Most Recents
Things to Consider When Outsourcing Your Mobile App Development Project
Beware of These 7 Popular Cyber Security Threats
Find a Top Mobile App Development Company That Fits Your Needs
Importance of Developing a Website for Your Business
App Store Review Guidelines: 5 Mistakes to Avoid for Successful iOS App Submission
Android App Development Libraries You May Find Trending in 2023
Creating A Money Making App Gets Easy… Know How
Want to Make Your Game App Successful? Here is the Success Mantra For You…
How Monetization Trends are Revolutionizing Mobile Game Apps
Ensure a Successful Business with These Potential Travel App Ideas
Know How Cyber Security and Physical Security Are Similar
What do the Statistics say about Mobile App Development Growth in 2023
Benefits of Promoting Your Business Using Mobile Games
Find the Popular Frameworks in the Market Used for Mobile App Development
Metaverse and Its Five Essential Features
Watch Out For the Ruling Trends in Mobile Game App Development
Essential Tips to Help You Create Successful Game Apps
Fintech vs Techfin: Where Does the Future of Banking Lies?
Vulnerability Management Process: The Crucial Way to Maintain Your Cyber Security Posture
Why React Native Framework is the Right Choice for Hybrid App Development
Why Do You Need Financial Software Development Service for Your Business
Importance of Fintech Solutions in This Digital Age
Learn Why it Important To Integrate Content Marketing & SEO
How Mobile Apps Are Making A Difference in Real Estate Industry
10 Useful Tips to Create Highly Engaging Social Media Content
Building A Website Gets Easy Without Coding
Five Main Stages of Game Development
Top SEO Trends You Must Follow in 2022
Things to Learn for High-End App Development in 2022
The Right Strategy to Make Your Mobile App Equipped with Sound Social Networking Tools
6 Common Mistakes in Ecommerce Website Development To Avoid
The Year 2021 and The Challenges In Cybersecurity Industry
Top Benefits of Having an Impactful UI/ UX Design For Your App
Useful SEO Tips For Small Businesses Website Optimization
Know The Different Channels Important To Build Your Online Reputation
Structured Data: An Important Tool in SEO to Mark Strong Online Presence
Learn the Different Strategies to Use for B2B Lead Generation in Digital Marketing
Things to Consider Before Launching Your App in Google Play Store
Google’s Page Experience Update Now Fully Rolled Out- Here’s What You Can Expect
7 Useful Tips to Ensure the Best Android App Development
Learn Professional Web Development Tips to Build an Efficient Website
Learn the Effective Ways to Manage Your Online Reputation
Three Principles Every User Experience Designers Should Follow
Top 5 Benefits of Integrating Cyber Security Services with Your Business
Google’s New Safeguards for Minors to Create Safer Space on the Internet
Benefits of Android Game Development You Must Not Ignore
Google Removes Safe Browsing and Ad Experience Widgets from Page Experience Ranking Signal Criteria
Google Changes Eligibility for Fact Check Rich Results
Why You Need To Hire an Online Reputation Management Company for Your Business
Complete Guide on 2d and 3d Game Development
MITRE Engenuity releases first ATT&CK evaluations for Industrial Control Systems Security Tools
WordPress SEO: 3 Quick and Easy Hacks for PageSpeed & Core Web Vitals
Researchers Reveal New Trick of Hackers to Disable Macro Security Warnings in Malicious Office Files
Top PHP Development Tools Leading Website Development Company Uses
Cloud Security Analysis Solutions: The Next Step to Make Your Data Secure
Learn How to Optimize Your Site for Google’s Page Experience Update
Amid Rising Cybersecurity Threat Indian Military Personnel to Get Trained in the US on Cyber Warfare
How the Network Change in Pandemic Steered to Must Cybersecurity
7 Reason You Should Get Mobile App for Your Business
Google Rolls Out New Spam Algorithm Update: What Changes You Can Expect
Top 10 Benefits of Unity Game Development
VPN Attacks: A Rising Threat for Remote Work in the COVID-19 Era
Google Releases New Framework to Prevent Software Supply Chain Attacks
GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
Read Key Highlights of Google Ads API version 8.0
Here How the Gaming Giant EA was Hacked
Know How A Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
Learn How to Find the Best UI/UX Development Company
Trends of 2021 Every Top Cyber Security Company in India Follows
Improve your Conversion Rate with 10 Essential Elements of Good SEO
Google Announces New Features for App Advertisers to Improve ROI
FragAttacks: Set of New Vulnerabilities that Expose Nearly All Wi-Fi Devices to Attacks
Latest Technologies and Trends in Mobile Game App Development
Babuk – How a Newcomer soon becomes a Growing Ransomware Threat
5 Characteristics of the Best Digital Marketing Services Provider
Here are the Tips to Choose the Best Game App Development Company
7 Reasons to do Search Engine Optimization for your Website
Integrating AI with Cyber Security – Tomorrow of Cyber Security
How Much Does HIPAA Compliance Cost?
Best Android Game App Development Company Doesn’t Miss out Following Features
Effective Voice Search Statistics for 2020
Android 10: Everything You Need to Know
How to Make Massive Money with Mobile Apps In 2020
Drastic boost in mobile gaming during coronavirus lockdown
Cyber security – A Tool to Address Digital World’s Major Issues; Cyber Attack
5 facts to keep in mind before hiring Game app development Company in India.
