Firewalls and VPNs Under Siege as Businesses Report Growing Cyber Intrusions
A security researcher has discovered an ongoing cyberattack that is active, exploiting a newly discovered vulnerability in Fortinet's FortiGate Firewalls to infiltrate corporate and enterprise networks and has been conducting this activity for some time. A security advisory published on Tuesday by Fortinet confirmed the existence of the critical security flaw known as CVE-2024-55591 and indicated that the vulnerability is currently being exploited in the wild.
Nevertheless, cybersecurity experts are voicing their concerns over the possibility that malicious actors are exploiting this flaw as a zero-day vulnerability - a term that refers to a software vulnerability exploited before the vendor is made aware of or has issued a patch for it. According to a report by Fortinet, attackers may have actively targeted this vulnerability since at least December, many months before it was publicly disclosed and patched.
In particular, organisations that heavily rely on FortiGate Firewalls for perimeter defence face a significant threat when the vulnerability is exploited by exploiting CVE-2024-55591. As a result of the vulnerability's criticality, enterprises should apply security updates as soon as possible and examine their systems for any indications of unauthorized access as soon as possible. Even though zero-day exploits remain a threat, this development highlights the fact that cybercriminals are increasingly focusing on foundational network infrastructure to gain a foothold in high-value environments.
The use of virtual private networks (VPNs) as a critical defence mechanism against a variety of cyber threats has long been regarded as a crucial aspect of protecting digital communications from a wide range of threats. VPNs are effective in neutralising the risks associated with man-in-the-middle attacks, which involve unauthorised parties trying to intercept or manipulate data while it is in transit by encrypting the data transmissions. Through this layer of encryption, sensitive data remains secure, even across unsecured networks.
One of the most prominent use cases for VPNs is that they serve the purpose of protecting people using public Wi-Fi networks, which are often vulnerable to unauthorised access.
It has been shown that VPNs are significantly less likely to expose or compromise data in such situations because they route traffic through secure tunnels. Additionally, VPNs hide the IP addresses of users, thereby providing greater anonymity to users and reducing the possibility of malicious actors tracking or monitoring them.
As a result of this concealment, network resources are also protected against distributed denial-of-service (DDoS) attacks, which often use IP addresses as a method of overloading network resources.
Even though VPNs have been around for decades, their use today does not suffice as a standalone solution due to the increasingly complex threat landscape that exists in today's society. To ensure comprehensive protection against increasingly sophisticated attack vectors, it is important to integrate their capabilities with more advanced, adaptive cybersecurity measures.
It seems that conventional security frameworks, such as Firewalls and VPN,s are becoming increasingly outpaced as the cybersecurity landscape continues to evolve due to the sophistication and frequency of modern threats, which have increased significantly over the past few years. Businesses across many industries are experiencing an increasing number of breaches and vulnerabilities, and traditional methods of addressing these vulnerabilities are no longer capable of doing so.
Due to the widespread transition from on-premises infrastructure to remote and digitally distributed work environments, legacy security architectures have become increasingly vulnerable, forcing enterprises to reassess and update their defence strategies. Firewalls and VPNs were once considered to be the cornerstones of enterprise network security; however, in today's increasingly complex threat environment, they are having trouble meeting the demands.
In the past, these technologies have played an important role in securing organisational boundaries, but today, the limitations of those technologies are becoming increasingly apparent as organisations transition to a cloud-based environment and undergo rapid digital transformation. In the year 2025, technological advances are expected to change the way industry operations are conducted—for instance, the adoption of generative artificial intelligence, automation, and the proliferation of Iot and OT systems.
Despite these innovations, there are also unprecedented risks associated with them. For example, malicious actors use artificial intelligence to automate spear-phishing efforts, craft highly evasive malware, and exploit vulnerabilities more quickly and accurately than they could previously. In addition, as Ransomware-as-a-Service (Raas) is on the rise, the barrier to entry for hackers is dropping, enabling a broader set of threat actors to conduct sophisticated, scalable attacks on businesses.
To respond effectively to the complexities of a digitally driven world, organisations must adopt proactive, adaptive cybersecurity models that are capable of responding to the challenges of this dynamic threat environment and moving beyond legacy security tools.
There has been a significant shift in cybersecurity dynamics that has led to a worrying trend: malicious actors are increasingly exploiting Virtual Private Networks (VPNs) as a strategy to gain an advantage over their adversaries.
