Russian-speaking hacker forums have a list of a list of plaintext usernames, passwords, and IP addresses. ZDNet along with multiple sources in the cyber-security community verified the list’s authenticity. The list also included admin account details.
The Vulnerability
Security researchers noted a peculiarly consistent factor in all of the hacks. All of the Pulse Secure VPN servers were running firmware version with the CVE-2019-11510 vulnerability. Also of note, this seems to have been a very recent hack. Compared to other notorious hacks, the data was very quickly exfiltrated. Other malicious actors may spend a few months or years on a network before stealing data. This group acted in mere weeks.
Why Does This Matter?
Pulse Secure VPN is trusted by many companies as an access point to their networks. In a post-COVID reality, many employees find themselves working from home and connecting via VPN. By obtaining this information, hackers could easily access and steal company secrets.
As ZDNet put it, “The publication of this list as a free download is a literal DEFCON 1 danger level for any company that has failed to patch its Pulse Secure VPN over the past year, as some of the ransomware gangs active on this forum are very likely to use the list for future attacks.”
For more information on Malware research, visit VIPRE Labs blogs.
If you want a secure VPN alternative, VIPRE would recommend our Internet Shield VPN.
The post 900 Pulse Secure VPN Servers Exposed appeared first on VIPRE.
