Vulnerability Opens the Door to Zero-Day Threats and Data Breaches – Skyhigh Security Intelligence Digest
April 29, 2024
By Rodman Ramezanian – Global Cloud Threat Lead, Skyhigh Security
High-severity vulnerabilities in legacy VPN systems across multiple vendors have sounded an alarm in cybersecurity circles. Businesses all over the world that use SSL VPN products from Ivanti, Fortinet, Cisco, Palo Alto Networks, and other vendors are prime targets for emerging threats and potential data breaches. By exploiting the inherent design flaws in internet-facing assets like firewalls and VPNs, attackers can gain access to networks and move laterally, potentially stealing sensitive data and compromising critical applications.
A vulnerability found within the Palo Alto Networks GlobalProtect VPN product is the most recent discovery, reported on by Volexity Threat Research in mid-April, 2024. By exploiting a security flaw in Palo Alto Networks PAN-OS, attackers gain full control with root privileges of the firewall and the VPN connectivity it facilitates. Without needing a username and password, attackers leverage the firewalls as an entry point to move laterally within targeted organizations. This zero-day threat has the highest possible severity score of 10 out of 10.
While patching these types of vulnerabilities is an essential short-term fix, adopting a Zero Trust architecture is one of the best ways to prevent exposure. Unlike traditional security architectures that rely on firewalls and VPNs, Zero Trust creates secure connections directly between users who work remotely, in branch offices, or at headquarters and the applications, workloads, and industrial control systems they need to access.
Instead of directing users or devices to the corporate network, they are continually verified before access is granted to sensitive resources, following the Zero Trust principle of “never trust, always verify.” To safeguard data at all times—without impacting availability or performance for users—trust is never granted by default. Whether users are remote or outside the network perimeter, they can only access authorized applications and services and never the entire network. This approach prevents attackers from entering the network through their usual entry points and halts lateral movement of threats.
Once you decide to switch from legacy VPN and firewall to a Zero Trust framework, where do you begin? Find out how Skyhigh Security can help you modernize your security infrastructure to safeguard your organization against vulnerabilities like these. Read our most recent Intelligence Digest.