AstroVPN Security Report: 2023 Q1

Welcome to the Security Report for AstroVPN, which covers the security events that the organization has faced in the past three months. The purpose of this report is to provide meaningful insights into the overall security and stability of AstroVPN, by analyzing the different types of security events that have occurred during this period. The report aims to identify potential security risks and vulnerabilities faced by the organization and provide recommendations for improving its security posture. Through this report, we hope to increase awareness of the importance of cybersecurity and promote best practices for ensuring the safety and protection of AstroVPN's systems and data

Report Data

Our data was collected through various tools such as Cloudflare, Zabbix, and Grafana, which are part of AstroVPN's internal monitoring system. By leveraging these visualization tools, we can provide meaningful statistics while ensuring the privacy of our users and the public. This approach enables us to identify potential security threats and vulnerabilities, monitor network performance, and proactively address issues. With this information, we can continue to improve the security and stability of our organization, while maintaining the confidentiality of sensitive data.

Commitments to You

The statements listed below are commitments we stand by as an organization that stands true as of the last Transparency Report revision date. Should a commitment change in concurrence with a legal process or security event, the statement will be redacted in the next revision.

• AstroVPN has never sold, traded, shared, or distributed personal information about its customers with a third party.

• AstroVPN has never lowered or altered levels of encryption at the request of a government entity.

• AstroVPN has never shared customer information with a government agency with regard to a pending or ongoing investigation.

• AstroVPN has never deployed or installed software/hardware as instructed by the government.

• AstroVPN has never provided or installed backdoor system access to a third party to critical IT infrastructure

Security Report

Security Alerts/Notices
Security alerts and notices presented in this report were gathered using AstroVPN's internal monitoring system, providing valuable insight into the organization's overall health.

During the last quarter, we noticed a surge in the number of security events, primarily due to our efforts to move VPN endpoints to new providers and scale our network into new regions. Despite this increase, we also observed a significant drop in the number of alerts with severity levels greater than 12. This trend suggests that our proactive approach to security measures is paying off, resulting in a more secure and stable environment for AstroVPN's systems and data.

Denial of Service Attacks

Denial of Service (DoS) attacks continue to be a persistent challenge for companies like AstroVPN, which heavily rely on the internet to provide services to our users.

In the first quarter of 2023, we experienced some of the largest and longest Distributed Denial of Service (DDoS) attacks that our organization has ever encountered. Notably, one attack reached a peak of 7 million packets per second. Despite the severity of these attacks, our team quickly responded and implemented effective mitigation strategies to minimize their impact on our users. As we continue to face these types of threats, we remain vigilant in our efforts to enhance our security measures and protect our systems from potential disruptions.

Software Vulnerabilities

AstroVPN's monitoring systems play a critical role in identifying software vulnerabilities, enabling our team of engineers to take swift corrective action. In the first quarter of the year, we prioritized the resolution of CVE-2023-0568 and CVE-2023-0569, which are both security vulnerabilities that affected PHP and could be used to create a denial-of-service attack. Additionally, we successfully patched the oldest CVE we found this quarter, CVE-2022-4900.

By continuously monitoring and addressing these types of vulnerabilities, we aim to ensure the security and integrity of our systems and data and protect our users from potential security risks.

Suspicious Emails & Phishing Attacks

Phishing attacks, ransom requests, and other email-based attack vectors are growing increasingly common across the internet, posing a significant threat to businesses like AstroVPN. To combat these threats, we place great importance on email security and training to ensure that our employees are equipped with the necessary knowledge and skills to identify and respond to these types of attacks. We regularly provide our employees with security awareness training, conduct simulated phishing exercises, and implement technical controls such as spam filtering and email authentication protocols to minimize the risk of email-based attacks.

Despite our efforts, this year, we received our first ransom requests. Our team immediately identified the nature of the attack and promptly implemented measures to prevent any further damage. This experience highlights the need for organizations to remain vigilant and proactive in their approach to email security, even in situations where the attacks may be baseless.

To view the PDF version of this report please click the button below.