With the new decade being predicted to be the end of the road for VPNs, and the rise of Zero trust policies based solutions, a new revelation regarding a massive espionage plot by Iranian hackers to target numerous organizations and governments through backdoor VPN systems might well prove to be the death knell for such legacy-based systems.
A report by ClearSky revealed that these hackers have targeted companies over a wide range of sectors, including the security, oil and gas, aviation, government, and IT sectors. Iranian hackers have been rapidly weaponizing all vulnerabilities that were disclosed in reports by Pulse Secure, Fortinet, and Palo Alto Networks, with the intent of breaching enterprise networks and planting backdoors in order to exploit at a later date.
ClearSky has put forth the apprehensions that these backdoors may be exploited at a later date in order to deploy data wiping malware, which can potentially take down companies, and destroy business operations. It is estimated that these hackers have been operating since 2017 on similar operations
The above reports go on to showcase the inadequacy of VPNs in the present scenario. With their incompatibility in cloud environs and the relative ease with which they provide access to the entire network, VPNs set a dangerous precedent by virtually leaving the door open for lateral movement attacks. That, combined with their potentially difficult to scale model, and looser security authentication models, reinforces the need for new disruptive technologies.
This is where the long-discussed but recently developed Zero Trust policy-based solutions are to be taken into account. With a stringent focus on implementing the ‘need to know’ model, Zero Trust-based security solutions, like the InstaSafe Zero Trust Application Access, present viable, scalable alternatives to existing security systems. InstaSafe leverages Software-Defined Perimeter based concepts to offer all-encompassing protection to enterprise resources and protects them from unauthorized access and exploitation.