The Norwegian National Cyber Security Centre (NCSC) has issued an recommendation advising organizations for the replacement of SSLVPN and WebVPN solutions with more secure alternatives, due to the repeated exploitation of vulnerabilities in edge network devices in the past that allowed attackers to breach corporate networks. The National Cyber Security Centre (NCSC), a sub-division of the Norwegian Security Authority functions as Norway's primary liaison for coordinating national efforts to prevent, detect, and respond to cyber attacks, as well as providing strategic guidance and technical support to enhance the overall cyber security posture of the country. This includes conducting risk assessments, disseminating threat intelligence, and promoting best practices in both the public and private sector. The NCSC's guidance is aimed at enhancing the security posture of organizations, particularly those within critical infrastructure sectors, by advocating for the transition to more robust and secure remote access protocols.

Replacement of SSLVPN and WebVPN With Secure Alternatives

The NCSC's recommendation is underpinned by the recognition that SSL VPN and WebVPN, while providing secure remote access over the internet via SSL/TLS protocols, have been repeatedly targeted due to inherent vulnerabilities. These solutions create an "encryption tunnel" to secure the connection between the user's device and the VPN server. However, the exploitation of these vulnerabilities by malicious actors has led the NCSC to advise organizations to migrate to Internet Protocol Security (IPsec) with Internet Key Exchange (IKEv2). IPsec with IKEv2 is the NCSC's recommended alternative for secure remote access. This protocol encrypts and authenticates each packet of data, using keys that are refreshed periodically. Despite acknowledging that no protocol is entirely free of flaws, the NCSC believes that IPsec with IKEv2 significantly reduces the attack surface for secure remote access incidents, especially due to its reduced tolerance for configuration errors compared to SSLVPN. The NCSC emphasizes the importance of initiating the transition process without delay. Organizations subject to the Safety Act or classified as critical infrastructure are encouraged to complete the transition by the end of 2024, with all other organizations urged to finalize the switch by 2025. The recommendation to adopt IPsec over other protocols is not unique to Norway; other countries, including the USA and the UK, have also endorsed similar guidelines, underscoring the global consensus on the enhanced security offered by IPsec with IKEv2. As a preventative measure, the NCSC also recommended the use of 5G from mobile or mobile broadband as an alternative in locations where it was not possible to implement an IPsec connection.

Recommendation Follows Earlier Notice About Exploitation

Last month, the Norwegian National Cyber Security Centre had issued a notice about a targeted attack campaign against SSLVPN products in which attackers exploited multiple zero-day vulnerabilities in Cisco ASA VPN used to power critical infrastructure facilities. The campaign had been observed since November 2023. This notice intended primarily towards critical infrastructure businesses warned that while the entry vector in the campaign was unknown, the presence of at least one or more zero-day vulnerabilities potentially allowed external attackers under certain conditions to bypass authentication, intrude devices and and grant themselves administrative privileges. The notice shared several recommendations to protect against the attacks such as blocking access to services from insecure infrastructure such as anonymization services (VPN providers and Tor exit nodes) and VPS providers. Cisco released important security updates to address these vulnerabilities. The earlier notice also recommended that businesses switch from from the SSLVPN/clientless VPN product category to IPsec with IKEv2, due to the presence of critical vulnerabilities in such VPN products, regardless of the VPN provider. The NCSC recommends businesses in need of assistance to contact their sector CERT or MSSP. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre (NCSC) in the UK, a part of GCHQ, has introduced a new initiative called the Personal Internet Protection (PIP) service. The service that was unveiled at CYBERUK 2024 in Birmingham, aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year. The Personal Internet Protection service works by alerting users when attempting to access malicious domains known to the NCSC and by blocking outgoing traffic to these domains. The PIP offered to high-risk individuals is built on the NCSC’s Protective DNS service that was developed primarily for use by organizations. Since its inception in 2017, PDNS has provided protection at scale for millions of public sector users, handling more than 2.5 trillion site requests and preventing access to 1.5 million malicious domains, the NCSC said.

Cyber Threats Targeting Political Candidates

The Personal Internet Protection service is part of a broader effort by the UK government to enhance cyber support for individuals and organizations crucial to the democratic process, especially considering recent attempts by Russian and Chinese state-affiliated actors to disrupt UK's government and political institutions as well as individuals. While the Russian intelligence services had attempted to use cyberattacks to target prominent persons and organizations in the UK for meddling in the electoral processes, China is likely seen targeting various government agencies including the Ministry of Defence (MoD), whose payroll system was recently breached. Although both, Moscow and Beijing have rejected the use of hacking for political purposes, the relations between them remain strained over these allegations. Jonathon Ellison, NCSC Director for National Resilience and Future Technology, noted the importance of protecting individuals involved in democracy from cyber threats, highlighting the attractiveness of their personal accounts to espionage operations.

“Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society. That’s why the NCSC has ramped up our support for people at higher risk of being targeted online to ensure they can better protect their accounts and devices from attacks,” Ellison said.

Ahead of the major election year where more than 50 countries around the world cast their vote, Ellison urged individuals eligible for the Personal Internet Protection services to sign up and to follow their guidance to bolster defenses against various cyber threats. The initiative also extends support to civil society groups facing a heightened risk of cyber threats. A new guide, "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society," which offers practical advice for individuals such as elected officials, journalists, activists, academics, lawyers and dissidents was released on Tuesday. This guide, developed by the U.S. Cybersecurity and Infrastructure Security Agency in collaboration with international partners, aims to empower high-risk civil society communities with limited resources to combat cyber threats effectively. These include customized risk assessment tools, helplines for digital emergencies and free or discounted cybersecurity services tailored to the needs of civil society organizations. The launch of the Personal Internet Protection service and the release of the guidance for civil society mark significant steps in bolstering the cybersecurity posture of individuals and organizations critical to the democratic process. By enhancing protection against cyber threats, the UK aims to safeguard the integrity of its democracy and promote collective resilience against global threats to democracy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: news.sophos.com – Author: Sally Adam PRODUCTS & SERVICES I am delighted to announce that the Sophos Incident Response service has been awarded U.K.’s National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 2 status by CREST. This assurance confirms that amid the sophisticated cybersecurity threat landscape, Sophos has the experience and capabilities to […]

La entrada Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.