Highlights:
- Researchers at Check Point have noted malicious groups using VPNs as both an entry point and a vector for attacks on organizations.
- Check Point VPN vulnerability alerts were alarmed as a few login attempts using outdated VPN local accounts were used that rely solely on password authentication.
Check Point Software Technologies Ltd., a cybersecurity firm, is cautioning about an uptick in threat actors exploiting remote-access virtual private network (VPN) environments to gain authorized access to enterprises.
In recent months, researchers at Check Point have noted malicious groups using VPNs as both an entry point and a vector for attacks on organizations. These groups aim to identify enterprise assets and users, searching for vulnerabilities that would allow them to establish persistence on critical assets.
Recently, Check Point VPN vulnerability alerts were alarmed as a few login attempts using outdated VPN local accounts were used that rely solely on password authentication. It’s worth noting that password-only authentication is considered insecure.
The researchers also discovered a vulnerability in Check Point Network Security gateways, which could allow an attacker to access certain information on internet-connected Check Point gateways with remote access VPN or mobile access enabled.
Check Point has released a solution to address the vulnerability, and they advise all customers using Check Point Network Security gateways to implement it.
At cybersecurity company Keeper Security Inc., Vice President of Security and Architecture Patrick Tiquet emphasized to a prominent media outlet that Check Point VPN vulnerability alerts are a reminder that threat actors constantly evolve their tactics. He underscored the importance of enterprises adopting a more proactive stance against cyber threats.
Tiquet said, “Attackers exploiting old, insecure local accounts is a reminder that security is an ongoing process, and enterprises must continually update their authentication methods to ensure they align with the latest best practices. Enterprises must adopt a layered security approach that includes strong authentication methods, regular security assessments, and timely application of security patches.”
Jason Soroko, Senior Vice President of products at certificate management solutions company Sectigo Ltd., noted that transitioning to more robust authentication methods offers numerous advantages. He said, “Many of today’s enterprise applications already actively support modern alternatives to passwords by offering certificate-based authentication as the de-facto technology to replace passwords for humans and machines.”