April 23, 2021

Pulse Secure VPN

Entry Type
Security Guidance
Threat Type
Vulnerability
Platform(s) Affected
Security Guidance
Vulnerability

Recommendation for Lookout Admins

Security teams want to give employees enough data access to do their jobs, but not so much that they have access to everything. Lookout admins can implement Lookout ZTNA to mitigate the risk of unauthorized access and breaches caused by over-entitlement of services. This will also help bring the security benefits of SaaS applications to legacy, IaaS, and private apps to ensure all your corporate resources are properly secure.

Admins can also define context-aware adaptive access control policies to deliver Zero Trust access based on unique user and device identifiers. Lookout ZTNA also enables data loss prevention (DLP) and admins can leverage enterprise digital rights management (E- DRM) to automatically envelop data with advanced encryption based on its sensitivity.

Overview

Threat actors that are likely backed by nation-states are exploiting a number of vulnerabilities in the Pulse Secure VPN. One of the vulnerabilities is a zero-day, which allows the attackers to bypass multi-factor authentication (MFA) protections that the affected organizations have in place. It appears that 12 malware families are exploiting these vulnerabilities. While it’s not clear whether these families are directly related, experts say there are multiple actors at play. Once attackers exploit these vulnerabilities and bypass authentication, they install malware that persists through software updates and allow remote access and control through webshells.

Lookout Analysis

This incident exemplifies where VPN technology can fall short. VPNs enable whoever is connected to tunnel directly into their organization’s infrastructure while assuming the user and device can be trusted. Once inside, users can move laterally within the network, which could be detrimental if an attacker exploits the VPN to do this. Zero Trust Network Architecture (ZTNA) helps organizations avoid the pitfalls of VPN. ZTNA continuously monitors the identity of those requesting access to your apps and provides dynamic identity and context-aware access to cloud data depending on the risk level of the user and device.

Recommendation for Lookout Admins

Security teams want to give employees enough data access to do their jobs, but not so much that they have access to everything. Lookout admins can implement Lookout ZTNA to mitigate the risk of unauthorized access and breaches caused by over-entitlement of services. This will also help bring the security benefits of SaaS applications to legacy, IaaS, and private apps to ensure all your corporate resources are properly secure.

Admins can also define context-aware adaptive access control policies to deliver Zero Trust access based on unique user and device identifiers. Lookout ZTNA also enables data loss prevention (DLP) and admins can leverage enterprise digital rights management (E- DRM) to automatically envelop data with advanced encryption based on its sensitivity.

Colleagues standing in an open meeting area and sharing a humorous moment

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Other Related Threats

New

September 15, 2023

Scattered Spider

Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign

September 19, 2023

CVE-2023-4863

September 18, 2023

ASPL 2023-09-01 / CVE-2023-35674