CERT-In asks organisations to guard VPNs against cyber attacks

Federal cyber agency CERT-In on Tuesday warned of increased cyber attacks, including 'social engineering hits', on Virtual Private Network (VPN) being used by organisations these days to facilitate work from home for its employees in view of the nationwide lockdown to combat the COVID-19 outbreak.

In a fresh advisory, Computer Emergency Response Team of India (CERT-In) advised against social engineering attacks where cheats pose as genuine back-end support and obtain sensitive data from gullible employees.

These trends have emerged due to increase of online activity during the ongoing lockdown to contain the spread of COVID-19.

"The coronavirus pandemic has led many organisations worldwide to restrict their employees from coming to work in office and have advised them to maintain social distancing and to continue working from the safe environment of their homes.

"Organisations are using enterprise VPNs for communicating through emails, video conferencing and other chat tools. A VPN enables communication through secure online servers using encryption of data," the CERT-In said.

With a large number of organisations using VPN for business continuity, it said, attackers are finding vulnerabilities to target organisations for various cyber attacks.

"Therefore, organisations should set up a system in coordination with their information technology staff to secure the VPN service to maintain business confidentiality, integrity and availability," the CERT-In, a federal agency to combat cyber attacks to guard the Indian cyber space, said.

It also suggested that the organisations should sensitise their employees against increased phishing attempts where cyber criminals send emails or text messages posing as genuine person and take sensitive information.

"Pandemics like COVID-19 could lead to social engineering attacks. Employees need to be alerted about such attacks, wherein fraudsters could pose as a genuine organisation and send emails to obtain sensitive personal or organisation-level information," it said.

It also suggested some counter-measures and best practices for using VPNs, which included increased scrutiny of unauthorised activity using log analysis, detect attacks in a timely manner and respond to incidents.

They should also check their systems for Distributed Denial of Services (DDoS) attacks on VPN servers. In this, a cyber criminal blocks the service of the online system to the intended user by triggering a malicious activity.

"An attacker could conduct various DDoS attacks leading to crashing of the VPN server. Such attacks could also limit or cut-off system administrators from the servers leading to further compromise of the internal attack," it said.

It recommended multi-factor authentication (MFA) for using VPN accounts in order to "avoid any unauthorised activity during work from home, organisations should enable a MFA solution on all VPN accounts leading to better data security".

"Incase, MFA cannot be implemented, employees should be advised to use strong passwords to block any account takeover attacks," it said.

The agency reiterated that "latest software patches" should be used and advanced security configurations deployed to keep the VPN safe.

It also advised that all the IT teams of various organisations should test the VPN server for mass usage and encourage "rate limiting so that priority is given to users who require higher bandwidth".