • Installation of the latest security patches on firewalls that provide VPN services
  • Provision of the VPN service only to users who are operationally required
  • VPN access to Partners should only be provided through a Privilege Access Management solution
  • Implementation of Users’ authentication through a Two Factors Authentication (2FA) or Multi Factors Authentication (MFA) solution
  • Activation of the passwordless authentication mechanism for the 2FA/MFA solution
  • Enabling Risk Based Authentication mechanism for 2FA/MFA solution in order to identify known cyber-attack patterns and high risk diversions
  • Providing VPN access only for valid devices provided by the organization
  • Hardening the remote devices used to access the VPN. Examples include:
    • Installation of endpoint protection solution
    • Installation of Endpoint Detection and Response solution
    • Activation of Personal Firewall
    • Manage the device through an MDM solution
    • Installation of all latest security patches

In the event that you become aware of or detect any cyber-attack, please do not hesitate to contact ADACOM’s Cyber-attack Emergency Response Team by phone at +30 210 5193760 or by email at