This blog post is the beginning of our new transparency initiative – periodic infrastructure maintenance briefings. In these briefings, we will be sharing our practices and steps taken to ensure our network security, which is key to protecting the digital lives of our users.

In October:

  • We blocked 54 million unauthorized access requests
  • There were 6.3 million login attempts made
  • Over 2 million unique IP addresses tried to log in to our servers
  • On average, we experienced 165 login attempts per minute
  • On average, every minute we blocked 1670 logins

October attack distribution by countries:

  • Malaysia: 29%
  • Vietnam: 27%
  • Russia: 18%
  • United States: 15%

In November (to this day):

  • We have blocked 31 million unauthorized access requests
  • There have been 2.1 million login attempts made
  • Over 1.2 million unique IP addresses have tried to log in to our servers
  • On average, we experience 151 login attempts per minute
  • On average, every minute we block 1690 logins

January attack distribution by countries:

  • Vietnam: 29%
  • Malaysia: 25%
  • United States: 18%
  • Indonesia: 17%

Not vulnerable by CVE-2019-11510

Following concerns about the arbitrary file read vulnerability CVE-2019-11510, we had to reassure our users that our servers were not affected by this remotely exploitable bug. This authentication bypass vulnerability is only valid for servers using Pulse Secure SSL VPN, and we do not use it. Our network relies on open-source software, which is out of the scope of the discussed issue.

Despite this, we are continually anticipating the potential risks posed by increasingly common server attacks and take adequate measures to ensure our network security. That is why we are willingly sharing our recent advancements. 

Most recent infrastructure-related milestones:

  • RAM solution

We started rolling out our servers to RAM solution to prevent any case of leaving any sensitive infrastructure-related data on their disks. If this would not be performed, such information can be seized or abused by anyone having private or Out of Band access to the server, including exploits. In addition to this, we have improved private certificate keys’s management on the servers. The process will continue for the upcoming months until all our servers will be RAM-only.

  • An intrusion detection system (IDS) on all VPN infra servers

The IDS solution was rolled-out as a safety maintenance mechanism to help us oversee unauthorized access attempts to our servers in case that happens.

  • IDS alert mechanism

We programmed automatic IDS alerts for a number of specific cases to get timely notifications if there are any changes in files, login attempts to our servers, or indications of potentially vulnerable software packages.

  • A dedicated internal security channel

The channel was created specifically for security-related internal communication and infrastructure maintenance alerts. It allows us to act quickly on any abnormal activity if identified in our server network.

___

Our core premise is securing people’s digital lives by humanizing privacy protection. We believe that sincerity and transparency are the critical factors in delivering on this. That is why we were one of the first VPN providers to undergo an independent security audit in 2018.

The third-party audit was done by an independent German cybersecurity company Cure 53, and its results were published publicly.

We performed the audit not only to check our technological practices but also to set a benchmark of openness to the whole privacy protection industry. Among other things, we will continue carrying out such audits in the future.