Ongoing Hacking Campaign Targets Check Point VPNs

Intrusions infiltrating enterprise networks through Check Point Remote Access VPN instances are underway, according to BleepingComputer.

Attackers have conducted three attempts to compromise Check Point VPN solutions through old VPN local accounts using password-only authentication, an advisory from Check Point warned.

“…[W]hen we further analyzed [the attempts] with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So — a few attempts globally all in all but enough to understand a trend and especially — a quite straightforward way to ensure it’s unsuccessful,” said a Check Point spokesperson.

Organizations have been urged to better defend their systems by adopting more secure authentication options and removing vulnerable local accounts, as well as implementing a Security Gateway hotfix that would prevent purely password-protected accounts from accessing Remote Access VPN.

Such an advisory from Check Point comes more than a month after a Cisco alert noting extensive credential brute-force intrusions against Check Point, Cisco, SonicWall, Fortinet, and Ubiquiti devices’ VPN and SSH services.

READ MORE HERE