Commonly used VPN’s Fortigate and Pulse Secure targets of cyber attacks

The widely used VPNs Fortigate and Pulse Secure are the target of cyber-attacks that try to get hold of sensitive user data. The VPNs, which are installed on some 530,000 servers, have a number of weaknesses if they are not patched.

The weaknesses in these VPNs can be exploited by sending web requests to servers. A certain series of characters in the requests makes it possible for hackers to obtain data. With the attacks, hackers try to capture encryption keys, passwords and data in general.

The VPNs also have vulnerabilities that can be used by hackers to remotely run malicious code. Remote changing of passwords is also possible. Patches for the vulnerabilities were already available in April for Pulse Secure and in May for Fortigate. However, patching can be a crucial break in organisations’ processes. This is probably the reason why, for example, there are still 2658 vulnerable endpoints for the Pulse Secure VPN.

In addition to companies, government organisations, educational institutions and hospitals are also part of the places where vulnerable servers are used. Successful attacks by hackers can therefore affect a wide range of organisations.

Opportunistic attacks

Kevin Beaumont, an independent researcher, reported on Thursday that hackers were sending large amounts of code onto the Internet in order to get to grips with servers with the weaknesses. Troy Mursch, researcher at security research firm Bad Packets, tells us that any data that has been captured can in turn be used for malicious purposes.

“These scans target endpoints that are vulnerable to random file reading, leading to the disclosure of sensitive information about users’ encryption keys and passwords,” reports Mursch to Ars Technica. “This data can then be used to carry out further command-injection attacks and to gain access to private networks, allowing further malicious activity.