![[New Wave] VPN Security as the Main Gateway for Hackers' Attacks: Thorough Inspection and Security Awareness Are the Only Answers](https://cphoto.asiae.co.kr/listimglink/1/2021051808235839709_1621293838.png)
Recently, hacking incidents have been occurring frequently, especially targeting major national institutions, industries, and large hospitals. A common factor in these hacking incidents is that hacker groups exploited vulnerabilities in Virtual Private Networks (VPNs) to attack internal networks. A VPN is a program that allows computers connected to a public network to be used and managed as if they were within an independent network (private network) through an encrypted internet connection. It is mainly used for building intranets in companies or institutions and is also frequently utilized in remote work environments that have expanded due to COVID-19.
Looking at attack patterns using VPN vulnerabilities, hackers often first hack a specific individual's computer among VPN users and then steal information that allows access to the VPN to infiltrate the internal network in a second phase. At this time, rather than finding and attacking high-level vulnerabilities in the VPN program itself, hackers target minor security weaknesses of individuals, such as not updating the VPN program or setting easily guessable passwords. Because secondary hacking through VPN vulnerabilities is disguised as access by internal users, it is difficult to detect the attack in real time, which can lead to prolonged information theft and greater damage, so special caution is required.
To prevent such critical VPN attacks, it is essential not only to strengthen the security of the program itself but also to ensure thorough security awareness among individual users. In particular, the initial password set in the VPN program must be changed, and it is also necessary to change passwords periodically. According to the Korea Internet & Security Agency, security threats such as malware infections exploiting unchanged default passwords frequently occur when using IoT devices like IP cameras and routers. It is also important to keep software updated regularly to maintain firmware at the latest version.
For IT managers in companies and institutions, attention must be paid to the security of all business software used for remote work, including VPN programs. This is because attacks exploiting VPN vulnerabilities as well as attacks through software supply chains are increasing. Hackers mainly use a method of stealing the source code of business software used by companies or institutions, inserting malicious code, and then distributing it. In this case, all client companies using the software become targets, causing the scale of damage to grow uncontrollably.
Software suppliers ensure that only software signed with the developer's code signing (digital signature) certificate is distributed to prevent man-in-the-middle attacks during the supply or update process. However, if hackers steal the code signing certificate in the middle, insert malware, sign it, and distribute it, users can easily mistake it for trustworthy software. Therefore, software suppliers must store and sign code signing certificates only on air-gapped PCs. Companies and institutions using the software should conduct more thorough security settings checks and, if necessary, regularly receive services such as simulated hacking and vulnerability assessments by experts.
There is no "royal road" to responding to increasingly sophisticated and cunning cyber threats. Only thorough security awareness starting from individuals and regular inspections can protect ourselves in the cyber war.
Choi Jeong-su, Head of Core Research Team, Raon White Hat
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
