A list of identifiers and other sensitive data concerning the Pulse Secure VPNs of more than 900 companies has been released into the wild by a group of hackers. For the firms concerned, this represents a major vulnerability which requires patching their VPN and changing their credentials as soon as possible.
According to information from ZDNet, a Russian hacker has published today a long list containing the identifiers of the Pulse Secure VPN servers of more than 900 companies. The file includes in particular the IP addresses of the servers in question, SSH keys, cookies … It would even contain the details of the administrator account (which has full control over the entire network), a list of all local users , and even a log of connections, including username and password in clear.
According to Bank Security, an analyst specializing in financial crime cases, the author of this list would have started by scanning “ the entire space of ‘Internet IPV4 addressing ”. They could thus have flushed out the servers in question, before using an exploit to carry out their harvest. And what is just as concerning as the attack itself is that the vulnerability exploited by the hacker (s) would have been known since last year, but the majority (around two-thirds) would not have bothered to patch this gaping flaw in their system, according to the Bad Packets company.
A door wide open to sensitive data
What makes this attack worrying is first of all the distribution circuit of this very sensitive list since, according to ZDnet, it was made available for free download on a large forum well known to the community of ransomware, software that takes a computer system hostage. Concretely, this means that seasoned hackers will certainly (and they certainly already are) pouncing on the companies listed in this file. For the groups concerned, it is therefore urgent to update your VPN Pulse Secure to switch to one of the latest versions, where the vulnerability in question has already been patched.
Otherwise, they are a prime target since this list offered their identifiers to pirates on a plate. However, corporate VPNs like those offered by Pulse Secure are often used as a gateway to allow employees to access their intranet from the WAN … and potentially very sensitive data at the same time. Pulse Secure has in any case taken the lead; According to Channel News, Pulse Secure has contacted all affected customers individually by email, phone and online notifications urging them to install the patch. It will therefore be interesting to keep an eye on this case to see if some latecomers will be cold picked by the pirates because of this famous list.