Network Security, Endpoint/Device Security, Patch/Configuration Management

Ongoing enterprise hacking campaign targets Check Point VPNs

VPN, or virtual private network provides privacy, anonymity and security to users by creating a private network connection across a public network connection - 3D Illustration Rendering

Intrusions infiltrating enterprise networks through Check Point Remote Access VPN instances are underway, according to BleepingComputer.

Attackers have conducted three attempts to compromise Check Point VPN solutions through old VPN local accounts using password-only authentication, an advisory from Check Point warned.

"…[W]hen we further analyzed [the attempts] with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So — a few attempts globally all in all but enough to understand a trend and especially — a quite straightforward way to ensure it's unsuccessful," said a Check Point spokesperson.

Organizations have been urged to better defend their systems by adopting more secure authentication options and removing vulnerable local accounts, as well as implementing a Security Gateway hotfix that would prevent purely password-protected accounts from accessing Remote Access VPN.

Such an advisory from Check Point comes more than a month after a Cisco alert noting extensive credential brute-force intrusions against Check Point, Cisco, SonicWall, Fortinet, and Ubiquiti devices' VPN and SSH services.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.