Governance & Risk Management,
Remote Workforce
Research Highlights Surge in Cyber Attacks During Pandemic
The COVID-19 pandemic served as a critical test of the resilience of secure networking practices, particularly as businesses rapidly transitioned to remote work environments. The swift adoption of virtual private networks (VPNs) revealed significant vulnerabilities as organizations sought connectivity but often compromised security measures.
According to a study conducted by researchers from the Blekinge Institute of Technology in Sweden, there was a dramatic 238% increase in attacks targeting VPNs between 2020 and 2022, coinciding with the peak of pandemic lockdowns. This comprehensive analysis incorporated data from 81 different reports, drawing on information from major sources such as Google and BrightTALK.
With a remote workforce that expanded by roughly one-third during this period, many companies rushed to implement VPN solutions—applications designed to facilitate secure data transmission over public networks. However, the sudden influx of new users was largely unprepared for the accompanying cyber threats that emerged, leaving organizations exposed.
Cybercriminals seized the opportunity to identify exposed gateways, misconfigurations, and unpatched vulnerabilities. As noted in the study, many VPN connections lacked sufficient endpoint controls, allowing attackers to navigate corporate networks with ease. This situation underscores the significance of proper configuration and ongoing management of VPN solutions.
Martin Zugec, Technical Solutions Director at Bitdefender, emphasized that securing VPNs is feasible, but the rapid deployment necessitated by the pandemic complicated the management of these systems. He pointed out that while organizations sought immediate remote access solutions, this haste often overshadowed long-term security considerations; the challenge lay in sustaining security across an ever-expanding attack surface.
Organizations that failed to maintain effective oversight—neglecting patch management and threat monitoring—positioned themselves to be exploited during and after the crisis. Although the frequency of VPN attacks has lessened since the height of the pandemic, vulnerabilities persist, evidenced by incidents affecting services such as SonicWall SSL VPN and Ivanti Connect Secure.
The researchers linked the spike in VPN attacks during the pandemic to a widespread lack of guidance for users, particularly for those without expert support to navigate these challenges. They advocated for a structured hardening framework that organizations should adopt to mitigate the risks associated with VPN use. Elements of this framework include strong authentication measures, robust encryption protocols, secure configurations, and continuous monitoring practices.
The tactics employed by malicious actors may align with MITRE ATT&CK techniques such as Initial Access and Privilege Escalation, which describe how attackers gain entry to systems and subsequently identify and exploit vulnerabilities to elevate their access levels. Understanding these tactics can aid organizations in fortifying their defenses against potential breaches.
