Virtual private networks (VPNs) are considered a safe remote access method. But are they? Known vulnerable VPN phone apps and enterprise solutions underscore the risk in using VPN applications. For example, an in-depth analysis of 283 mobile VPNs on the Google Play store by Australia’s Commonwealth Scientific and Industrial Research Organization found significant privacy and security limitations in a majority of the services.
Things aren’t any better in corporate VPN software. Recently attackers have targeted VPN platforms. Some are targeting telecommunications, software and defense industries. Their command-and-control servers hide in public social profiles hosting malware configuration strings, thus making it extremely hard to detect the compromised systems.