21 Million VPN User Records Leaked; will VPN be substituted by SASE?

Sicherheit (Pexels, allgemeine Nutzung)[German]Currently, there seems to be a hitch with SSL VPN connections. Last week, a database dump was posted on Telegram with 21 million user data/login details from VPN providers SuperVPN, GeckoVPN and ChatVPN. An exploit for an unauthenticated remote code execution vulnerability exists for Cisco RV340 SSL VPN routers. In India, a VPN provider is intending withdrawal due to new laws. And Palo Alto is addressing the question of whether VPN will be replaced with SASE.


Advertising

21 million VPN user data posted

On May 11, 2022, a Twitter account posted subsequent tweet warning of this data leak. The names mentioned, GeckoVPN, SuperVPN and ChatVPN, are all free VPN service providers. The dump was posted on Telegram on May 7, 2022, according to this article. Security researchers from VPNMentor have published the details in this article

Dataleak: 21 million user data of SuperVPN, GeckoVPN and ChatVPN

According to VPNMentor, the published records included 10 GB of data and 21 million unique records. The information included the following users' personal data:

Full names
User names
Country names
Billing details
Email addresses
Randomly generated password sequences
Reward status and validity period

It appears that the passwords were either hashed and salted or randomly stored (without collision). This means that cracking the passwords is more difficult. 99.5% of the email addresses were Gmail accounts (is much higher than the average percentage). It may also mean that the group that shared the dump only shared a subset of the data and not the entire dump. The dataset is not that entirely new; in fact, this dataset was already being traded on the darknet in 2021. Details can be read in the article above.


Advertising

Regarding VPNMentor, I would like to note that this now belongs to Kape Technologies (a company that bought various VPN comparison sites and VPN services and has a not-so-clean past). See also my article Former malware distributor buys ExpressVPN, CyberGhost etc.

VPN provider: Retreat from India

India has introduced a bill that requires ISPs to log certain information about users and report privacy violations to the government within a short period of time. This is causing trouble for some VPN providers who do not want to log precisely this user data.

NordVPN withdraw from India

Industry leader NordVPN, which says it does not store server logs to protect the privacy of its users, could pull out of India with its servers, according to the above tweet, if the government forces the company to comply with new user data sharing requirements starting in June. 

Exploit for Cisco RV340 SSL VPN

Last week I addressed a risky vulnerability in SonicWall products (see SonicWall Security Advisory: Patch SSLVPN SMA1000 vulnerabilities immediately). But Cisco also has a vulnerability in the Cisco RV340 SSL VP routers,  that allows unauthenticated remote code execution. I came across the issue via the following tweet from Nicolas Krassas, which is described by PacketStorm-Security in the post Cisco RV340 SSL VPN Unauthenticated Remote Code Execution.

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

Their security researchers have published a Metasploit module that exploits a stack buffer overflow in the SSL VPN functionality of the Cisco RV router series. The default SSL VPN configuration is exploitable because no authentication is required and it works over the Internet! Successful execution of this module results in a reverse root shell.

This module has been tested in firmware versions 1.0.03.15 and higher and works with about 65% reliability. The service is automatically restarted, so testers can try until you get past it. Only the RV340 router was tested, but other RV series routers should work without issue. Cisco released this security advisory on May 4, 2022, with details on affected models and a firmware update 1.0.03.27 to close the vulnerability.

VPN will be substituted with SASE

I have had the information for some time now. Security vendor Palo Alto Networks has put some thought into VPN and predicts that this technology will be replaced by SASE in the future. SASE is a term introduced by Gartner that stands for Secure Access Service Edge. It's a technology that brings together software-defined networking capabilities with network security. The cloud-based architectural concept is a combination of an extended and branch office-provided SD-WAN edge and comprehensive security services that run over the cloud.

The background is that millions of employees will routinely work both from home and in the office in 2022 after nearly two years of remote work. This transition from pure telecommuting to hybrid work offers companies the opportunity to create a stable foundation for their employees. By giving them the policies, tools and guidance they need to minimize disruptions, employees can safely and productively take advantage of their new hybrid work environment.

Palo Alto Networks sees these hybrid work models as permanent. More and more organizations are looking to formalize the adoption of hybrid working on a permanent basis. This will put additional pressure on security modernization initiatives, which for most organizations took a back seat to network expansion during the pandemic. According to the State of Hybrid Workforce Security 2021 study, 61 percent of organizations are struggling to provide the remote security needed to support home-based workplaces. As employees return to the office in greater numbers, the pressure on the WAN will become even greater due to increased use of collaboration tools and video, further increasing the need for SD-WAN. Here are some assessments from Palo Alto on this topic.

The end of "Remote Access VPN"

Out of necessity, many enterprises responded to the pandemic by quickly expanding their existing VPN capabilities. However, VPN was never intended to be deployed at such scale, and enterprises are now moving to SASE (Secure Access Service Edge) to provide scalable, secure access at the network edge.

To be sure, this transition won't happen overnight, Palo Alto Networks said in its assessment. But by 2022, SASE, which provides secure remote access to applications and services based on defined access control policies, will be widely deployed, its analysts write. Organizations that adopt this approach not only improve their scalability and ease of use, but also their security posture and better align with Zero Trust principles.

Office presence in the age of hybrid work

As businesses and employees determine what the new normal of hybrid working will look like, office presence can be expected to come in waves that ebb and flow depending on local and national regulations, business needs and employee preferences. This dynamic will challenge IT teams to provide consistent experiences and drive interest in new technologies such as Digital Experience Monitoring, according to Palo Alto Networks. Consistency refers to how users interact with different enterprise applications and access data and other services across all locations – home office, branch offices and corporate campuses.

Resurgent consumers with high expectations

Despite the current wave of infection from the Omikron variant, the combination of pandemic fatigue and effective medical treatments will mean consumers will shop, dine, travel and experience more in 2022 than they have in the last two years. Companies should be prepared to serve these customers and engage with them through digital and personal experiences. The emphasis is on experiences, as expectations will be for enhanced, personalized and powerful experiences.

It will become increasingly important for IT managers to have a complete view of the user experience journey across the network infrastructure – and at all points within a service delivery chain – according to Palo Alto Networks. Likewise, it's important to autonomously troubleshoot user connectivity issues. Autonomous Digital Experience Management (ADEM) is an emerging technology that can help organizations meet increased customer expectations.

Securing home environments critical to network security

Now that hybrid working has become normal, the home network is in many ways the weakest link for attackers in an enterprise. At home, work is more likely to be done from personal devices and accounts, providing soft targets that operate out of sight of the security team. In 2022, the home office will become a place where the enterprise and its employees share responsibility for cybersecurity.

SASE is the architecture for the hybrid workplace

Currently, Palo Alto Networks believes there is a unique opportunity to purposefully design networks to be as flexible and scalable as businesses need them to be. Security, meanwhile, needs to be understood as something integrated rather than bolted on. This allows the user to take center stage, creating myriad opportunities and enabling the future of work. SASE can help organizations successfully navigate the transition to hybrid working in 2022 and beyond.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).