Older versions of the Pulse Secure VPN VPN program have a vulnerability that can allow hackers to take control of the system. Hackers have now managed to exploit this to spread hostage programs in companies.
Companies at risk using Pulse Secure VPN
vulnerability CVE-2019-11510 has been discovered in the VPN software Pulse Secure VPN, and hackers are not late to take advantage of this. Servers running an older version of the software run the risk of exposing its local network to the hostage program REvil (Sodinokibi), which could cripple a company's infrastructure.
The hostage program REvil (Sodinokibi) has previously been used against several companies and US institutions, however, by exploiting the vulnerabilities of other programs. Now hackers have managed to utilize CVE-2019-11510 to access the servers' local network and their connected computer systems.
Recently, two incidents have been reported where hackers use the same method to infect the victim's computer system with hostage programs. First, they gain access to the local network through the vulnerability of Pulse Secure VPN. Then they take control of the network's domain administrator account. Finally, they use the remote control program VNC to get around the network and place the hostage program on different devices.
An update is available
Pulse Secure has issued a request that all users should update their Pulse Secure VPN servers to the latest version. Unless the vulnerability is addressed, it can still be exploited by hackers.
There are approximately 3 vulnerable servers around the world, of which 825 are in Sweden. Do you keep your infrastructure up to date?
CYPRO offers various security solutions. click here to book a free consultation.
By Ludwig Wideskär, CYPRO