Best iOS games app development
Tab 1
VPN Attacks: A Rising Threat for Remote Work in the COVID-19 Era

Attacks against virtual private network (VPN) products from Fortinet and Pulse Secure have surged dramatically in the first quarter of 2021. A recent report released by Nuspire, a leading managed security services provider (MSSP), revealed that threat actors managed to gain an initial position in the network using a compromised VPN password, resulting in huge data loss and disruption to several services.
These incidents reported in the investigation indicate the failure to provide an additional layer of security to VPN accounts, along with the malicious actors taking advantage of unpatched vulnerabilities disclosed earlier
Sourced from its 90 billion traffic logs, the “2021 Q1 Threat Landscape Report” outlined the following concerns.
- Attacks against Fortinet’s SSL-VPN jumped to 1,916% in the first quarter of 2021 and a 1,527% spike in the attacks against Pulse Secure VPN.
- To launch cyberattacks, threat actors tried abusing flaws that were disclosed earlier. Two highly targeted flaws included a path reversal vulnerability (CVE-2018-13379) affecting Fortinet VPN and a file distribution vulnerability (CVE-2019-11510) in Pulse Secure Connect VPN.
Having flaws in their respective products, both the vendors were issued patches a long time back. Even the security analysts have been warning them for some time about the high adversary concern in the vulnerabilities. In fact, in January 2020, Tenable had warned of threat actors leveraging the flaw detected in Pulse Connect Secure to distribute the ransomware strain named Sodinokibi. Later in April, the NSA, FBI, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) detected Russia's Foreign Intelligence Service (SVR) as targeting the Fortinet and Pulse Secure VPN flaws in attacks against US and allied networks.
“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, Nuspire Chief Security Officer. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”
Recently, the cyber forensic team of FireEye’s Mandiant discovered four new malware tools that weaponized Pulse Secure vulnerabilities. Threat actor groups- UNC2630 and UNC2717- used tools called, Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse to establish tenacity on devices connected to Pulse Secure VPNs. The attackers used these tools to launch attacks against defense, government, technology, transport, and financial entities in the U.S. and Europe.
In the first week of June, another incident of malicious attacks via a SonicWall VPN flaw was also reported. Malicious actors exploited an old vulnerability (CVE-2019-7481) in the VPN to compromise older SonicWall SRA 4600 VPN devices.
These reported attacks on VPNs indicate that threat actors can find many ways to exploit and monetize a vulnerable VPN. Further, the slow response shown in patching the vulnerabilities allows adversaries to launch attacks against vulnerable endpoints. Once they get in, navigating to exfiltrate information and deploying malware becomes easy.
Jerry Nguyen, director of threat intelligence and rapid response at Nuspire, has stated that the large spike in activity targeting VPN devices in Q1 2021 had to do with organizations not patching these vulnerabilities despite previous warnings.
"The US CIRT released a number of reminder alerts that attackers were looking at these VPNs and people should patch," Nguyen says. "The biggest thing we are seeing with VPNs [is that] everyone is looking at the endpoint and not the perimeter when they need to look at both."
Declining Trend In Other Malicious Activity
Ironically, the VPN attacks increased amid an overall decrease in malware, botnet, and other types of exploit activity. Nuspire's analysis of threat data from the first quarter of 2021 indicates a declining trend in malware activity by more than 54% in comparison to Q4 2020. There’s a significant drop in vulnerability exploit activity, other than that targeting VPNs, nearly 22% compared with the previous quarter and while botnet activity declined by some 11%.
According to Nguyen, it is the law enforcement's takedown of the massive Emotet operation in January that relatively led to a sharp drop in malware, exploit, and botnet activity.
"Emotet has consistently been one of the top trending malwares in our threat reports, and it created a vacuum when shut down," Nguyen says.
However, the present trend is likely temporary and it can once again go upward in the last quarter.
"I would expect another malware family, such as TrickBot, potentially to begin to trend more or a new malware variant take over," Nguyen says. "Threat actors will not just stop distributing malware. They will adapt and move on to something new."
Josh Smith, the security analyst at Nuspire, has suggested enterprise organizations pay close attention to remote access security involving VPNs and Microsoft's Remote Desktop Protocol — another popular target for attackers. Both technologies offer malicious actors wide access to a network for deploying ransomware. Organizations should monitor their technology asset and ensure applying security patches without any delay. Implementing multifactor authentication (MFA) is also vital, he says.
"End users may find it frustrating to have to enter MFA codes, but if credentials are leaked that allow access to a remote service, MFA can be the difference between a successful breach or stopping a threat actor’s access," said Josh Smith.
How to Prevent Attacks
The situation due to the global pandemic COVID-19 led to the advent of an era where organizations are shifting to remote working culture and moving their infrastructure, networks, and applications to the cloud. However, loose security ends make everything accessible to users and threat actors. Cybercriminals have become more active in this era and involved in conducting widespread scanning and exploitation against systems. Thus, more unexpected trends can be observed in 2021. VPN, a vital tool for remote working, remains one of the biggest targets to breach security endpoint systems. Therefore, organizations should always be watchful of potential attacks and apply patches immediately after they are released by vendors.
Webmobril Technology is the leading cybersecurity expert in India, providing robust solutions to organizations to protect their data and networks.