Iron Comet Consulting, Inc.

Failure In Patch Updating Leads to Over 900 Compromised VPN Servers

Patch updating is such a critical part of computer security. This can be seen clearly in the failure of over 900 users of Pulse Secure VPN who were compromised recently. A hacker released a list of the compromised devices’ usernames and passwords along with their IP addresses in a forum for criminal hacker groups. to make matters worse, this forum is known to be a hangout for several criminal ransomware groups. This could lead to very damaging ransomware attacks on networks

Virtual Private Networks (VPN) are used to allow remote workers to connect to an office in a secure way. The tunnels that VPNs create are encrypted and require a username and password to access. This prevents attackers from easily gaining access to the network. But in this case, a vulnerability in the Pulse Secure VPN Server platform allowed attackers to bypass this and have total access to the device.

In 2019, the vulnerability was found for devices running a specific version of firmware, the operating system that runs the device. An updated, patched firmware was released but many companies didn’t install the update. Bad Packets, a company specializing in cyber intelligence, began scanning the Internet in August 2019 to see how many devices were not patched for the vulnerability. Of the 900 or so on the hacker’s list, it had also found 677 of them. This means that the devices weren’t patched in August 2019 and remained unpatched in June 2020 when the hacker performed his own scan.

Here are the items included in the list

The list that was released included everything that an attacker would need to remotely take over the VPN server. Once they had access to the server, they would likely be on the inside of the company’s network. Consequently, hackers are free to attack whatever they desired.

The following information was included in the published list:

  • The IP address of each compromised device
  • List of all local users on the device with password hashes
  • Admin (root) account login and password
  • SSH keys for each device
  • Pulse Secure VPN server firmware version
  • VPN session cookies

Patch updating is necessary to protect business and practice data

This vulnerability shows how not updating a single patch can bring down your entire network. Each of these networks is now vulnerable to hackers and other criminals from around the world. Patch updating is absolutely necessary to keep your data secure and this is especially true for protecting customer or patient data. A firewall or VPN can’t protect you if they have their own vulnerabilities that remain unpatched.