The NSA, CISA, and the FBI listed the common vulnerabilities and exposures of 10 known brands, including Cisco, Fortinet, Netgear, MikroTik, Pulse Secure, and Citrix.
In my last blog, I wrote about the recent warnings from the NSA and FBI on the vulnerability of VPNs. The warning caused alarm for many businesses and agencies using VPNs. The long-thought solid security of such a solution seemed to have been compromised forever - but I also hinted at how SCiON would be able to eliminate the fundamental flaw of VPNs. In this blog, I’ll shed some more light as to what this fundamental flaw is, and how SCiON can work with VPNs to eliminate it.
The need for security in a hyper-connected world
The world has become more connected than ever before. Banking is done from streetside cafes or daily commutes, C-level business meetings are conducted from home, and state leaders report from battlefields over the internet. All of these connections demand access to and storage of critical files and information across networks from around the world.
The catch is that public networks cannot be trusted with this information, as it is extremely vulnerable to cyber attacks and leaks.
Private networks were the primary answer businesses and governments had to protect critical information while preserving accessibility. As the world expanded and connectivity became a necessity, private networks were extended through the use of Virtual Private Networks. These could enable secure access to essential data and files from home offices and public networks safely and securely.
However, are VPNs still safe in today’s world and are they enough in the light of recent cyber security threats?
How does a VPN work?
According to Dataprot.net, approximately 1 in 3 internet users have used a VPN service, a number that has been growing exponentially over the past few years. However, few really understand how it works.
A VPN encrypts your data by redirecting your network traffic through a remote server. This means that if you use a VPN when you surf the net, the VPN server becomes the source of your data. Essentially, a VPN is a ‘tunnel’ to your private network. When you connect to the internet, it protects your identity and data until it reaches the private network on the other side. By acting as a proxy for your connection, third parties and cyber criminals have difficulty tracking you or your data, securing both.
Unless this server - or ‘tunnel’ - is compromised, third parties cannot see which websites you visit or what data you send and receive online. Even if someone were to see your data, it would not be readable until it is decrypted - which can only be accomplished by the VPN at your data’s destination, at the end of the tunnel.
One of the greatest drivers for VPN use is the concern around security. However, the security of VPNs has recently come into question.
Are VPNs really secure?
For a long time, VPNs were seen as one of the ultimate measures of online privacy protection. This belief was founded upon the non-existent challenges to the service during its early use. However, now that VPNs have grown in popularity, this is no longer the case.
VPNs have increasingly become a target for cyber attacks by malicious criminals, unscrupulous businesses and hostile nations. In fact, the NSA and FBI have recently issued an urgent warning for state-sponsored attacks that exploit VPN infrastructures.
The report lists state-sponsored cyber-attacks by nations like the People’s Republic of China and Russia which target VPNs when they’re most vulnerable - the moment when your data enters and exits the ‘VPN tunnel’.
The report goes on to list potentially compromised devices that negate the effectiveness of VPN services entirely. Through regular connectivity, household names such as Cisco, Fortinet, Netgear, MikroTik, Pulse Secure, and Citrix were named as devices that could become a threat to the privacy of VPN users.
How much of a threat are compromised VPNs?
For many organizations, VPNs represent secure connectivity over vast distances. This means that businesses are likely to share sensitive data, and governments are likely to use VPNs for confidential documents.
However VPNs are not a secure way to transmit such sensitive data. VPNs are particularly vulnerable to DDoS attacks. According to a research paper by the Institute of Information Security at ETH Zurich, only a small amount of malicious traffic is sufficient to crash VPN services. DDoS attack frequencies as little as 50mbps were proven to completely shut down popular VPN services. To put this into perspective, the average DDoS attack of 2021 was clocked in at 4.31 Gbps, nearly 862% higher than the amount found to crash popular VPNs today - a fact that attackers regularly take advantage of.
When such systems become compromised, the implications are serious. We only need to look at Russia’s cyber attacks on Ukrainian infrastructure, or incidents in Saudi Arabia and Texas where a cyber attack on critical infrastructure caused deadly explosions. In a world where critical infrastructure is digitally connected, relying on technology vulnerable to cyber attacks such as VPNs is not appropriate. The result of VPNs and devices becoming compromised could literally mean the difference between life and death - or at the very least, massive financial loss and governmental disruption. Governments, users and organizations need to find another way to protect their connectivity outside of VPN reliance. Thankfully, there already exists such a solution with SCiON.
The fundamental weakness
While VPNs hide data, their critical weakness is that their paths, while private, are known and detectable. This enables potential attackers to identify the data’s origin and where it is received using the VPN itself. By either crashing the service with a simple DDoS attack, or targetting where your data is sent from or to, attackers can intercept your data when the private VPN is no longer in use.
In other words, attackers don’t need to decrypt your data from the VPN service - they just need to wait for the VPN to decrypt it for them.
There’s no debate that VPNs contribute to a secure connection for businesses and governments - but they are no longer enough. Hostile administrations, cyber criminals, and hackers have constantly dedicated resources to overcoming whatever measures are implemented to protect data. The key is not to compete in a war of resources with such stakeholders, but to take your data off the table entirely.
This is now possible with SCiON.
The SCiON solution
SCiON eliminates the fundamental weakness of VPNs by eliminating the initial problem. It only reveals the data you send and the data travel information to trusted, authorized entities which are participants on the private network you are part of. VPNs are vulnerable precisely because attackers can track the path. SCiON completely hides the paths your data travels, so the prospect of your VPN getting attacked is not even possible.
For example, the Secure Swiss Financial Network (SSFN) is the SCiON-enabled network for financial institutions in Switzerland. Only financial institutions are participants in this network, which means that your data is only visible to those financial institutions while remaining entirely invisible to attackers outside the network. Without such information, VPN vulnerabilities and cyber attacks in general no longer become a concern.
With the high stakes of today, there is no recourse for lost information nor compensation for insecure data. If you would like to find out more, or simply patch up the vulnerabilities of your VPN connectivity, contact us today and protect your digital assets.
Anapaya Systems: offering the SCiON solution
Anapaya Systems AG is a Swiss company whose goal is to build an international ecosystem providing SCiON-based services for a more reliable, secure, and stable networking experience. Our solutions provide organizations around the globe with a way to transport critical business data securely and transparently across the network, sending information between corporate sites, trusted partners, and cloud providers. We recently launched the Secure Swiss Finance Network (SSFN) with the Swiss National Bank and SIX. We are located at Anapaya Systems AG, Hardturmstrasse 253, 8005 Zürich, Switzerland and represented by Martin Bosshardt (CEO) and Samuel Hitz (CTO). Click here to book a meeting and discover how we can secure your VPN connection.
Contact Marketing & Communications: ladines@anapaya.net