Using a VPN protects your private browsing data and helps to stop cybercriminals from obtaining personal information about you. However, they can only go so far. As the SonicWall VPN breach shows, if you aren’t careful, you can still end up with accounts hacked and data stolen.
That’s not a mark against VPNs. It’d be like saying parachutes are worthless because somebody got injured skydiving in a dangerous location. Even the best VPNs can’t stop criminals from manipulating you, and in the case of the SonicWall VPN breach, over 100 accounts were stolen using valid credentials, which were likely obtained through email spoofing or phishing.
This breach was spotted by Huntress, a corporate cybersecurity company. What’s interesting about it is that SonicWall is a secure socket layer (SSL) VPN a.k.a. a browser VPN. An SSL VPN is used to encrypt connections between people working at home and network servers at work. SonicWall in particular is a product designed with corporations in mind.
So, in some ways, it’s easy to understand how this breach happened with SonicWall rather than one of the mainstream VPNs. A NordVPN user, for example, is likely to be someone who is conscious of cybersecurity and would therefore be less likely to fall victim to phishing schemes, for example. Meanwhile, a SonicWall VPN user is someone who just has to use a VPN for work, and who may not have any knowledge of cybersecurity at all.
This breach serves as a reminder to be especially conscious of who you reply to over email, and that you only log into accounts via the proper login pages (checking URLs along the way). It also raises the question of whether SSL VPNs are right for corporate connections. They’re simple to implement, but they rely on browsers being secured and regularly updated, which many employees may neglect to do.
Dedicated VPN apps seem to have the advantage here. Our partner, NordVPN, offers a dedicated business solution called NordLayer. It offers encrypted privacy and protection for distributed teams – and, of course, the version for regular folks ain’t bad either.
