Check Point VPN Fix Released After Researchers Observe Malicious Access Attempts
28 May 2024 at 11:53
Check Point researchers have observed a surge in threat actor groups targeting remote-access VPN environments as an entry point for gaining access to enterprise networks.
In response to these threats, Check Point has been monitoring unauthorized access attempts on Check Point VPNs and has released a preventative solution to address the issue. While the researchers suggested that the issue is broader than Check Point VPNs, the fix applies solely to Check Point environments.
Identification of Unauthorized Access Attempts to Check Point VPN
On May 24, Check Point identified a small number of login attempts using old VPN local accounts that relied on an unrecommended password-only authentication method. The company assembled special teams of Incident Response, Research, Technical Services, and Products professionals to thoroughly investigate these attempts and any other potentially related incidents. Within 24 hours, the teams identified several potential customers who were subject to similar attempts and notified them accordingly. The teams consider password-only authentication methods insecure and more susceptible to the compromise of network infrastructure, recommending against solely relying on these methods when logging into network infrastructure. Several points were advised by the teams as preventative measures, such as:- Reviewing and disabling unused local accounts.
- Implementing an additional layer of authentication, such as certificates, to password-only accounts.
- Deploying additional solutions on Security Gateways to automatically block unauthorized access.
- Contacting the Check Point technical support team or a local representative for additional guidance and assistance.