Beware of hackers trying to hijack your VPN

25 May Beware of hackers trying to hijack your VPN

The best way to secure your Internet connection and keep your data safe is by using a Virtual Private Network or VPN service. VPNs create a secure virtual channel from your device to the internet, making it difficult for anyone, including your Internet Service Provider, to see your browsing activity. 

VPN providers also assign you a different Internet Protocol (IP) address which provides further privacy and allows you to bypass geo-restrictions imposed by some websites, content providers, and governments.

VPN software has been particularly instrumental for remote work during the pandemic. However, working from home is a security risk. Connecting to a company network without the protections offered by a VPN presents cybercriminals with a new attack avenue. This is why there was a corresponding uptake in VPN services as more of the global workforce transitioned to working from home. According to Statista, VPN usage in the United States increased by 124 percent during two weeks at the height of the first wave between March 8 and March 22, 2020. The situation was replicated in many other countries.

(Image source: Statista)

But, the protections afforded by a VPN amount to nothing if attackers can easily hack it. Let’s consider a recent case and see you cybercriminals hacked a popular VPN service to steal user credentials and other sensitive data. 

Case Study: How suspected Chinese Hackers Exploited Pulse Secure VPN

In late April 2021, security firm FireEye revealed that it had identified a dozen malware families spread out across several cybercrime groups, taking advantage of vulnerabilities in a popular VPN service known as Pulse Secure VPN. The victims were the usual high-value targets such as financial institutions, governments, and defense contractors globally. Criminals stole credential information, thereby improving their chances of gaining deep and sustained access. Even though the company worked quickly to provide mitigation, the damage was already done. 

So, how did attackers manage to hijack this VPN? Well, the problem lies in the type of encryption technology a VPN provider chooses. In this case, Pulse Secure uses SSL (Secure Sockets Layer). SSL and TLS (transport layer security) are ubiquitous encryption technologies that an increasing number of VPN providers rely on because they make logging into a company network more seamless. There are alternative and more secure technologies. Unfortunately, despite better security and reliability, the available options are clunky and complicated for users. 

Due to the pandemic, the shift to remote work has put SSL VPN vendors in the spotlight and greater scrutiny from security researchers. As a result, many VPN SSL vendors have had to implement security patches to fix serious flaws in their products. 

How to Prevent VPN Hijacking

It is evident from the Pulse Secure VPN case study that preventing VPN hijacking partly depends on the strength of the encryption protocol used to encrypt and transmit data. 

So, the first step to prevent VPN hijacking is to use the most secure and reliable encryption protocol. Thankfully, a good number of VPN providers now provide users with the option to select the encryption protocol within the VPN client. The most common options are OpenVPN (SSL/TLS), Internet Protocol Security (IPSec), Point to Point Tunnelling Protocol (PPTP), and Layer Two Tunnelling Protocol (L2TP).

However, due to the computationally demanding process of breaking encryption, most attacks involve the theft of encryption keys. 

A security flaw in your VPN can also allow DNS requests to forward to your ISP’s DNS servers, despite using a VPN service to conceal them. This issue is known as a DNS leak. 

There is also a known security flaw that can allow an eavesdropper to leverage a special interface (API) program. Web Real-Time Communication 樂威壯 (WebRTC) comes with most browsers and can be exploited to reveal your real IP address, even if your using a VPN.

So, where does that leave you? Well, the best VPN services are independently verifiable. In addition, cybersecurity companies like FireEye, McAfee, Palo Alto Networks, and more release regular security reports to inform users about known VPN vulnerabilities. So, do your diligence when acquiring a VPN service and stay regularly apprised by keeping a close tab of VPN security news and trends.