According to ZDNet, researchers recently found more than 900 plaintext passwords for Pulse Secure enterprise VPNs on a well-known hacker forum:
Doron Naim, Cyber Research Group Manager, CyberArk Labs had this to say about the incident:
“While VPNs have an essential role to provide employees and third parties with remote access, they also provide a direct data tunnel to corporate networks which can be used to provide privileged access to critical business systems and applications i.e. the targets that are most valuable for hackers.
In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed. In an of itself, that’s concerning, but attackers could also take advantage of password reuse habits to conduct credential-based attacks on internal systems and business applications like HR and payroll — providing a backdoor to critical data and assets.
In light of this and other well-publicized breaches, it’s important organizations examine other ways to provide remote access to the most sensitive parts of the corporate network. This includes advances in Zero Trust access, granular access to only the critical system instead of the whole network, biometric multi-factor authentication and just-in-time provisioning, in combination with session isolation and management. This would allow VPNs to be dispensed with completely in some instances, including for privileged access to critical systems. Additionally, it reinforces the need to patch, whether the software lives in the cloud or the enterprise itself.”