The National Security Agency issued a new cybersecurity advisory on Thursday, warning that virtual private networks, or VPNs, could be vulnerable to attacks if not properly secured.
The agency's warning comes amid a surge in telework as organizations adapt to coronavirus-related office closures and other constraints. A VPN allows users to establish private, encrypted connections to another network over the internet.
They are used widely by corporations and other organizations to protect proprietary data from hackers while employees work remotely. A senior NSA official who briefed reporters Wednesday said the increase in remote work had attracted the attention of potentially malicious cyber actors.
VPN gateways in particular are "prone to network scanning, brute force attacks, and zero-day vulnerabilities," the NSA's advisory said. The senior official said the NSA, whose employees deal daily with highly classified materials and systems, had taken its own steps to adapt to the pandemic, reducing some of its workforce to "mission-essential" for several weeks and introducing social distancing measures within its outposts. The advisory was issued by the agency's Cybersecurity Directorate, which launched last October.
Its mandate involves reinvigorating a set of missions the NSA has long had — protecting government and private sector systems — by accelerating, broadening and "operationalizing" its dissemination of unclassified threat information, according to officials. The directorate has now issued over a dozen public advisories since its launch. In October, it warned that nation-state actors were targeting VPN devices.
In January, it was behind the disclosure of a "critical vulnerability" in Microsoft's Windows 10 software — something the agency might have once exploited, instead, as a hacking tool. And in May, in another rare move, it named a Russian military hacking unit that was secretly accessing commonly used software. The directorate's emphasis on information-sharing stems from a recognition that nation states are getting more aggressive and more sophisticated in going after government and non-government targets.
Its leadership has said it is also a conscious effort to move away from stubborn perceptions that the agency is a secretive black box — or "No-Such-Agency," as the NSA has been labeled. Its foreign intelligence mission — which involves intercepting als and communications overseas — is likely to continue avoiding the public eye. The agency has also broadened its presence on social media, launching an Instagrama dedicated Twitter for the directorate, and even bringing its notoriously circumspect director to the platform.
Paul Nakasone has tweeted three times in three weeks. Chrome Safari Continue. Be the first to know.
Get browser notifications for breaking news, live events, and exclusive reporting.