Security News > 2024 > May > Norway recommends replacing SSL VPN to prevent breaches
SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel."
"The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.
These include implementing centralized VPN activity logging, strict geofencing restrictions, and blocking access from VPN providers, Tor exit nodes, and VPS providers.
Fortinet revealed in February that the Chinese Volt Typhoon hacking group exploited two FortiOS SSL VPN flaws to breach organizations, including a Dutch military network.
In 2023, the Akira and LockBit ransomware operations exploited an SSL VPN zero-day in Cisco ASA routers to breach corporate networks, steal data, and encrypt devices.
Cisco disclosed the particular campaign as 'ArcaneDoor,' attributing it to the threat group tracked as 'UAT4356' or 'STORM-1849,' who gained unauthorized access to WebVPN sessions associated with the device's SSL VPN services.