August 30, 2019//Tony Howlett
NordVPN, a well-known maker of VPN software, has been the subject of a new attack where hackers have cloned the NordVPN website and are offering trojanized versions of the popular software. First reported by DrWeb, an anti-virus company, the cloned sites offered sharp discounts (as low as free) on the already value-priced software and then downloaded a malware tool as part of the VPN software to the victims. This technique has been used before by hackers when they faked downloaded sites for other popular office software such as Invoice 360 and Clip Plus. Once the machines were exploited, they were used to gather banking information and other personal information.
Generally, NordVPN is not considered enterprise-level VPN software but the fact is that many small businesses use it as it’s a relatively low cost and it’s easy to deploy. But we can’t forget that thesesmall businesses may be vendors to larger enterprises whose networks they may have access to. This segment of the market is particularly vulnerable because they tend to be cost-conscious, so cheap deals appeal to them. Plus, they don’t usually have the large security teams that bigger enterprises do.
So the first lesson from this scenario is to make sure you go to the legitimate site when you go to download the software from the internet. Check the URLs carefully, and if possible, navigate on their main website versus taking external links from posts and other sources. And more importantly, if you are letting vendors come in with this software, or any other VPN for that matter, you need to seriously consider what issues they may be bringing onto your network. Because a VPN basically just expands the size of your network to include the vendors. And your network is only as secure as the least insecure vendor you let in.