Check Point Software Technologies recently issued a warning about attempted cyberattacks targeting VPNs that rely solely on password authentication. The company highlighted an increase in threat actors exploiting remote access VPN environments to infiltrate enterprise networks, noting that even VPN solutions from various cybersecurity vendors have been compromised in recent incidents.
In response to monitoring suspicious VPN-related activities among its customers, Check Point identified a small number of login attempts using outdated VPN local accounts that only used passwords for authentication. These attempts were detected at least until May 24. To address this issue, the company assembled special teams composed of Incident Response, Research, Technical Services, and Products professionals to investigate and analyze these incidents in-depth.
The company cautioned against relying solely on password authentication and advised organizations to enhance their network security posture by implementing additional authentication methods. Check Point also released a hotfix for its Security Gateway products to prevent unauthorized access through old local accounts with password-only authentication.
In an effort to mitigate the risk of such attacks, Check Point recommended organizations to review and disable unused local accounts, as well as strengthen authentication mechanisms for accounts with password-only protection. Gil Messing, Check Point’s chief of staff, reported that as of May 24, the company had observed three attempted compromises on its customers, leading to the identification of potential recurring patterns in these attacks.
While acknowledging that these attacks are relatively limited in scope, Messing emphasized the importance of addressing any emerging threats promptly to prevent potential breaches. He highlighted the significance of identifying and sharing patterns of attack, regardless of their scale, and providing customers with recommendations and automated solutions to protect their networks.
The prevalence of high-stakes cyberattacks targeting VPNs is a significant concern in the cybersecurity landscape. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) revealed a breach involving authentication bypass vulnerabilities in Ivanti Policy Secure network access controllers and command injection flaws in Ivanti Connect Secure VPNs. Additionally, Coalition, a cyber insurer, reported a surge in insurance claims related to users of Cisco Adaptive Security Appliance, a product with VPN capabilities, signaling the ongoing threat posed by malicious actors targeting network edge devices like VPNs.
Overall, Check Point’s warning serves as a timely reminder for organizations to strengthen their VPN security measures and adopt multi-factor authentication to safeguard against potential cyber threats. As cybersecurity risks evolve, it is crucial for businesses to stay vigilant and proactive in fortifying their digital defenses to protect sensitive data and networks from malicious attacks.