Check Point Software Technologies recently issued an advisory regarding an ongoing campaign by threat actors to breach enterprise networks by targeting Remote Access VPN devices.
This development underscores the growing interest of malicious groups in exploiting remote-access VPN environments as entry points into corporate infrastructures.
Check Point’s Remote Access VPN is integrated into all its network firewalls, providing secure access to corporate networks via VPN clients or web-based SSL VPN portals.
However, attackers have been focusing on security gateways with outdated local accounts that rely solely on password authentication, a method deemed insecure without the additional layer of certificate authentication.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The company reported that by May 24, 2024, they had identified a small number of login attempts using old VPN local accounts with password-only authentication.
These attempts were part of a broader global trend, indicating a straightforward method for unauthorized access.
“A Check Point spokesperson revealed three such attempts initially, and further analysis suggested a similar pattern in other cases, underscoring the need for enhanced security measures”.
To counter these attacks, Check Point has issued several recommendations for its customers:
Check Point is not the only company facing such threats. In April 2024, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on devices from multiple vendors, including Check Point, SonicWall, Fortinet, and Ubiquiti.
These attacks, originating from TOR exit nodes and other anonymization tools, have been part of a broader campaign since March 18, 2024.
Cisco’s warnings included reports of password-spraying attacks linked to the “Brutus” malware botnet, which controlled over 20,000 IP addresses across cloud services and residential networks.
Additionally, the UAT4356 state-backed hacking group has been exploiting zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls to breach government networks globally since November 2023.
The recent surge in attacks on VPN services underscores the critical need for robust security measures. Check Point’s proactive steps, including releasing a hotfix and detailed recommendations for enhancing VPN security posture, aim to mitigate the risks posed by these sophisticated cyber threats.
Enterprises are urged to follow these guidelines diligently to protect their networks from unauthorized access and potential breaches.
For more detailed guidance on improving VPN security and responding to unauthorized access attempts, customers can refer to Check Point’s support documentation and contact their technical support center for assistance.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
In a sweeping directive aimed at streamlining the Department of Homeland Security (DHS) operations, Acting…
The much-anticipated Pwn2Own Automotive 2025 kicked off today at Tokyo Big Sight, showcasing the cutting…
A critical security flaw in Windows File Explorer, identified as CVE-2024-38100, has been actively exploited,…
Over 1,000 malicious domains have been identified that impersonate popular platforms like Reddit and WeTransfer…
A new ransomware threat dubbed "Helldown" has emerged, actively exploiting vulnerabilities in Zyxel firewall devices…
A former CIA analyst, Asif William Rahman, 34, pleaded guilty today to unlawfully retaining and…