Security News > 2024 > May > Attackers are probing Check Point Remote Access VPN devices

Attackers are probing Check Point Remote Access VPN devices
2024-05-28 09:41

Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday.

In mid-April 2024, Cisco Talos warned about a global increase in brute-force attacks against VPN services, web application authentication interfaces and SSH services.

The devices targeted in these attacks were those by Cisco, Check Point, Fortinet and Sonicwall, as well as by MiktroTik, Draytek, and Ubiquiti.

Check Point now says that they have also recently witnessed compromised VPN solutions, including those by various cyber security vendors.

"In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method."

"Password-only authentication is considered an unfavorable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure," Check Point said, and offered additional advice on how to improve their VPN security posture and investigate unauthorized access attempts.


News URL

https://www.helpnetsecurity.com/2024/05/28/attackers-target-check-point-vpn/