Check Point confirms VPN services targeted by hackers
Date:
Wed, 29 May 2024 08:55:54 +0000
Description:
Hackers are after poorly protected VPN accounts as they look for easy ways into corporate infrastructure.
FULL STORY ======================================================================
Hackers are trying to wiggle their way into corporate networks through poorly protected Check Point Remote Access VPN devices, the company has confirmed in a security advisory.
Check Point Remote Access VPN software allows for secure remote access to corporate networks. Employees and authorized users can connect to their organization's network securely over the internet, accessing internal resources, applications, and data, from different devices such as smartphones or laptops, in the same way as if they were physically within the corporate network.
All Check Point network firewalls come with Remote Access, which can be configured as a client-to-site VPN, or set up as an SSL VPN Portal. Understanding the trend
Now, hackers are going after old accounts that are only protected with passwords, to try and get easy access. While, luckily, there havent been too many attempts so far, they do represent a trend that needs to be cut short, the researchers said. Also luckily, the remedy is quite simple to implement.
"We have recently witnessed compromised VPN solutions, including various
cyber security vendors," the company's security advisory noted. "In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method."
"We've seen 3 such attempts, and later when we further analyzed it with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So - a few attempts globally all in all but enough to understand a trend and especially- a quite straightforward way to ensure its unsuccessful," a Check Point spokesperson told BleepingComputer .
Organizations looking to remain secure should check for vulnerable accounts
on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades. T
hey should also change user authentication methods to something more secure, or alternatively - delete vulnerable local accounts from the Security Management Server database. More from TechRadar Pro US defense sector under attack by China-backed hackers, with NSA confirming Ivanti VPN exploits are
to blame Here's a list of the best firewalls today These are the best
endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/check-point-confirms-vpn-services-targe ted-by-hackers
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)