Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises.
Attackers are motivated to gain access to organizations over remote-access setups so they can try to discover relevant enterprise assets and users, seeking for vulnerabilities in order to gain persistence on key enterprise assets.
We have recently witnessed compromised VPN solutions, including various cyber security vendors.
In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers.
By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method.
We have assembled special teams of Incident Response, Research, Technical Services and Products professionals which thoroughly explored those and any other potential related attempts.
Relying on these customers notifications and Check Point's analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts.
Password-only authentication is considered an unfavourable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure.
Check Point has released a solution, as a preventative measure to address these unauthorised remote access attempts.
Check if you have local accounts, if they were used and by whom.
If you have local accounts which you want to use and are password-only authenticated, add another layer of authentication to increase your environments IT security.
As said, If you are a Check Point customer, deploy our solution on your Security Gateways.
This will automatically prevent unauthorized access to your VPNs by local accounts with password-only authentication method.
Learn more and receive practical guidance for configuration monitoring and practices to enhance your VPN security posture.
For any additional assistance required, please contact Check Point technical support Center or your local Check Point representative.
We value the collaboration of our customers and dedication of our teams to reach a solution which effectively addresses any such attempts.
This Cyber News was published on blog.checkpoint.com. Publication date: Mon, 27 May 2024 12:43:09 +0000