Skip to Content
Business Trends
Author's profile photo Muhammad Hamza Shahid

Black Hat Security Conference Leads Hackers to Attack Two Unpatched Enterprise VPNs

After this month’s Black Hat security conference, two popular enterprise VPNs got hijacked by cybercriminals, as their vulnerabilities were disclosed publicly by security researchers at Devcore.

The speech by Meh Chang (@mehqq_) and Orange Tsai (@orange_8361) revealed alarming findings about SSL VPNs, urging hackers to dig deeper into the proof-of-concept, included in a blog post on August 8th, 2019!

This blog provided complete information on the details and demo codes for a myriad of vulnerabilities for FortiGate VPN and Pulse Secure VPN, resulting in havoc for both VPN services.

Hackers chose to exploit the CVE-2018-13379 that affects FortiGate (installed on over 480,000 servers) and CVE-2019-11510 that affects Pulse Secure (installed on about 50,000 machines), remotely executing malicious code and password changes.

Patches for protection against these vulnerabilities did become available in May for FortiGate and in April for Pulse Secure. However, installing them can result in service disruptions, preventing enterprises from carrying out essential business tasks.

As such, many customers either avoided installing the patch or failed to update their VPNs when these patches were released. Unfortunately, they are now paying the price, as thousands have gained access to private passwords and accounts.

On Thursday, August 22, 2019, Bad Packet’s honeypots and internet scans also revealed that over 14,528 Pulse Secure VPN endpoints were undergoing exploitation.

This was a massive increase from the initial scan that found 2,658 unpatched servers. The vulnerable servers were found in 121 countries worldwide. Below is a round-up of the most affected countries and number of attacking attempts:

Similarly, reports of mass scanning activities for identifying and exploiting the vulnerable FortiGate SSL VPN started gaining traction. On Sunday, Kevin Beaumont stated that one of his honeypots recorded the “FortiGate SSL VPN backdoor being used in the wild.”

Customers of both companies are being instructed to update their VPNs to get the latest patches, as these enterprise-grade VPNs are essential for protecting access to highly-sensitive networks, which include:

  • Numerous Fortune 500 companies
  • News/media corporations
  • Major financial institutions
  • Electric and gas utilities
  • Hospitals and healthcare providers
  • Public universities and schools
  • U.S. military, federal, state, and government agencies

Wrapping Things Up

The researchers at Devcore have taken a crack at something huge. SSL VPNs were becoming the most popular way for remote access in enterprises.

Meh Chang and Orange Tsai were the only individuals who wondered; whether the trusted equipment is insecure. And, the answer has undoubtedly surprised everyone!

Assigned tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.