© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Check Point: ‘More hackers using VPN environments as entry point for cyberattacks’

Over the past few months, cybersecurity company Check Point has observed an increased interest of malicious groups misusing its remote access VPN devices as an entry point and attack vector into enterprises.

“Attackers are motivated to gain access to organizations over remote-access setups so they can try to discover relevant enterprise assets and users, seeking for vulnerabilities in order to gain persistence on key enterprise assets”, the firm says in a statement.

The company assembled special teams of Incident Response, Research, Technical Services and Products professionals. Within 24 hours they found that a few clients were subject to similar attempts.

In light of these recent events, Check Point employees have been monitoring endeavors to gain unauthorized access to VPNs of its customers. Last week the company identified ‘a small number of login attempts’ using compromised VPN solutions.

The hackers tried to access clients’ old VPN local-accounts using passwords. “Password-only authentication is considered an unfavorable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure”, Check Points advises.

Check Point recommends improving VPN security

To thwart hackers from entering business networks, Check Point encourages customers to improve their VPN security. First of all, system administrators should check whether or not they have local accounts. If they do, admins are doing well to see if they were used and by whom.

If a company has local VPN accounts and doesn’t use them, then it’s best to disable or delete them from the Security Management Server Database. Adding a layer of authentication to these accounts like two-factor authentication (2FA), increases the overall IT security.

Lastly, using Check Point’s Security Gateway hotfix, customers enhance their VPN Security Posture. After installing, local accounts with weak password-only authentication will be prevented from logging into Remote Access VPN.

Check Point is the second company in recent months saying that VPN devices are increasingly being targeted by threat actors to stage a cyber attack. In April, Cisco warned about widespread brute force attacks targeting VPN and SSH services in Cisco, SonicWall, Fortinet and Ubiquiti devices.

Leave a Reply

Your email address will not be published. Required fields are marked