Latest news with #VirtualPrivateNetworks
Techday NZ
3 days ago
- Business
- Techday NZ
Five use cases that justify ditching VPNs for good
For years, Virtual Private Networks (VPN) have been the go-to solution for secure remote as the digital landscape evolves, the very infrastructure that once offered protection is now proving to be a significant liability. More than half (56%) of organisations experienced at least one VPN-related security incident in the past year, with many experiencing multiple breaches, making VPNs a primary attack vector. Furthermore, backhauling non-local traffic through the VPN just to access the internet leads to poor user experience, high costs, and complex routing. In fact, 22% of users complain about slow connection speeds, and 19% are frustrated by complex authentication processes with VPNs. IT teams also find balancing performance (21%) and constant troubleshooting (18%) to be top VPN headaches. For organisations looking to modernise their connectivity for a hybrid workforce, Zero Trust Network Access (ZTNA) is generally being touted as the superior alternative. However, not all ZTNA solutions are created equal, and to truly move beyond legacy VPNs, organisations should focus on their use cases rather than trying to fit themselves around one technology. Doing this, it becomes obvious that integrating ZTNA with other security tools within broader models such as Secure Access Service Edge (SASE) is the key to finally giving VPNs the boot. Here are five use cases where replacing VPNs with ZTNA can help organisations. 1. Enable hybrid workers The rise of the hybrid work model has exposed the inadequacies of legacy VPN solutions. VPNs offer limited visibility into application activities, suffer from latency due to traffic backhauling, and grant broad network-level access that allows for unrestricted lateral movements. Unpatched vulnerabilities in VPN concentrators can also act as major attack vectors. ZTNA is a safer and more efficient remote access alternative for hybrid workers, that allows organisations to deploy identity and context-aware least-privileged access among their workforce, and minimise unauthorised lateral movements in case of compromise. It also ensures consistent enforcement of security policies regardless of the user's location by providing real-time visibility into user activities and detailed network and application traffic. Finally, it facilitates the secure onboarding of new devices, enables remote password resets, and ensures only sanctioned devices access critical internal resources. 2. Accelerate cloud migration Digital transformation has led to a tipping point where more workloads reside in public clouds than in private data centres, and ensuring efficient connectivity for users to all environments for efficiency and productivity is key. As they route user traffic through private data centres before connecting to cloud environments or applications, VPNs often deliver a poor user experience. This is why a majority of IT teams (51%) rate 'better application performance' as a key driver of ZTNA programs. But ZTNA doesn't necessarily resolve these complex routing decisions. Organisations considering ZTNA solutions should seek to understand the network on which they are built, and reject architectures that involve hairpinning, or anything that looks like data and traffic will travel further than it should. 3. Facilitate unmanaged device access (when It makes sense) Organisations increasingly need to grant secure access to corporate resources for external contractors, service providers, and partners, and security teams face the challenge of accommodating unmanaged device access without exposing resources. This challenge can't be solved with VPNs, which often grant excessive access. This is a use case where a ZTNA solution sitting within a consolidated SASE architecture makes sense. Enterprise browsers can be easily and remotely deployed to unmanaged devices, extending the organisation's remote access and security policies to those users who can access corporate resources within an isolated and secure browser on their devices, without the need for security teams to duplicate operational effort around policy management. 4. Support remote contact centres While many call centres are adopting cloud-based Unified Communication as a Service (UCaaS), many still rely on legacy on-premises hosted VoIP systems, often routing calls through remote access VPNs. Most cloud-delivered ZTNA solutions currently don't support on-premises hosted VoIP, forcing organisations to maintain both ZTNA and VPN infrastructure. Platforms that converge ZTNA and SD-WAN capabilities can solve this problem, and should include capabilities such as dynamic traffic steering and context-aware Quality of Service (QoS) to ensure a consistent voice and video application experience. 5. Accelerate M&A integration The success of a merger or acquisition is often determined by how quickly the integration of the two entities can be completed, and traditional methods of merging networks are costly, time-consuming, and complex. An overwhelming majority of organisations (91%) find third-party access and M&A integration very challenging using VPNs. ZTNA allows organisations to quickly connect employees, contractors, and advisors to essential resources from day one, and eliminates the need for VPN setup and network merging, enabling immediate and secure integration. While legacy remote access VPNs were once cutting-edge, they now pose significant security vulnerabilities and degrade network performance and user experience. Many ZTNA solutions today offer only partial VPN replacement, leading to a complex mix of infrastructure that can be more complicated than the original setup. When assessing modern alternatives, these compromises are not necessary if the more challenging use cases are recognised upfront, and planned for in architecture selection.
The Hindu
4 days ago
- The Hindu
Accused in two terror attacks in India used online payment services, e-commerce platforms, VPNs: terror financing watchdog's report
Global money laundering and terrorist financing watchdog Financial Action Task Force (FATF) has said that the accused in two recent terror attacks in India used online payment services, e-commerce platforms, and Virtual Private Networks (VPNs). The FATF cited the incidents in its report 'Comprehensive Update on Terrorist Financing Risks' published on Tuesday (July 8, 2025). The first case pertains to use of online payment services and VPNs to fund a 'lone actor' terrorist act. On April 3, 2022, an individual influenced by terror group ISIL's ideology attacked security personnel at Gorakhnath Temple in Uttar Pradesh. The attack was detected during the attempt by the accused to breach security, leading to his immediate arrest. The case was transferred to the State Anti-Terror Squad (ATS) for investigation. The ATS found that the accused had transferred ₹6,69,841 via PayPal to foreign countries in support of ISIL, using international third-party transactions and VPN services to obscure the IP address. He also received ₹10,323.35 from a foreign source. A forensic report on the accused's phone revealed that he had been using a VPN for calls, chatting, and downloads to evade detection. 'Further financial scrutiny uncovered that the accused had made a payment to a VPN provider through his bank account to secure these services... the investigation also uncovered that the accused had sent money to multiple individuals identified as ISIL followers in foreign jurisdictions to support terrorist activities,' said the report. Pulwama attack During the probe into the February 2019 suicide-bomb attack on a convoy killing 40 Central Reserve Police Force (CRPF) personnel in Jammu and Kashmir's Pulwama, it was detected that an e-commerce platform was used for the procurement of materials for the terrorist attack, carried out by Pakistan-based Jaish-e-Mohammed. A key component of the improvised explosive device used in the attack — aluminium powder — was procured 'through the EPOM [E-commerce platforms and online marketplaces] Amazon'. 'This material was used to enhance the impact of the blast. As a result of the investigation, 19 individuals were charged under relevant provisions of the Unlawful Activities (Prevention) Act, including sections related to Terror Financing. Among those charged were seven foreign nationals, including the suicide bomber'. 'Terrorists have been reported to abuse EPOMs, which are occupying an evergrowing position in worldwide economic landscapes, for various purposes... criminals and terrorists can pose as multiple buyers and sellers (e.g., fraudulent/complicit online shop fronts) on the EPOMs, and use trade-based ML/TF [Money Laundering/Terror Financing] techniques, such as over/under invoicing, to transfer value (goods and funds) between each other,' the report observed. The report said terrorists have used EPOMs for procuring equipment, weapons, chemicals, and 3D-printing material. 'EPOMs can also be used by terrorists to sell items to finance their projects and operations, including lower value items that were previously not in demand. EPOMs can be used to sell items obtained through wildlife exploitation or stolen cultural artefacts,' said the report. It has been found that EPOMs can be used for fund-moving purposes inspired by trade-based money laundering schemes. Traded goods can offer a disguise for the value being transferred from one member to another of the network, as per the report. The methods of raising or transfer of funds for terror financing as highlighted in the report include trafficking of humans/ goods/ drugs/ wildlife articles, virtual assets, donations, crowdfunding, use of shell entities, shell bank accounts and immediate cash withdrawals, mobile applications, misuse of non-profit organisations, extortion, kidnapping for ransom, 'hawala' channels, etc.
