Like their private-sector counterparts, government employees have relied heavily on virtual private network (VPN) services to sustain operations while working remotely over the past two years. It’s no coincidence that there’s been a marked surge in cyberattacks that exploit VPN vulnerabilities over that same period.
According to a study from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), three of the most frequently exploited vulnerabilities over the past two years were discovered in VPN services. In perhaps the most noteworthy example, it was discovered in April 2021 that suspected China-backed hackers used VPN exploits to breach multiple government agencies, defense companies and financial institutions in both the U.S. and Europe.
That illustrates the paradox of VPNs — they are essential security tools, but they can also be an entry vector for a broad range of cyber threats.
VPNs create encrypted, secure connections to an external server, which then routes traffic across the public Internet to the agency network. They are attractive targets for several reasons. Since they are usually accessible directly from the Internet, they are susceptible to network scanning, brute-force attacks and zero-day vulnerabilities. Additionally, they aren’t always updated regularly. VPNs are expected to be operational and available at all times, so IT teams are often reluctant to take down systems so they can install updates and security patches.
CISA and the National Security Agency (NSA) report that multiple nation-state actors have weaponized common vulnerabilities and exposures (CVEs) to exploit VPN access. In some cases, exploit code is freely available online. Exploitation of these CVEs can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions and read sensitive data from the device.
To address the risks, CISA and the NSA have developed guidelines for selecting and hardening remote access VPN solutions. They advise government agencies to choose solutions that have been tested and validated by the National Information Assurance Partnership (NIAP), a government program that oversees the evaluation of IT products.
The AnyConnect Advantage
Cisco’s AnyConnect Secure Mobility Client is among the few VPN products recommended. However, it is much more than a VPN client. It is a unified security endpoint agent that delivers multiple security capabilities, including:
- Unified endpoint compliance. A posture module continuously checks the state of AnyConnect software and automatically updates antivirus, anti-malware and anti-spyware when required. It also monitors operating systems, hardware and applications to verify compliance.
- Secure network access. Administrators control which users and endpoints are allowed to connect to networks or resources. The access module also supports high-speed data encryption along with accepted protocols for authentication, authorization and accounting.
- Web security. Agencies can use either the on-premises Cisco Web Security Appliance to identify web-based threats, automatically block risky sites and test unknown sites before allowing users to access them.
- Network visibility. A visibility module allows administrators to identify which users and devices are accessing the network, and to monitor their application usage. This enables quick identification of potential breaches.
- Off-network protection. Devices are protected even when they’re off the network through integration with Cisco’s Umbrella Roaming cloud-delivered security service. Security is enforced at the DNS layer to protect against malware, phishing and command-and-control callbacks.
- Broad device support. AnyConnect clients are available for a wide range of operating systems, including Windows, macOS, Linux, iOS, Android, Windows Phone/Mobile, BlackBerry and ChromeOS.
VPNs allow remote workers to connect to essential network services, applications and data. However, older, unpatched VPNs can also create unnecessary vulnerabilities.
Cyberattacks that exploit VPN vulnerabilities are on the rise.
To learn more about using Cisco’s AnyConnect Secure Mobility Client to enhance the security of your remote workforce, call us at (800) 217-0933 or contact us online.