Security News > 2024 > May > Hackers target Check Point VPNs to breach enterprise networks
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory.
It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.
"We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method," the company said.
To defend against these ongoing attacks, Check Point warned customers to check for such vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades.
Local accounts with weak password-only authentication will be prevented from logging into the Remote Access VPN. "Customers can find more information on improving their VPNs' security in this support article, which also shares guidance on responding to unauthorized access attempts."By May 24th,. Check Point is the second company warning its VPN devices are being targeted in ongoing attacks in recent months.
In April, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti devices.
News URL
Related news
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Intercontinental Exchange to pay $10M SEC penalty over VPN breach (source)
- Life360 says hacker tried to extort them after Tile data breach (source)