CISA issues enterprise VPN security alert during COVID-19 surge
CISA Alert AA20-073A warned that VPN usage was spiking as organizations moved to remote work, urging patching, multi-factor authentication, and monitoring for compromised credentials on VPN concentrators.
Executive briefing: CISA published Alert AA20-073A highlighting increased enterprise VPN reliance during early COVID-19 responses. The agency urged patching VPN appliances, enforcing MFA, and monitoring for unauthorized logins or brute-force attempts.
Why it matters
- Remote work expansion increases attack surface on VPN concentrators and remote access gateways.
- Unpatched VPN flaws (e.g., Pulse Secure, Fortinet, Citrix) had active exploitation, including credential theft and session hijacking.
- Credential stuffing and phishing campaigns target remote workers; MFA and log review reduce compromise risk.
Operator actions
- Apply current vendor patches to VPN appliances and disable legacy SSL VPN features that lack fixes.
- Enable multi-factor authentication for all remote access users and administrative interfaces.
- Increase monitoring for anomalous VPN logins, repeated failures, and connections from unexpected geographies.
- Review capacity and continuity plans to ensure VPN infrastructure can handle sustained remote work loads without disabling security controls.
Key sources
- CISA Alert AA20-073A: Enterprise VPN Security (provides patching, MFA, and monitoring recommendations).
- CISA Alert AA20-010A (reiterates urgent patching for Pulse Secure, Fortinet, and Citrix VPN vulnerabilities).
Continue in the Cybersecurity pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Cybersecurity Operations Playbook — Zeph Tech
Use Zeph Tech research to align NIST CSF 2.0, CISA KEV deadlines, and sector mandates across threat intelligence, exposure management, and incident response teams.