Check Point reports hackers are targeting its VPN as the company releases new security measures to prevent unauthorized access. Enhance your VPN security with multi-factor authentication and Check Point’s latest solutions.
Over recent months, cybercriminals have increasingly targeted remote-access VPN environments, using them as entry points to infiltrate enterprises. These attackers aim to identify valuable assets and users within organizations, exploiting vulnerabilities to establish persistence on critical enterprise systems.
The Israel-based cybersecurity giant Check Point has observed a troubling trend of compromised VPN solutions across various cybersecurity vendors. Specifically, Check Point’s monitoring has detected unauthorized access attempts targeting its VPNs available for Windows and macOS customers globally
According to the company’s report shared with Hackread.com ahead of publishing on May 27, 2024. By May 24, 2024, a small number of login attempts using outdated VPN local accounts, which relied solely on password-based authentication, were identified.
In response, Check Point assembled specialized teams comprising Incident Response, Research, Technical Services, and Product professionals to investigate these and other potential threats. Through customer notifications and comprehensive analysis, these teams discovered similar unauthorized access attempts within 24 hours among a few potential customers.
It is important to mention that relying on password-only authentication is a significant security risk. Check Point strongly advises against using this method for network infrastructure login. To counteract these unauthorized remote access attempts, Check Point has released a preventative solution.
Enhancing VPN Security: Recommendations from Check Point
- Audit Local Accounts: Review your local accounts to determine their usage and identify any unauthorized access.
- Disable Unused Accounts: If local accounts are not in use, it is best to disable them to eliminate potential entry points for attackers.
- Implement Multi-Factor Authentication (MFA): For local accounts that are necessary and currently rely on password-only authentication, add layer of security, such as certificates, to enhance IT security.
- Deploy Check Point’s Solution: Check Point customers should deploy the newly released solution on their Security Gateways. This measure will automatically prevent unauthorized access attempts on VPNs using password-only authentication.
Industry Expert’s Insight
Venky Raju, Field CTO at ColorTokens, emphasizes the urgency for organizations to transition from legacy VPNs to Zero Trust Network Access (ZTNA) solutions. He notes, “This is a stark reminder for organizations to make urgent plans to shift from legacy VPNs to ZTNA solutions.“
“ZTNA solutions have several advantages over VPNs, chief of which is that ZTNA inherently limits what the end user can access using the principles of least privilege. Additionally, ZTNA solutions better integrate with the enterprise’s identity management system, reducing the risk of compromised passwords or misconfiguration,” Raju advises.