April 23, 2021
Entry Type
Security Guidance
Threat Type
Vulnerability
Platform(s) Affected
Security Guidance
Vulnerability
Recommendation for Lookout Admins
Security teams want to give employees enough data access to do their jobs, but not so much that they have access to everything. Lookout admins can implement Lookout ZTNA to mitigate the risk of unauthorized access and breaches caused by over-entitlement of services. This will also help bring the security benefits of SaaS applications to legacy, IaaS, and private apps to ensure all your corporate resources are properly secure.
Admins can also define context-aware adaptive access control policies to deliver Zero Trust access based on unique user and device identifiers. Lookout ZTNA also enables data loss prevention (DLP) and admins can leverage enterprise digital rights management (E- DRM) to automatically envelop data with advanced encryption based on its sensitivity.
Overview
Threat actors that are likely backed by nation-states are exploiting a number of vulnerabilities in the Pulse Secure VPN. One of the vulnerabilities is a zero-day, which allows the attackers to bypass multi-factor authentication (MFA) protections that the affected organizations have in place. It appears that 12 malware families are exploiting these vulnerabilities. While it’s not clear whether these families are directly related, experts say there are multiple actors at play. Once attackers exploit these vulnerabilities and bypass authentication, they install malware that persists through software updates and allow remote access and control through webshells.
Lookout Analysis
This incident exemplifies where VPN technology can fall short. VPNs enable whoever is connected to tunnel directly into their organization’s infrastructure while assuming the user and device can be trusted. Once inside, users can move laterally within the network, which could be detrimental if an attacker exploits the VPN to do this. Zero Trust Network Architecture (ZTNA) helps organizations avoid the pitfalls of VPN. ZTNA continuously monitors the identity of those requesting access to your apps and provides dynamic identity and context-aware access to cloud data depending on the risk level of the user and device.
Recommendation for Lookout Admins
Security teams want to give employees enough data access to do their jobs, but not so much that they have access to everything. Lookout admins can implement Lookout ZTNA to mitigate the risk of unauthorized access and breaches caused by over-entitlement of services. This will also help bring the security benefits of SaaS applications to legacy, IaaS, and private apps to ensure all your corporate resources are properly secure.
Admins can also define context-aware adaptive access control policies to deliver Zero Trust access based on unique user and device identifiers. Lookout ZTNA also enables data loss prevention (DLP) and admins can leverage enterprise digital rights management (E- DRM) to automatically envelop data with advanced encryption based on its sensitivity.
Subscribe to get the latest threat reports and insights
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Other Related Threats
September 15, 2023
Scattered Spider
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
September 19, 2023
CVE-2023-4863
September 18, 2023