The vpn vulnerability revealed last month exposed twenty government agencies to malware.
Authorities continued to investigate whether some hostile parties could infiltrate the information networks of Finnish government agencies in the early spring.
The state information and communication technology center Valtor is told that the investigation is slow and may take a long time.
Potential unauthorized intrusions into agencies ’computer networks were made possible by a vulnerability found in the American Pulse Connect Secure, a product that creates a virtual private network (vpn).
For example, it builds a secure remote connection from an employee’s portable device to an employer’s server. It is a technology that is very widely used in remote access solutions around the world.
Valtori got it information on a remote access service vulnerability on the evening of April 20th. The warning came from the Cyber Security Center and the service provider Telia.
The same evening, Valtori made a configuration change with Telia that protected all server-related server applications from vulnerabilities. Valtor’s customers were also informed.
“From the perspective of the service provided by Valtor and its customers, the exploitation of the vulnerability was prevented,” says Jouni Mustonen Valtorista.
According to Valtor, the vulnerability affected about twenty government agencies but not the so-called safety net used by security authorities. There have been at least three servers under suspicion and investigation.
According to Mustonen, the vpn wound has been open for months before it was detected.
Manufacturer released a vulnerability update for Pulse Connect Secure only on Monday.
According to the Cyber Security Agency this is a serious wound, and system maintenance should prioritize updating immediately in such situations.
The Cyber Security Agency said the “vulnerability could allow an attacker to run arbitrary malware code on a Pulse Connect Secure gateway”.
For example, it is possible that when a regular user logs on to vpn, the vulnerability could be used to spy on his or her data or impersonate a regular user and bypass the authentication process.
Indeed, the HS was told by the Cyber Security Agency that “there are ingredients for the disaster”.
According to the Cyber Security Agency, the security wound is being actively exploited around the world. Thus, in the United States and Europe, for example, intrusions have already been reported in which it has been exploited.
In connection with the detected intrusions, backdoors have been found on the vpn devices that allow unauthorized access.
Coronavirus pandemic During this time, the need for remote connections has grown tremendously. At the same time, there has been a growing interest from criminals and government spies in the vulnerabilities of VPN products.
In Finland, possible data breaches are being studied in cooperation with several parties. In addition to service provider Telia and Valtor, the Cyber Security Center and the Central Criminal Police are involved. The Security Police have also been notified.
Mustonen cannot comment on whether any party has had time to exploit the vulnerability, as the matter is still under investigation.
According to him, Valtori has now acquired the vpn update package and its testing is underway.
“Before concluding that the vulnerability could not be exploited, we need to be able to completely rule out the possibility that exploitation could have taken place,” Mustonen cautiously states.
“It can take months to find out.”
#Security #Authorities #investigate #hostile #intruder #government #agencies #remote #access #program #ingredients #disaster