VPN sites being spoofed by hackers in new attacks

NordVPN, a well-known maker of VPN software, has been the subject of a new attack where hackers have cloned the NordVPN website and are offering trojanized versions of the popular software. First reported by DrWeb, an anti-virus company, the cloned sites offered sharp discounts (as low as free) on the already value-priced software and then downloaded a malware tool as part of the VPN software to the victims. This technique has been used before by hackers when they faked downloaded sites for other popular office software such as Invoice 360 and Clip Plus. Once the machines were exploited, they were used to gather banking information and other personal information. 

Generally, NordVPN is not considered enterprise-level VPN software but the fact is that many small businesses use it as it’s a relatively low cost and it’s easy to deploy. But we can’t forget that thesesmall businesses may be vendors to larger enterprises whose networks they may have access to. This segment of the market is particularly vulnerable because they tend to be cost-conscious, so cheap deals appeal to them. Plus, they don’t usually have the large security teams that bigger enterprises do. 

So the first lesson from this scenario is to make sure you go to the legitimate site when you go to download the software from the internet. Check the URLs carefully, and if possible, navigate on their main website versus taking external links from posts and other sources.  And more importantly, if you are letting vendors come in with this software, or any other VPN for that matter, you need to seriously consider what issues they may be bringing onto your network. Because a VPN basically just expands the size of your network to include the vendors. And your network is only as secure as the least insecure vendor you let in. 

To learn more about the risks of VPNs, check out our helpful infographic.

The post VPN sites being spoofed by hackers in new attacks appeared first on SecureLink.

*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Tony Howlett. Read the original post at: https://www.securelink.com/blog/vpn-sites-being-spoofed-by-hackers-in-new-attacks/

Tony Howlett

Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO of SecureLink, a vendor privileged access management company based in Austin.

tony-howlett has 131 posts and counting.See all posts by tony-howlett