CERT-In (Computer Emergency Response Team of India) in a fresh advisory, warned about the intensified cyberattacks on VPNs ( Virtual Private Networks) due to the pandemic COVID-19. Increased illegal activities about social engineering attacks have been monitored by the Federal security agency and also suggested best practices for VPNs and counter-measures for the prompt identification of cyber-attacks.
Since the nation has gone on lockdown to fight the coronavirus pandemic, most companies have initiated work from home for their employees. The organizations promoted the use of VPNs, however, CERT-In issued a warning on cyber-attack threats on VPNs including the social engineering attacks that posed as a legitimate and trustworthy back-end to get confidential and sensitive data from the employees of the organizations.
According to the Federal security agency, CERT-In, many companies across the globe have encouraged their employees to remain isolated and start working from home due to the novel coronavirus outbreak. For safer communication, organizations and firms have been using corporate VPNs for video conferencing, emailing and other forms of communications. A VPN is a private network that allows communication via secured online servers using data encryption and also lets you access blocked sites such as Netflix. Since a vast number of companies have been using VPNs for their businesses, cyber attackers and criminals have been seeking cyber vulnerabilities to threaten the firms.
Cyber Attacks Warning
Therefore, CERT-In has warned about the cyber-attacks on VPNs and has advised the firms to set up VPN service protection programs by collaborating with their IT staff to preserve the confidentiality of their business. Firms have also been advised to raise awareness about the increasing cyber threats, phishing attacks, and other attacks attempted by cybercriminals among their employees. The companies should educate their employees about social engineering attacks and phishing attacks where the attacker acts as a trustworthy and legit entity in emails or text messages to obtain the confidential information of the organization. These steps will safeguard the credibility, availability, integrity, and confidentiality of the business.
Measures to Be Considered
CERT-In also advised some best measures and counter practices for using VPNs for the companies and their employees to combat cyberattacks and guard the Indian cyberspace. Their systems should be tested for cyber-attacks on VPN servers in support of DDoS. To crash a VPN server, cyber attackers can make a DDoS attack. A cyber attacker can create a malicious activity by blocking the operations of the online system. To prevent any suspicious behavior while using a VPN, multi-factor authentication (MFA) should be applied during work from home. If multi-factor authentication (MFA) is enforced on all the VPN accounts, then the data protection will be enhanced. If MFA is not possible, then organizations and employees are highly suggested to keep strong passwords that cyber attackers cannot takeover. Moreover, improved protections advanced security protections and the latest software fixes should be used by companies for better data security and avoidance of any unauthorized activities during work from home.
These warnings and measures recommended by CERT-In should be enforced by all the companies and they should alert their employees as well to prevent any leakage of their confidential and sensitive information.