Is the VPN Era Ending? Insights for Security Leaders 

by | May 16, 2024

The landscape of VPN technology is rapidly changing, signaling potential obsolescence as new threats specifically target these technologies. In recent research by Veriti, we’ve observed a significant increase in attacks on VPN infrastructures, with a focus on exploiting vulnerabilities that have been prevalent but not always prioritized for remediation. 

In the past few weeks alone, numerous instances of VPN exploits have been documented, with attackers using sophisticated methods to deploy ransomware through vulnerabilities in outdated VPN technology. 

In a documented case, Veriti observed an attack originating from Russia, where automated exploits targeted multiple security products, exploiting known vulnerabilities:  

  • Fortinet Multiple Products Authentication Bypass – CVE-2022-40684 
  • Citrix NetScaler Information Disclosure – CVE-2023-4966 
  • Fortinet FortiOS SSL VPN Directory Traversal – CVE-2018-13379 
  • Pulse Connect Secure File Disclosure – CVE-2019-11510 
  • F5 BIG-IP Configuration Utility Authentication Bypass – CVE-2023-46747 
  • Ivanti (MobileIron) sentry auth bypass attempt - CVE-2023-38035 
  • Connectwise screen connect auth bypass check - CVE-2024-1709 
  • Cisco iOS xe privilege escalation attempt - CVE-2023-20198 
  • Palo.Alto.Networks.GlobalProtect.Command.Injection - CVE-2024–3400 

Veriti’s research into these attacks has revealed that many organizations are unprepared for the sophistication and frequency of these threats. The data shows a global spread of attacks, with significant concentrations in the United States and Germany, affecting industries ranging from government to finance. This widespread vulnerability suggests that the traditional VPN may no longer provide adequate security in the current cyber threat landscape.

The decline in VPN security effectiveness suggests a pivotal moment for technology leaders. The transition from traditional VPN solutions to comprehensive cloud-based security solutions represents an opportunity to enhance both security and operational efficiency.

As part of these attacks, Veriti research analyzed the global spread of VPN clients and products, identifying a trend towards abandoning conventional VPNs. Over the past year, there has been a notable rise in attacks exploiting vulnerabilities in VPN applications as entry points into organizations. In 2024, major VPN providers like Palo Alto Networks, Fortinet, Cisco, Juniper, SonicWall, and Ivanti were identified as potential back doors for attackers. Notably, Fortinet’s VPN vulnerabilities were reportedly exploited by the Volt Typhoon group, a detail supported by CISA research. Similarly, Ivanti’s vulnerabilities were linked to significant security breaches, including those orchestrated by the attack group UTA0178. These incidents highlight the urgent need for enhanced security measures and reflect a shifting strategy in cyber-attacks, utilizing VPN vulnerabilities to achieve malicious objectives.

Honorable mentions of cases where the attackers used VPN vulnerabilities to achieve their goal

  1. MITRE breached through Ivanti vulnerability
  2. CISCO patches critical VPN hijacking vulnerabilities in Secure Client

In recent months, Veriti Research has observed a significant decline in the usage of VPN products, as illustrated by the accompanying graph. The graph plots the number of VPN devices exposed to the internet (Y-axis) against time, measured month by month (X-axis).

The Veriti engineering team has noted upcoming updates from major vendors planning to phase out their traditional VPN solutions in future software releases. This strategic shift indicates a move towards more modern and secure alternatives.

NameSep-23Oct-23Nov-23Dec-23Jan-24Feb-24Mar-24Apr-24
United States109,381108,201112,928111,82682,34865,72961,88153,420
Japan28,21527,45328,01627,73525,09023,50222,24919,252
India25,41124,80325,42425,81922,25719,61118,44915,994
Taiwan22,29721,96822,29322,22019,96317,95617,47114,929
Brazil22,83422,45123,50523,79118,92015,76314,90612,817
Italy21,62221,22221,64321,60419,15917,43816,99815,083
France21,49921,17321,60321,49518,11216,01215,30013,601
Canada18,36118,37618,84618,90614,68112,35111,72710,129
Turkey15,42014,90914,65914,44812,64711,60611,1109,546
Spain14,71914,49815,13715,11912,80011,71710,6719,133

The latest Ivanti vulnerabilities

NameDec-23Jan-24Feb-24Mar-24Apr-24
United States7282765650
Germany6984745743
Italy2828272522
China2126211414
Hong Kong1918141713
NameApr-23May-23Jun-23Jul-23Aug-23Sep-23Oct-23Nov-23Dec-23Jan-24Feb-24Mar-24Apr-24
United States2,1833,3103,9664,9675,9836,7847,5648,89710,53411,29912,31514,23321,058
Singapore3014424986938159571,1761,2251,2461,3411,4151,5772,181
Ireland3254685756977941,0001,1811,2351,2021,2561,3501,3801,671
Germany2013624255466317117389081,1871,2681,3711,7572,672
United Kingdom1902894035196507288289081,0501,1071,2631,5262,208
Australia1853384075216196857608009331,0061,1061,3612,164
India001492694655275677331,0381,1141,2141,4812,457
France1051842813604074564855787317788199711,471

Conclusion

The rise in VPN-targeted attacks is not just a security concern but also a significant business risk. VPNs have been integral to secure remote access, yet the surge in exploitation attempts reveals an urgent need for organizations to reassess their dependence on this technology. The vulnerabilities being exploited, such as those found in Fortinet and Palo Alto Networks products, underline the necessity for a shift towards more integrated and comprehensive security frameworks.

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs