Working from home during the global pandemic has allowed the nations of the world to keep their economies limping along while they search for a fix, but it has come with a price.  Many remote workers’ home offices are utilizing Virtual Private Networks, or VPNs, to to log in, but they lack the level of cyber security at their work office, and hackers are cashing in.
Why VPNs?
A VPN allows employees to create a secure connection to their office’s network over the Internet; as such, VPN usage has sky-rocketed across the world.  In fact, NordVPN has stated that use of their services has gone up, globally, by a whopping 165%.
If VPNs create a secure connection to remote office networks, then how in the world are they being exploited by cybercriminals?  By utilizing phishing sites.
  • Fake “Nord VPN” site
    • Fake Domain: nordfreevpn[.]com
    • What happens?  An employee thinks they’re installing a VPN from the REAL Nord VPN, but in actuality, they’re installing “Grand Stealer” malware that can then steal various, potentially dangerous items:
      • Desktop files
      • User credentials and cryptocurrency wallets
      • Browser profiles, including credit card info and auto-fill data
      • Gecko credentials
      • FTP & RDP credentials
      • Telegram sessions
      • Discord software data
  • Fake “VPN4Test” site
    • Fake Domain: vpn4test[.]net
    • What happens? The victim thinks they’re testing their VPN, but they actually end up downloading “Azorult Infostealer” instead.  In addition to downloading other malware onto the system (specifically Masad stealer and Parasite RAT), “Azorult Infostealer” creates a bot ID on the compromised device, which it uses to communicate with its C2 server in order to steal:
      • Saved passwords
      • Cryptocurrency wallet
      • Browser login credentials & history
      • Cookies
      • Chat sessions
In addition to these methods, cyber criminals will actually create fake reviews to trick users into believing that it’s real.  Not only does it make it look more credible, but it also uses algorithms against the App stores by getting them ranked higher, so it comes up in searches.  In fact, just last week, Google booted a hostile Android VPN app called “SuperVPN” that had been downloaded over 100 million times!!

Keeping your business safe

Bottom line, if you download a VPN, it has a LOT of power.  It might be tempting to save money by downloading a free
service, but remember… You get what you pay for.  This isn’t something you want to skimp on because it could end up costing you so much more.
And of course, you can always contact us if you have any questions!

This entry was posted on Monday, April 20th, 2020 at 2:54 pm and is filed under Blog, Coronavirus, Cyber Security, Domains, Home Office, Ransomware, Servers, Work from Home. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.