Cybercriminals are smart, they will try to find the weakest link in security and exploit it. They are also opportunists and will launch campaigns that will net them the biggest returns. The migration of companies to remote ways of working and VPN technologies could be the start of the biggest cybersecurity breach in history.

As businesses seek to enable remote workers the use of VPN services has also ballooned in the past month. In the Netherlands VPN usage has grown by 240%, quickly followed by Austria and Canada, which have seen usage grow by 208% and 206% respectively. By flocking to these services the reward for attackers by compromising them dramatically increases.

Although VPN software is keeping businesses secure for the moment they are a potential ticking time bomb. An app called SuperVPN was recently removed from the Google Play Store. It was discovered that the app allows hackers to intercept communications between the user and the provider, and can even redirect users to a hacker’s malicious server. During testing, SuperVPN reportedly connects with multiple hosts, and some communications were found being sent via unsecured HTTP. While the communication contained encrypted data, it also included the key needed to decrypt the information.

Additionally,  a previously unknown vulnerability in an enterprise VPN software was exploited to compromise over 200 VPN servers and infiltrate the organizations that used the service. Search engine results for “VPN vulnerabilities” already return millions of results, and as VPN usage continues to grow we can expect to see more exploits hit the news.

To avoid the potential impact of a VPN related security breach and loss of business continuity organizations should re-evaluate their remote access strategy. Newer architectures like Zero Trust Network Access are a futureproof alternative and offer numerous security advantages over VPN hard perimeter-based approaches. Investigating and migrating to Zero Trust Network Access services now could yield massive benefits for businesses in the coming months.

To learn more about Zero Trust Network Access or remote access and how they can help your businesses please get in touch with one of our experts.