Check Point confirms VPN services targeted by hackers

All Check Point network firewalls come with Remote Access, which can be configured as a client-to-site VPN, or set up as an SSL VPN Portal.

Understanding the trend 

Now, hackers are going after old accounts that are only protected with passwords, to try and get easy access. While, luckily, there haven’t been too many attempts so far, they do represent a trend that needs to be cut short, the researchers said. Also luckily, the remedy is quite simple to implement. 

"We have recently witnessed compromised VPN solutions, including various cyber security vendors," the company's security advisory noted. "In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method."

"We've seen 3 such attempts, and later when we further analyzed it with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So - a few attempts globally all in all but enough to understand a trend and especially- a quite straightforward way to ensure it’s unsuccessful," a Check Point spokesperson told BleepingComputer.

Organizations looking to remain secure should check for vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades. T

hey should also change user authentication methods to something more secure, or alternatively - delete vulnerable local accounts from the Security Management Server database.

More from TechRadar Pro

• US defense sector under attack by China-backed hackers, with NSA confirming Ivanti VPN exploits are to blame
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now