Use VPN software? Update everything and consider password changes…:
[…] The NCSC mitigation advice is, unsurprisingly, to apply the latest updates released by the vendors concerned. The NCSC acknowledged that “patching is not always straightforward and in some cases can cause business disruption,” but, quite correctly, said this remains the “single most important step” that can be taken to protect against the ongoing attack threat.
Both the NCSC and NSA advise that authentication credentials associated with the VPNs and any accounts connecting through them should be reset. “If a malicious actor previously exploited the vulnerability to collect legitimate credentials,” the NSA said, “these credentials would still be valid after patching.” The NSA further recommends the credential reset is performed after the VPN has been updated but before it is reconnected to the external network.
The NCSC also recommends that, if you suspect an attacker has successfully exploited one of the vulnerable VPNs, but you are unable to find specific evidence of the same, then the wiping of the device (a factory reset) should be considered.
Both agencies recommend the use of multi-factor authentication as an attack surface hardening measure, and the disabling of unused functionality and services to reduce that attack surface.