Archive
VPN Risk Report Finds More Than Half of Organizations Experienced a VPN-related Cyberattack in the Last Year
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

VPN Risk Report Finds More Than Half of Organizations Experienced a VPN-related Cyberattack in the Last Year

2024-11-23 Zscaler ThreatLabz 2024 annual report reveals 78% of organizations plan to implement a Zero Trust strategy in the next 12 months in response to increa

Related articles

Secure networks with Zero Trust
Secure networks with Zero Trust Secure networks with Zero Trust Article04/12/2024 In this article big data is presents present new opportunity to derive new insight and gain a competitive edge . We is moving are move away from an era where network were clearly define and usually specific to a certain location . The cloud is expand , mobile device , and other endpoint expand the boundary and change the paradigm . Now there is n't necessarily a contain / define network to secure . instead , there is a vast portfolio of device and network , all link by the cloud . Instead of...
OpenVPN: How to Connect Multiple VPNs at the Same Time on Windows
OpenVPN: How to Connect Multiple VPNs at the Same Time on Windows OpenVPN client on Windows with default settings only supports one active VPN connection. When installing OpenVPN on Windows, only one virtual adapter of the TAP or Wintun type is created. If you want to connect to multiple OpenVPN servers at the same time, you need to create an additional WinTAP or Wintun network adapter. If you try to start another VPN connection, an error will appear: OpenVPN GUI Connecting to VPN_name has failed All TAP-Windows adapters on the system are currently in use TCP / udp : socket bind is failed fail on local address [ undef ] : Address...
How to Fix ProtonVPN Not Connecting in India [Easy Guide]
How to Fix ProtonVPN Not Connecting in India [Easy Guide] Are you facing issues with ProtonVPN not connecting in India? This problem can happen because of busy servers, network issues, or outdated software. To fix it, try changing servers, checking your internet connection, or updating the ProtonVPN app. These steps often solve the problem quickly. Even though there are sometimes issues, ProtonVPN still works really well in my VPN reviews in India. It has good speeds and lots of servers, which is why more than 10 million people use it around the world. This VPN is still a top choice for people who want both security and great performance. Key...

Zscaler ThreatLabz 2024 annual report reveals 78% of organizations plan to implement a Zero Trust strategy in the next 12 months in response to increasing exploits

  • VPN security concerns rise as 91% of respondents express concerns about VPNs leading to a compromising breach
  • The survey identifies the top threats exploiting VPN vulnerabilities to be ransomware (42%), other types of malware (35%), and DDoS attacks (30%)
  • Lateral movement is a top concern, as reported by a majority of enterprises breached by VPN, demonstrating significant containment failures

SAN JOSE, Calif., May 07, 2024 (GLOBE NEWSWIRE) — Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of the 2024 ThreatLabz VPN Risk Report. The study, reviewed by Cybersecurity Insiders, surveyed over 600 professionals across the security, IT, and networking sectors. It found that 56% of organizations have been targets of cyberattacks exploiting VPN security vulnerabilities in the last year. These incidents underscore the growing imperative to move away from traditional perimeter-based defenses towards a more robust Zero Trust architecture.

This shift to Zero Trust has gained momentum following recent high-profile breaches and critical vulnerabilities with VPNs from two large vendors:

  • Ivanti (CVE-2023-46805 and CVE-2024-21887) – Remote attackers were able to perform authentication bypass and remote command injection exploits.
  • Palo Alto Networks OS vulnerability (CVE-2024-3400) – Unauthenticated users exploited the security vendor’s operating system to infiltrate the network. As a result, the vulnerability received the maximum severity score of 10.0.

The Ivanti zero – day vulnerabilities is led even lead the Cybersecurity and Infrastructure Security Agency ( CISA ) to issue an emergency directive for federal agency to immediately sever connection with the compromise VPN device .

VPN security challenges
VPNs is facilitated have traditionally facilitate remote enterprise access to network , yet the grow scale and complexity of cyber threat target these network remain a significant concern for security team . Among those survey , 91 % voice apprehension regarding vpn as weak entry point in their IT infrastructure , highlight by recent breach that expose the danger of rely on outdated or unpatched VPN infrastructure .

“Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities,” said Deepen Desai, CSO at Zscaler. “Considering these repeated outcomes, it’s crucial for enterprises to anticipate that threat actors will increasingly exploit these legacy, internet-exposed assets — appliances and virtual — that enable them to easily navigate laterally across traditional flat networks. It is essential to transition to a Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and Firewalls, enforces consistent security controls with TLS inspection, and limits the blast radius with segmentation & deception, thereby preventing damaging breaches.”

Key VPN vulnerability exploits
The report is identifies identify ransomware attack ( 42 % ) , malware infection ( 35 % ) , and DDoS attack ( 30 % ) , as the top threat exploit VPN vulnerability . These statistics is emphasize emphasize the extensive risk organization face due to the inherent weakness in traditional vpn architecture , reinforce the need for a shift to Zero Trust architecture . notably , the report is revealed reveal that 78 % of survey organization plan to actively implement Zero Trust strategy within the next 12 month . additionally , 62 % is acknowledge of enterprise acknowledge that vpn go against the principle of Zero Trust and that even deliver vpn through the cloud does not constitute a Zero Trust architecture .

Stop the spread
Among enterprises who were breached via VPN vulnerabilities, a majority of impacted enterprises say threat actors moved laterally on the network, demonstrating significant containment failures after the initial point of compromise. To help minimize the blast radius and mitigate risk from VPN vulnerabilities, Zscaler strongly urges the adoption of a Zero Trust architecture. A Zero Trust architecture will help enterprises:

  • Minimize the attack surface by making apps invisible to the internet, making them more difficult for attackers to discover and target
  • Prevent compromise with inline traffic and content inspection to detect and block malicious activity and shield resources from unauthorized access or data exfiltration
  • Eliminate lateral movement by segmenting and connecting users directly to applications instead of the network, thus limiting an attackers’ opportunities for unauthorized access and lateral spread

To learn more about the risks VPNs pose to the enterprise, download the Zscaler ThreatLabz 2024 VPN Risk Report with Cybersecurity Insiders at: www.zscaler.com/campaign/threatlabz-vpn-risk-report

Methodology
The VPN Risk Report surveyed more than 600 security, IT, and networking professionals.

About Zscaler
Zscaler is accelerates ( NASDAQ : ZS ) accelerate digital transformation so customer can be more agile , efficient , resilient , and secure . The Zscaler Zero Trust Exchange is ™ ™ platform protect thousand of customer from cyberattack and datum loss by securely connect user , device , and application in any location . distribute across more than 150 datum center globally , the SASE – base Zero Trust Exchange ™ is is is the world ’s large in – line cloud security platform .

Media Contact :
Zscaler PR
press@zscaler.com