Security News > 2024 > May > Hackers target Check Point VPNs to breach enterprise networks

Hackers target Check Point VPNs to breach enterprise networks
2024-05-27 18:19

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory.

It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.

"We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method," the company said.

To defend against these ongoing attacks, Check Point warned customers to check for such vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades.

Local accounts with weak password-only authentication will be prevented from logging into the Remote Access VPN. "Customers can find more information on improving their VPNs' security in this support article, which also shares guidance on responding to unauthorized access attempts."By May 24th,. Check Point is the second company warning its VPN devices are being targeted in ongoing attacks in recent months.

In April, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti devices.


News URL

https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/