VPN Safety in the Face of Targeted Iranian Cyberattacks
On September 15, 2020, the CISA issued a dire warning: Iranian state sponsored actors are targeting VPNs during the time when businesses are relying on them to ensure network safety for their remote teams (see Iconic IT’s related press release).
Iran is no Stranger to Cyberattacks
Iran has been a player in the cybercrime world many times in the past.
Iran has been behind several notable cyberattacks, such as the 2013 hack that affected the Bowman Dam in Rye, New York. That attack was an IoT (Internet of Things) attack on the dam’s automated systems, and while the hackers didn’t actively use the data they had gathered, it was apparent that they could have caused serious chaos and damage with the information.
Prior to 2012, Iran’s cyber activities remained largely within their own country, including attacks against social media and their own elections. The most notable early external attack was uncovered in 2012, and revealed an ongoing espionage campaign using a spyware known as Madi.
At the same time Iran was orchestrating this incident, they launched more attacks against financial institutions. These cyberattacks continued to grow in sophistication, targeting both private networks and larger institutions such as the oil industry and casinos.
In January of 2020, however, the tensions between the US and Iran reached new heights after the country’s second-in-command, General Soleimani, was killed by an airstrike. Following this incident, Iranian hacking attempts jumped by 50%, largely targeting government networks. At its peak, these clusters of attacks numbered half a billion attempts each day.
While Iran isn’t considered to be as cyber-sophisticated as Russia or China, they are largely considered to be more capable of devastatingly destructive attacks while having far less concern for the risks involved in launching them. They are opportunistic and see a crisis to exploit vulnerabilities, such as tackling VPN safety when businesses are forced to rely on them for security.
The Current Threat: VPN Safety is Compromised
This latest Iranian threat puts VPNs at risk at a time when many businesses are using them to provide network safety for their remote workers. The threat crosses all industries, including financial, healthcare, IT, media, and insurance providers. VPN safety is a true concern to every business, especially those currently relying on a remote workforce.
The attack relies on open ports to infiltrate the network. Once they have gained access, they steal the credentials of top-level administrators and executives and launch a deeper, longer-lasting campaign to mine data. This long-term attack is known as an Advanced Persistent Threat, and can go unnoticed for months and, as has been shown in the past, even years.
Iranian state-sponsored actors are motivated by both their country’s agenda and financial gain. The hackers have been seen selling the credentials and the points of vulnerability online on the dark web in hacker’s forums.
Iran’s Modes of Attack
Iran uses many cyberattack modes, but their favorite tool is ransomware. DDoS (Distributed Denial of Service) is another common Iranian cyberattack, as is website defacing and data-wiping malware. A phishing attack in 2019 targeted the emails of top governmental officials, journalists, and Iranian expatriates globally. Additional targets included research and academic facilities as well as United States veterans.
The modes of Iranian cyberattack fall roughly into three categories:
- Destructive attacks: Wiping out the target’s data and operating systems to cause chaos
- Social media manipulation: Misinformation campaigns and spreading propaganda
- Espionage: Gathering national secrets or trade secrets from networks
Information gathered during an Iranian cyberattack is used to improve the country’s preparation to launch more sophisticated future attacks, and to engage in industrial or governmental data mining, looking for secrets they can leverage in their cyberwarfare.
VPN Safety Steps You Can Take to Protect Your Business’ Network
Staying a step ahead of the Iranian threat is important when keeping your network safe. Here are a few VPN safety tips your business can take to protect your network now.
Matt Lee, Iconic IT’s Director of Technology and Security, recommends that businesses protect themselves with security layers including multi-factor authentication:
“There have always been potential vulnerabilities with VPNs, but the stakes have never been higher,” explains Matt. “Any business not protecting its VPNs with common sense layers, including multi-factor authentication, is placing their network in jeopardy.”
VPN Safety Needs Encryption
Simply put, intercepted data that is encrypted will be received as “gibberish” to any receiver without the decoding keys. Nearly all VPNs offer encryption as part of their VPN safety platforms. To be truly safe, make sure your VPN offers three layers of encryption:
- Symmetric encryption to protect data in transit
- Public key encryption for data channel encryption key distribution
- Hashing to confirm data integrity
You may be tempted to use a free VPN, but these may not offer the solid layers of protection your network needs. Remember that free VPNs still need to make money from customers, so they may be thinner on protections than their paid competitors. Free VPNs will also offer only the bare minimum of protection to convince you to sign up, while their better platforms are considered upgrades to the basic plan.
Secure Wireless Networks
Businesses need to create policies around their remote workers’ use of public wi-fi. These connections aren’t secure, and many hackers lie in wait for an unsuspecting user to log on and access sensitive data.
There is a moment between the user’s log on and the device’s connection to the VPN. This interval, no matter how short, is when the data is most vulnerable. This is just one way that using an unsecured wi-fi connection increases a bad actor’s ability to jump into the network.
VPN safety will be highly dependent on the wireless network your employees use to access it.
Acceptable Use Policies
You may need to create a BYOD policy, like this free one from Iconic IT, if your employees are accessing the VPN or your network on personal devices.
Strict Password Requirements
Passwords should be complicated to avoid “brute force” attacks, a method where the hacker simply runs through possible combinations of password possibilities to gain access to the network. As a rule, your business should follow the GETSTRONG rules of password creation. Some of these rules include, among others:
- Never reusing passwords across multiple applications
- Using an authenticator
- Disabling password hints
- Longer passwords that contain between 12 and 50 characters, including special characters, numbers, and capital letters
Discourage employees from writing down passwords, and encourage them to use a password manager such as 1Password. You can use the password manager vault to store shared passwords, eliminating the need for each employee to remember individual application passwords.
Antivirus, Antispam, Firewall, and Other Protections
Make sure your protections are up to date, and all security patches installed. Remember that a “free” antivirus will most likely not provide the same levels as a paid version; this aspect of VPN safety is far too important to leave to unreliable antivirus solutions.
Layer your protections with other VPN safety tips to ensure you have no security gaps that can be exploited, and always follow good email practices to further protect your network from phishing attempts , paired with an excellent antispam filtering application.
Turn to the Professionals
Trying to secure your network was already hard, but remote work has put an even greater strain on businesses. Hackers were already taking full advantage of the work-from-home trend, but now professinal organizations are targeting the very thing businesses rely on to keep their network protected: VPN safety.
If you haven’t considered turning to a cybersecurity expert or an MSP, this is the time to reach out to the professionals. A professional IT provider can give you solutions and strategies for network safety.
Iconic IT provides the solutions small to medium-sized businesses need to protect their networks, including providing VPN safety strategies and dark web monitoring to ensure your business’ sensitive data hasn’t already been leaked or sold by Iranian state-sponsored actors or any other hackers.
Because Iran has been sharing hacked information on the dark web, Iconic IT is offering a free dark web scan along with a risk free, no obligation consultation to qualified businesses. Remember that your network could already be infiltrated; frequently, businesses aren’t aware until it’s too late. At a time when VPN safety is at risk from the Big Players, a dark web scan has never been so vital. Contact us to schedule your free dark web scan and a thorough consultation and review of your business’ IT strategies.