Check Point confirms that VPN services are being targeted by hackers
Hackers are trying to force their way into corporate networks through poorly secured Check Point Remote Access VPN devices, the company has confirmed in a security advisory.
Check Point Remote Access VPN software provides secure remote access to corporate networks. Employees and authorized users can securely connect to their organization’s network over the Internet and access internal resources, applications and data from various devices such as smartphones or laptops, the same way as if they were physically within the corporate network.
All Check Point network firewalls come with remote access, which can be configured as a client-to-site VPN, or set up as an SSL VPN portal.
Understanding the trend
Now hackers are going after old accounts protected only by passwords in an attempt to gain easy access. While fortunately there haven’t been too many attempts so far, they do represent a trend that needs to be curtailed, the researchers said. Fortunately, the remedy is quite easy to implement.
“We have recently witnessed compromised VPN solutions, including several cybersecurity vendors,” the company’s security advisory said. “In light of these events, we have been monitoring attempts to gain unauthorized access to Check Point customer VPNs. On May 24, 2024, we identified a small number of login attempts using old local VPN accounts that relied on a non- recommended password-only authentication method.”
“We saw three such attempts, and when we analyzed it further later with the special teams we put together, we saw what we believe is potentially the same pattern (around the same number). So – a few attempts worldwide, but all in all enough to understand a trend and most importantly: a fairly simple way to ensure that it is not successful,” said a Check Point spokesperson BleepingComputer.
Organizations that want to stay secure should check for vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on VPN software blades for mobile and remote access. T
hey should also change the user authentication methods to something more secure, or alternatively, remove vulnerable local accounts from the Security Management Server database.