Intelligence agencies in the United States and United Kingdom have issued a warning to customers using VPN services provided by Palo Alto Networks, Fortinet, and Pulse Secure. Specifically, the agencies say users should update their services to avoid attacks from state-sponsored advanced persistent threat (APT) groups.
Those groups are exploiting vulnerabilities in outdated versions of VPN services provided by the companies. By exploiting the flaw, the APT’s can conduct attacks around the world.
With the exploit, bad actors can gain access to devices using the outdates VPNs.
In the United Kingdom, the National Cyber Security Centre also issued a warning (separately from the NSA). According to the advisory, the flaws allow “an attacker to retrieve arbitrary files, including those containing authentication credentials.”
Bad actors can exploit the vulnerabilities to steal VPN user’s credentials and make adjustments to configurations. Once connected an attacks would be able to have control over a machine and introduce more exploits into the network.
“This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business and healthcare. These vulnerabilities are well documented in open source, and industry data indicates that hundreds of UK hosts may be vulnerable.”
Both agencies say there are steps users can take to avoid the flaws. First is to simply update the VPN services with the latest patches and security features. Furthermore, because the groups are targeting credentials, users are advised to update theirs. NSA also recommends removing any current VPN server keys and creating new ones.