The NSA and CISA have released a detailed guide pertaining to how organizations and individuals should select virtual private networks as they remain actively under attack and face exploitation from nation states and cybercriminals alike. The guide also features details on ways to deploy a VPN securely. The NSA stated that the guide will also be helpful to leaders in the Department of Defense, National Security Systems, and the Defense Industrial Base to ensure that the agencies recognize the risks of VPN and understand how to mitigate them.
The NSA stated that multiple nation-state APT actors have weaponized common vulnerabilities and exposures to gain access to VPN devices. This then allows the cybercriminals to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, highjack encrypted traffic sessions, and read sensitive data from a device. VPN servers are entry points into protected networks, and are therefore attractive targets to cybercriminals.
Read More: NSA, CISA partner for guide on safe VPNs amid widespread exploitation by nation-states
Read the Full Guide Here: Selecting and Hardening Remote Access VPN Solutions