Security News > 2024 > May > Hackers target Check Point VPNs to breach enterprise networks
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory.
It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.
"We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method," the company said.
To defend against these ongoing attacks, Check Point warned customers to check for such vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades.
Local accounts with weak password-only authentication will be prevented from logging into the Remote Access VPN. "Customers can find more information on improving their VPNs' security in this support article, which also shares guidance on responding to unauthorized access attempts."By May 24th,. Check Point is the second company warning its VPN devices are being targeted in ongoing attacks in recent months.
In April, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti devices.
News URL
Related news
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)