REvil ransomware exploiting VPN flaws made public last April
Researchers report flaws, vendors issue patches, organisations apply them – and everyone lives happily ever after. Right?
Not always. Sometimes, the middle element of that chain – the bit where organisations apply patches – can takes months to happen. Sometimes it doesn’t happen at all.
It’s a relaxed patching cycle that has become security’s unaffordable luxury.
Take, for instance, this week’s revelation by researcher Kevin Beaumont that serious vulnerabilities in Pulse Secure’s Zero Trust business VPN (virtual private network) system are being exploited to break into company networks to install the REvil (Sodinokibi) ransomware.
His evidence comprises anecdotal reports from victims mentioning unpatched Pulse Secure VPN systems being used as a way in by REvil. Something he has since seen for himself:
I’ve now seen an incident where they can prove Pulse Secure was used to gain access to the network.