Skip to content

Here we go again….

If we thought that the recent Fox Kitten APT discovered last month and the news about vulnerable VPNs were the end of the attacks on our VPN (Virtual Private Network) and remote access solutions, then we woke up this week to even worst news….and it’s not CoronaVirus related…. It seems that a new and very dangerous remote code execution vulnerability has been discovered. This vulnerability has apparently been around since the early 2000 and it comes installed on almost all Linux based operating systems. Ok, so one would say – “yes, just another vulnerability…I’ll patch my systems…”, but how do you find all your relevant systems in order to patch them? As opposed to previous vulnerabilities, this recent one, named CVE-2020-8597, effects Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8 — all versions released in the last 17 years, which means it’s one of the worst vulnerabilities issued in recent years. It’s a vulnerability which directly effects our VPN gateways (most of them run on Linux) and remote access solutions. Just to get the feel of why this vulnerability is so serious, here is what has been disclosed on the vulnerability – “…can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.[1] This basically means, an attacker can send a malformed EAP packet to your VPN gateway and take control of it, essentially getting the keys to the kingdom. Ok, so we agree it’s serious, now what? One option is to run and patch our VPNs and remote access solutions, which after 3 different attacks, seems like an uphill battle. Another option is to deploy a solution which is not affected by such an attack and can either replace your VPN or can act as a second line of defense to your VPNs. At Safe-T we have you covered with our Zero Trust Network Access (ZTNA) product family, and specifically with Safe-T ZoneZeroTM. Safe-T ZoneZero is based on ZTNA and SDP (Software Defined Perimeter) concepts and is designed to provide secure remote access to corporate resources. ZoneZero is designed to act as a second line of defense after your VPN gateway. It adds a layer of zero trust to your VPN, keeping your users off the network while allowing them to access your business application. All this without changing the user’s behavior. ZoneZero Architecture Acting as a second  line of defense for you VPN, ZoneZero provides two main functions:
  1. We pass the function of 2FA from you VPN to ZoneZero – so in case your VPN is attacked and authentication is bypassed, the user will not be able to jump from it into the network, as ZoneZero is the one issuing the second  authentication factor.
  2. We break the data tunnel – after successfully authenticating the user (first factor by VPN and second  factor by ZoneZero), the VPN will pass the user traffic to ZoneZero rather than the internal firewall. ZoneZero utilizing Safe-T’s reverse-access technology passes the user’s data packets to the internal firewall. This prevents any user from trying to bypass the VPN and enter the network, and authenticated users are granted application level access, rather being tunneled into the network.
And the best thing is that it is also impervious to the attacks we discussed, since it’s external facing component (those connected to your VPN gateway) does not contain any software which can be compromised by the aid vulnerability, so even if your VPN is attacked, ZoneZero will prevent that attacker from ever reaching the network. So instead of running and trying to figure out how you patch your VPNs or remote access solution, hoping the patch will also prevent future attacks, come speak to us and we can figure out together how best to improve and secure your remote access solution. [1] https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html?m=1

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.