Suppose your employees use a VPN to access your company’s network when working remotely securely. In that case, you must know the latest threat targeting enterprises. Researchers have discovered that threat actors release malware disguised as VPN services, tricking users into downloading a malicious version of a well-respected VPN program.
The researchers discovered that the cybercriminals are launching malware attacks using a fake VPN service purporting to be Palo Alto GlobalProtect. Users of this product rely on it for secure remote access that includes a VPN, endpoint security, and advanced threat protection, but the fake version wreaks havoc by stealing information from the device, downloading and uploading files, and running unauthorized PowerShell scripts.
How This Malware Spreads
Although this malware disguised as VPNs currently targets mostly Middle Eastern businesses, enterprises worldwide must be aware of the threat.
Researchers suspect the VPN exploit spreads primarily through phishing attacks targeting specific businesses. Criminals may also be targeting victims via instant messaging.
SEO poisoning may also be a source of this particular malware attack. Cybercriminals use malicious advertising and search tactics to trick unsuspecting users into downloading malware. Because Palo Alto GlobalProtect is such a popular VPN service option, there’s significant potential for threat actors to use this approach to capture users looking for a reliable service.
In any case, once the victim encounters the fake VPN service, they receive a setup.exe prompt that looks virtually identical to the legitimate software. This file deploys GlobalProtect.exe, the malicious VPN exploit. The malware can avoid detection via sophisticated coding that circumvents sandboxing and behavioral analysis.
How To Avoid These Cyber Threats
Safeguarding your enterprise from cyber threats like malware disguised as a VPN service requires diligence and education. Because this threat originates primarily from phishing attacks, implementing phishing protection protocols must be a priority.
The first step is education. Everyone in the organization is responsible for preventing phishing and malware attacks, which begins with teaching everyone how to recognize spoof emails and phishing attempts. Confirming the sender’s name and email address, carefully scrutinizing the message's contents, and checking its legitimacy can prevent a major data breach and other problems.
Learning to identify suspicious attachments and links is also critical to phishing protection. Malware links may have misspellings, unusual letter substitutions, and oddities within the company name. If someone sends you a link, and you aren’t sure, confirm before opening it and use a link scanner to check it for issues.
Although sandboxing, behavioral analysis, and link scanning can all help prevent phishing attacks, in a case like this latest threat of malware disguised as a VPN, the threat is sophisticated enough to thwart detection. This is where education and training come in, as well as strict policies regarding the tools your employees can use and where they acquire them. Providing a vetted VPN from a reliable source can help you avoid problems.