Time of India
24-06-2025
- Time of India
Chennai woman arrested for hoax bomb emails driven by obsession
A 30-year-old woman named Rene Joshilda, who worked as a senior consultant with an IT firm in Chennai, has been arrested by the Ahmedabad Cyber Crime Branch . She is accused of sending at least 21 bomb threat emails to places in 12 Indian states, including Gujarat. Some of the places she targeted were schools, the Narendra Modi Cricket Stadium, and BJ Medical College. Obsessed with colleague, took revenge after his marriage Joshilda is an electrical engineer and works for Deloitte USI in Chennai. According to police, she was secretly in love with a male colleague who didn't know about her feelings. She became angry and upset when he got married on February 25 this year. Out of revenge, she sent bomb threat emails using his name or accused him of rape in fake emails. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Villa For Sale in Dubai Might Surprise You Villas in Dubai | Search ads Learn More Undo Harassed other women and made fake documents Police said her obsession had been going on for two years. She would create fake email accounts to send messages and harass any woman who talked to her male colleague. In one case, she harassed a woman so much that the woman quit her job. Joshilda even created a fake marriage certificate showing that she was married to this colleague and shared it with others in the office. Used advanced cyber tools Live Events To hide her identity, Joshilda used advanced cyber tools like VPNs (Virtual Private Networks), fake phone numbers, and spoofed email accounts. She is believed to have bought around 80 fake phone numbers and sent hundreds of false messages and emails. Police said her turning point came when her colleague got married. That's when she began sending a series of fake bomb threats, trying to frame him and create legal trouble for him. How she got caught Although she tried hard to cover her tracks, one small digital mistake helped the police trace her. Police collected digital proof and documents from her devices. She had been sending such emails for over a year before being caught. She was arrested at her home in Chennai. Her emails caused panic in multiple states, including Gujarat, Maharashtra, Rajasthan, Delhi, and Tamil Nadu. Police say that in many of the threatening emails, she mentioned the name of the male colleague. This helped them link the case back to her. [With TOI inputs]
AsiaOne
21-06-2025
- Business
- AsiaOne
Australia social media teen ban software trial organisers say the tech works, World News
SYDNEY - Some age-checking applications collect too much data and no product works 100 per cent of the time, but using software to enforce a teenage social media ban can work in Australia, the head of the world's biggest trial of the technology said on Friday (June 20). The view from the government-commissioned Age Assurance Technology Trial of more than 1,000 Australian school students and hundreds of adults is a boost to the country's plan to keep under 16s off social media. From December, in a world first ban, companies like Facebook and Instagram owner Meta, Snapchat and TikTok must prove they are taking reasonable steps to block young people from their platforms or face a fine of up to A$49.5 million (S$41 million). Since the Australian government announced the legislation last year, child protection advocates, tech industry groups and children themselves have questioned whether the ban can be enforced due to workarounds like Virtual Private Networks, which obscure an internet user's location. "Age assurance can be done in Australia privately, efficiently and effectively," said Tony Allen, CEO of the Age Check Certification Scheme, the UK-based organisation overseeing the Australian trial. The trial found "no significant tech barriers" to rolling out a software-based scheme in Australia, although there was "no one-size-fits-all solution, and no solution that worked perfectly in all deployments," Allen added in an online presentation. Allen noted that some age-assurance software firms "don't really know at this stage what data they may need to be able to support law enforcement and regulators in the future. "There's a risk there that they could be inadvertently over-collecting information that wouldn't be used or needed." Organisers of the trial, which concluded earlier this month, gave no data findings and offered only a broad overview which did not name individual products. They will deliver a report to the government next month which officials have said will inform an industry consultation ahead of the December deadline. A spokesperson for the office of the eSafety Commissioner, which will advise the government on how to implement the ban, said the preliminary findings were a "useful indication of the likely outcomes from the trial. [[nid:705771]] "We are pleased to see the trial suggests that age assurance technologies, when deployed the right way and likely in conjunction with other techniques and methods, can be private, robust and effective," the spokesperson said. The Australian ban is being watched closely around the world with several governments exploring ways to limit children's exposure to social media.
Express Tribune
20-06-2025
- Business
- Express Tribune
Teen social media ban clears first hurdle in Australia
Some age-checking applications collect too much data and no product works 100% of the time, but using software to enforce a teenage social media ban can work in Australia, the head of the world's biggest trial of the technology said on Friday. The view from the government-commissioned Age Assurance Technology Trial of more than 1,000 Australian school students and hundreds of adults is a boost to the country's plan to keep under 16s off social media. From December, in a world first ban, companies like Facebook and Instagram owner Meta, Snapchat, and TikTok must prove they are taking reasonable steps to block young people from their platforms or face a fine of up to A$49.5 million ($32 million). Since the Australian government announced the legislation last year, child protection advocates, tech industry groups and children themselves have questioned whether the ban can be enforced due to workarounds like Virtual Private Networks, which obscure an internet user's location. "Age assurance can be done in Australia privately, efficiently and effectively," said Tony Allen, CEO of the Age Check Certification Scheme, the UK-based organisation overseeing the Australian trial. The trial found "no significant tech barriers" to rolling out a software-based scheme in Australia, although there was "no one-size-fits-all solution, and no solution that worked perfectly in all deployments," Allen added in an online presentation. Allen noted that some age-assurance software firms "don't really know at this stage what data they may need to be able to support law enforcement and regulators in the future. "There's a risk there that they could be inadvertently over-collecting information that wouldn't be used or needed." Organisers of the trial, which concluded earlier this month, gave no data findings and offered only a broad overview which did not name individual products. They will deliver a report to the government next month which officials have said will inform an industry consultation ahead of the December deadline. A spokesperson for the office of the eSafety Commissioner, which will advise the government on how to implement the ban, said the preliminary findings were a "useful indication of the likely outcomes from the trial. "We are pleased to see the trial suggests that age assurance technologies, when deployed the right way and likely in conjunction with other techniques and methods, can be private, robust and effective," the spokesperson said. The Australian ban is being watched closely around the world with several governments exploring ways to limit children's exposure to social media.
