Check Point Urges VPN Configuration Review Amid Attack Spike

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks.

Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted. 

In particular, Check Point has observed attempts to breach its customers’ VPNs, identifying a small number of login attempts on May 24 2024, using outdated VPN local accounts with password-only authentication. These attacks did not exploit a software vulnerability but instead leveraged weaker authentication methods.

Check Point reportedly responded by mobilizing specialized teams to investigate these incidents. 

“In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers,” the company wrote. “Relying on these customer notifications and Check Point’s analysis, the teams found within 24 hours a few potential customers who were subject to similar attempts.” 

The advisory also highlighted the inadequacy of password-only authentication for securing remote access to certain types of networks.

“Password-only authentication is considered an unfavorable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure,” reads the advisory

To defend against similar attacks, Check Point recommended that organizations reassess their use of local accounts, advising them to disable unnecessary accounts. For essential accounts, they suggest enhancing security by adding another layer of authentication, such as certificates, to supplement passwords.

To assist their customers, Check Point has also released a solution designed to automatically prevent unauthorized access via local accounts using password-only authentication. This solution can be deployed on security gateways to strengthen defenses against these types of attacks.

“This will automatically prevent unauthorized access to your VPNs by local accounts with a password-only authentication method,” the company explained.

Read more on multi-factor authentication: Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

US Supreme Court Gives Green Light to TikTok Ban
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers
Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
Lazarus Group Targets Developers in New Data Theft Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *