Cybercriminals are increasingly targeting Remote Access VPN technology integrated into all Check Point network firewalls, according to a recent alert issued by the company. These attackers are attempting to breach networks by using outdated and insecure password-only authentication methods.
Check Point’s VPN technology can be set up as a client-to-site VPN connection, which allows secure access to corporate networks through VPN clients. It can also be configured as an SSL VPN Portal for secure access over the public Internet. Despite these security measures, cybercriminals are still attempting to breach networks by logging in with old local accounts that utilize insecure password-only authentication. Typically, this type of authentication should be paired with a certificate to prevent unauthorized access.
Recently, three breach attempts have been identified that followed the same pattern. Check Point was able to analyze these attempts and determine the root cause of the security breaches. In response to these threats, Check Point is advising users of its network firewalls to conduct a thorough examination of their systems to identify any old local accounts that could be exploited by cybercriminals. The company recommends upgrading user authentication protocols to more secure options or removing vulnerable local accounts from the Security Management Server database.
Additionally, a hotfix has been released that prevents local accounts with weak password-only authentication from logging into the Remote Access VPN feature. This fix enhances the security of Check Point’s VPN technology. It is important to note that Check Point’s VPN technology is not the only one facing attacks from hackers. Other VPN environments, including those from vendors like Cisco, SonicWall, Fortinet, and Ubiquiti, are also being targeted by cybercriminals attempting brute-force attacks to steal login credentials.
:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/PR6FKLCCZJFRDA3ID64OSNDDHI.jpg)