Software company Check Point has warned that hackers are targeting its Remote Access VPN devices in order to gain access to enterprise networks.
This discovery comes shortly after cyber insurance company At-Bay published research that remote access tools were the intrusion point for 58% of ransomware attacks in 2023.
In an advisory published on May 27, the software company explained that the cyber attacks were discovered after a "small number" of login attempts were flagged. These login attempts targeted old local VPN accounts that used insecure password-only authentication.
The company also said that it had recently witnessed VPNs becoming compromised, including cyber security providers.
In its advisory, Check Point said that hackers were targeting remote access tools in an attempt "discover relevant enterprise assets and users, seeking for vulnerabilities in order to gain persistence on key enterprise assets".
The company has released a solution that automatically prevents unauthorized access by local accounts with password-only authentication to its customers' VPNs. This solution aims to address these unauthorized login attempts, and prevent them from happening in the future.
In order to improve their security, Check Point has recommended that its customers check their local accounts to see both if they have them, and to see if they have been used and who has used them. If users have local accounts they're not using, Check Point says it's best to just disable them.
Check Point also suggests adding another layer of authentication, for example certificates, to any local accounts that its customers are using, but are currently using password-only authentication. Finally, they urged customers to deploy its preventative solutions across their Security Gateways.
Note that these vulnerabilities apply only to remote access VPNs, and not to the consumer products we primarily feature on Tom's Guide on pages like our guide to the best VPN services.