Since VPNs were originally developed as a way to enhance privacy and protect data, they are increasingly being repurposed by cybercriminals to facilitate complex attacks while masking their identity digitally. Because VPNs are dual-purpose devices, they have become instruments of exploitation, which poses a significant challenge for cybersecurity professionals as well as digital forensics teams to deal with.
There is one particularly alarming technique for using VPN software to exploit vulnerabilities, which involves deliberately exploiting these vulnerabilities to bypass perimeter defences, infiltrate secure systems, and deploy malware without being it. When attackers identify and target these vulnerabilities, they can easily bypass perimeter defences, infiltrate secure systems, and deploy malware without being detected.
Frequently, such breaches act as entry points into larger campaigns, such as coordinated phishing campaigns that attempt to trick individuals into revealing confidential information.
Further, VPNs are known for the ability to mask the actual IP addresses of threat actors, a technique known as IP address masquerading, which enables them to evade geographical restrictions, mislead investigators, and remain anonymous when they launch cyberattacks.
In addition to enabling adversaries to circumvent Firewalls, VPNs also offer the option of encrypting and tunnelling, thus enabling them to penetrate networks that would otherwise be resistant to unauthorised access with greater ease.
As a matter of fact, VPNs are often used as a means of spreading malicious software across unreliable networks. By using an encrypted VPN traffic, malware can be able to bypass traditional detection methods, thereby circumventing traditional detection methods. The shield of anonymity provided by VPNs can also be used by threat actors to impersonate legitimate organisations and initiate phishing campaigns, compromising the privacy and integrity of users.
VPNs can also facilitate the spreading of Distributed Denial-of-Service (DDoS) attacks, which is equally troubling. As these networks are anonymised, it makes it difficult to trace the origin of such attacks, which hinders the development of appropriate response strategies and mitigation strategies. This paradox underscores the complexity of modern cybersecurity, since one security tool can serve both as a tool for cybercrime and a tool for security.
Even though VPNs remain an important tool to keep users safe and anonymous, their misuse requires a proactive and multifaceted response. To combat this misuse, people need robust technological defences combined with ongoing awareness and education initiatives, which will help us address this misuse effectively. Only through such comprehensive measures can organisations ensure the integrity of VPN technology and ensure trust in the digital privacy infrastructure as long as the technology remains intact.
Check Point has issued a formal warning regarding the active targeting of its VPN devices as part of an ongoing increase in cyber threats against enterprise infrastructure. As a result of this disclosure, people have been reminded again that there is a sustained campaign aimed at compromising remote access technologies and critical network defences. It is the second time in recent months that a major cybersecurity vendor has released such an alert in the past couple of months.
According to Cisco, in April 2024, organisations are being warned about a widespread wave of brute-force attacks against VPNs and Secure Shell (SSH) services that are likely to impact several devices from Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti, among others. In the first observed attack around March 18, attackers used anonymised tools, such as TOR exit nodes, proxy networks, and other techniques to obfuscate and avoid detection and block lists, to launch the attacks.
In March of this year, Cisco had also noticed that passwords were being sprayed at their Secure Firewall appliances that were running Remote Access VPN (RAVPN) services. According to analysts, this is a reconnaissance phase, likely intended to lay the groundwork for more advanced intrusions to follow. Following a subsequent analysis by cybersecurity researcher Aaron Martin, these incidents were linked to a malware botnet dubbed "Brutus", which was previously undocumented.
Over 20,000 IP addresses were found to be associated with this botnet that was deployed from both residential and cloud-hosted environments, which greatly complicated the process of attribution and mitigation. The threat landscape has only been compounded by Cisco's announcement that a state-sponsored hacker group, also known as UAT4356, has been utilising zero-day vulnerabilities found within its Firepower Threat Defence (FTD) and Adaptive Security Appliances to exploit zero-day vulnerabilities.
Known by the codename ArcaneDoor, the cyber-espionage campaign has been ongoing since November 2023, targeting critical infrastructure networks as well as governments around the world as part of a broader cyber-espionage campaign. As the frequency and complexity of cyber attacks continue to increase, it is apparent that legacy perimeter defences are no longer adequate in terms of security.
A layered, intelligence-driven approach to security includes detecting threats in real time, hardening systems continuously, and responding to incidents in a proactive manner. As well as strengthening cybersecurity resilience, fostering collaboration between public and private sectors, sharing threat intelligence, and providing ongoing training to employees can make sure that they remain ahead of their adversaries.
There is no doubt that the future of secure enterprise operations is going to be determined by the ability to anticipate, adapt, and remain vigilant in this rapidly evolving digital age.
