Check Point warns of threat actors targeting VPNs

Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication.
The warning came via a Monday blog post urging readers to improve their VPN security postures.
Check Point said it had seen an increase in threat actors leveraging remote access VPN environments in order to breach enterprise networks.
The company warned against password-only authentication, and recommended organizations do not rely on it for logging into network infrastructure.
Check Point released a hotfix for its Security Gateway products that blocks local accounts using password authentication.
This would presumably stop old, unused accounts from being used in attacks similar to those described in the blog post.
In a list of recommended mitigations, Check Point advised organizations to identify if they have local accounts and review how they have been used; disable local accounts if they are not already in use; and add extra authentication to accounts with password-only protection currently in use.
Asked about what made this series of attacks noteworthy given how common identity attacks against poor password hygiene are, Messing said Check Point felt any pattern - large or small - was worth calling attention to.
High stakes cyber attacks involving VPNs are unfortunately commonplace.
CISA in March disclosed that it experienced a breach via an authentication bypass vulnerability affecting Ivanti Policy Secure network access controllers and a command injection flaw affecting Ivanti Connect Secure VPNs. Meanwhile, cyber insurer Coalition said in a report last month that insurance claims from users of Cisco Adaptive Security Appliance, a product that includes VPN capabilities, spiked in 2023.
Coalition's report noted that network edge devices such as VPNs are prime targets for a variety of threat actors.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.


This Cyber News was published on www.techtarget.com. Publication date: Tue, 28 May 2024 19:13:05 +0000


Cyber News related to Check Point warns of threat actors targeting VPNs

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
10 months ago Microsoft.com
Check Point warns of threat actors targeting VPNs - Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication. The warning came via a Monday blog post urging readers to improve their VPN security ...
6 months ago Techtarget.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
7 months ago Cybersecurity-insiders.com
5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
9 months ago Techrepublic.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
5 months ago Securityaffairs.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
6 months ago Securityaffairs.com
Attackers Target Check Point VPNs to Access Corporate Networks - In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access. Multiple cybersecurity vendors' solutions have been compromised, according to a recent ...
6 months ago Darkreading.com
Hackers target Check Point VPNs to breach enterprise networks - Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured ...
6 months ago Bleepingcomputer.com
Unveiling Free VPN Risks: Protecting Online Privacy and Security - If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network. Virtual Private Networks are specifically crafted to accomplish this task. A quality VPN channels your web ...
11 months ago Cysecurity.news
Check Point discovers vulnerability tied to VPN attacks - Check Point Software Technologies disclosed a zero-day vulnerability connected to recent attempted attacks against its VPN technology. The cybersecurity vendor advised customers against using password-only authentication for local accounts and issued ...
6 months ago Techtarget.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
11 months ago Darkreading.com
GigaOm's Cloud Network Security Radar Ranks Check Point as the Industry Leader - This article introduces GigaOm's inaugural Radar for Cloud Network Security and explains why Check Point was ranked as the Leader as well as a Fast Mover. Firstly, it is the cloudified version of Check Point's on-premises network security, from which ...
11 months ago Blog.checkpoint.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
11 months ago Cyberdefensemagazine.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
VPN for Your Phone: Key to Global Email Security While Traveling - You'll need to enter the details of your VPN connection, including the VPN name, type, server address, and any required authentication credentials. One essential way to use a VPN is to protect your email communications. A VPN can be side-loaded for ...
1 year ago Securityboulevard.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com
Check Point VPN zero-day exploited in attacks since April 30 - Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. Check Point warned ...
6 months ago Bleepingcomputer.com
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
6 months ago Securityaffairs.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
10 months ago Thedfirreport.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
10 months ago Techrepublic.com
UAE Cybersecurity Official Warns of VPN Abuse - The top cyber official in the United Arab Emirates worries that virtual private networks are being misused in the country. UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the ...
10 months ago Darkreading.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
11 months ago Techrepublic.com
5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
11 months ago Techrepublic.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)