Cookie Settings
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

ransomware vpn

The Pipeline Ransomware Came Via The VPN


In April 2021 a criminal group DarkSide successfully shut down major energy pipelines of the United States. How did the criminals get in? The Ransomware came via the VPN. The VPN (Virtual Private Network) is conceptually a ‘really long network cable from your house to the company’. People often believe it’s part of their security posture, but, in practice, it’s a risk. In hindsight, an unacceptable risk.

In this case, the VPN existed so that the team could work remotely, access the various and sundry internal services (email, wiki, reporting, HR, …) that they need to do their jobs. No one is questioning the need for remote access. But, a blunt tool of a VPN, it’s not fit for purpose. Ransomware transmits via the VPN too.

I’m sure the company in question is currently addressing the symptoms. The shared passwords, leaked. They are probably investing in multi-factor authentication. Perhaps they are even investing in some segmentation of their internal network. Some will be suggesting “blow it up and outsource it”, move to managed SaaS, etc. It’s not a panacea. Stitching together a single Identity and multi-factor across applications is not easy, whether they are SaaS or Self or Managed.

The real answer is to move to a Zero Trust architecture. Lower the blast radius. Authenticate the user. Authorise the action. Provide Access to a single resource. A user can now access what they need, but not more.

Zero Trust is part of a Defense In-Depth strategy. Imagine each component being breached, and, have a plan for what will happen next. An application gets breached? Well, it cannot reach the rest of the network. A user is compromised? They can only do their normal activities on their normal applications. No more ransomware spreading via the VPN.

How do you get there quickly? An identity-aware authenticating web application firewall as a reverse proxy is a good part of the solution. Quickly ramp up and enable single, strong identity with multi-factor on all legacy applications. Enable multi-factor without reworking them. Remove the need for the VPN. It’s not worth the risk.

Would you like to discuss? Or perhaps you would like to just try.