Cybersecurity of remote work migration: A study on the VPN security landscape post covid-19 outbreak

Abstract: Background. The pandemic outbreak commenced a large migration of employees from all kinds of industries from previously working in an industrial or office environment to working from home. The remote migration allowed many kinds of work to continue as usual even during a pandemic. A common tool to use when working remotely is a Virtual Private Network (VPN) that allows remote workers to connect to a Local Area Network (LAN) at the company office. Which further grants the remote worker secure access to organizations resources and services. This remote work setup has increased the complexity of the company networks and therefore also magnified the attack surface for cyber threat actors. Objectives. The objective of this thesis involves studying how the VPN security landscape looks like after the pandemic outbreak. Answering questions related to how the attacks on VPNs changed in numbers, which techniques and tactics the adversaries use against VPN security systems and then, for the thesis to “bite itself in the tail”, investigate countermeasures that can further improve the VPN security. Methods. One research method is used in two different fashions to satisfy the objectives. The research method is a Systematic Literature Review (SLR). The first SLR involves research on secondary data reports, published by cyber companies, cyber experts, or cyber departments of large IT organizations. The second SLR involves qualitative research by reading research papers related to how VPN security can be improved.  Results. In direct consequence of the remote work migration the number of VPN attacks have increased. The vulnerabilities found in VPN systems have been used extensively where even national cybersecurity organizations have urged companies to patch systems. Advanced Persistent Threat (APT) groups have leveraged the published vulnerabilities by exploiting unpatched systems and established persistent and defense-evasive access to networks that remote workers connect to with VPNs. To counter these threats and to harden the VPN systems and private networks, there are recommendations involving countermeasures such as enforced Multi Factor Authentication (MFA) and adding multiple defense layers in private networks. Conclusions. This thesis concludes that the covid-19 pandemic outbreak was the root cause to the huge remote work transition which in turn caught 99% of all organizations and home networks off guard when it comes to VPN security for remote workers. This caused huge opportunities for threat actors and state sponsored adversaries which is the main reason for the increased number of cyberattacks post covid-19 outbreak. Cyber adversaries exploited every vulnerability, bug, and misconfiguration they could find by conducting tactics and techniques like phishing, ransomware, exploiting VPN vulnerabilities and performing DDoS-attacks to the best of their abilities. This caused huge damage to organizations, governments, healthcare, and militaries all around the world. In order to increase VPN security for remote workers, small, medium or big organizations, we have developed a new VPN hardening framework.