author photo
By Cam Sivesind
Tue | May 28, 2024 | 12:17 PM PDT

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company has warned in a new advisory.

In the advisory, Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches.

"We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024, we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method," the company said.

To defend against these ongoing attacks, Check Point warned customers to check for such vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades.

Check Point has advised organizations to review the use of local accounts and disable them if not needed. If they are needed, authentication should be made more secure, for instance, by adding an additional layer of authentication on top of passwords, such as certificates.

A few cybersecurity vendor representatives offered their perspective on the news.

Jason Soroko, Senior Vice President of Product at Sectigo, said:

"The advisory going out to Check Point customers is an important one. Switching from weak authentication to stronger authentication has multiple benefits. Username and password authentication is below the threshold of basic security, especially when much stronger forms of authentication are available. In addition to being insecure and inefficient, passwords are becoming increasingly inappropriate for many modern enterprise use-cases. Many of today's enterprise applications already actively support modern alternatives to passwords, by offering certificate-based authentication as the defacto technology to replace passwords for humans and machines."

Patrick Tiquet, Vice President, Security & Architecture, at Keeper Security, said: 

"The warning from Check Point is a reminder that threat actors are continually evolving their tactics, highlighting the critical need for enterprises to proactively defend themselves against cyber threats. Attackers exploiting old, insecure local accounts is a reminder that security is an ongoing process, and enterprises must continually update their authentication methods to ensure they are in line with the latest best practices. Reliance on password-only authentication is a glaring vulnerability that can be easily exploited. Enterprises must adopt a layered security approach that includes strong authentication methods, regular security assessments, and timely application of security patches."

Venky Raju, Field CTO at ColorTokens, said:

Comments