TLDR:
Check Point has warned that hackers are targeting Remote Access VPN devices to gain access to enterprise networks. The attacks target old local VPN accounts with password-only authentication, leading to unauthorized access. Check Point has released a solution to prevent these attacks and recommends additional security measures for customers.
The software company Check Point has issued a warning regarding hackers targeting Remote Access VPN devices in order to gain unauthorized access to enterprise networks. This discovery has come after recent research by cyber insurance company At-Bay revealed that remote access tools were the entry point for 58% of ransomware attacks in 2023.
According to Check Point, these cyber attacks were identified after a few login attempts were flagged, specifically targeting old local VPN accounts that only utilized password authentication. The company has witnessed instances of compromised VPNs, including those belonging to cyber security providers.
In response, Check Point has introduced a solution to automatically block unauthorized access by local accounts using password-only authentication on their customers’ VPNs. The company recommends that customers review and disable any unused local accounts and add an additional layer of authentication, such as certificates, to enhance security.
Furthermore, Check Point advises customers to deploy their preventative solutions across Security Gateways to enhance overall security. It’s crucial for customers to be aware that these vulnerabilities apply specifically to remote access VPNs and not consumer products typically featured on platforms like Tom’s Guide’s Best VPN services guide.