Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication.
The warning came via a Monday blog post urging readers to improve their VPN security postures.
Check Point said it had seen an increase in threat actors leveraging remote access VPN environments in order to breach enterprise networks.
The company warned against password-only authentication, and recommended organizations do not rely on it for logging into network infrastructure.
Check Point released a hotfix for its Security Gateway products that blocks local accounts using password authentication.
This would presumably stop old, unused accounts from being used in attacks similar to those described in the blog post.
In a list of recommended mitigations, Check Point advised organizations to identify if they have local accounts and review how they have been used; disable local accounts if they are not already in use; and add extra authentication to accounts with password-only protection currently in use.
Asked about what made this series of attacks noteworthy given how common identity attacks against poor password hygiene are, Messing said Check Point felt any pattern - large or small - was worth calling attention to.
High stakes cyber attacks involving VPNs are unfortunately commonplace.
CISA in March disclosed that it experienced a breach via an authentication bypass vulnerability affecting Ivanti Policy Secure network access controllers and a command injection flaw affecting Ivanti Connect Secure VPNs. Meanwhile, cyber insurer Coalition said in a report last month that insurance claims from users of Cisco Adaptive Security Appliance, a product that includes VPN capabilities, spiked in 2023.
Coalition's report noted that network edge devices such as VPNs are prime targets for a variety of threat actors.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
This Cyber News was published on www.techtarget.com. Publication date: Tue, 28 May 2024 19:13:05 +0000