View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Check Point warns of threat actors targeting its VPNs

In a new advisory, Check Point urged customers to shore up their security regimes for enterprise networks - especially those fond of password protection.

By Greg Noone

Check Point has warned customers of ongoing campaigns by threat actors to target its Remote Access VPN devices. In its latest advisory, the firm warned that it had observed cybercriminals mounting several campaigns in recent months to gain access to customers’ networks via its VPNs. The most concerning, it said, used password-based authentication methods to try and gain unauthorised access. 

“Attackers are motivated to gain access to organisations over remote-access setups so they can try to discover relevant enterprise assets and users, [looking] for vulnerabilities in order to gain persistence on key enterprise assets,” said the firm. “By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method.”

A Check Point office building in Tel Aviv, Israel.
Check Point has warned its customers to tighten up their VPN security regimes, after observing threat actors trying to hack into enterprise networks secured only through password authentication. (Photo by Check Point)

Check Point warns against relying solely on passwords

Using passwords in isolation to secure enterprise networks is generally frowned upon by most IT security experts, a point that Check Point reinforced in its advisory. Additionally, it recommended all customers check if they have local accounts and consult when they were accessed “and by whom.” If they are not used regularly, it added, local accounts should be deleted. Those that are, meanwhile, should be secured using additional layers of authentication and a new solution released by Check Point to address unauthorised access attempts. 

For those customers that had been impacted by threat actors targeting Check Point VPNs, said the firm, it “assembled special teams of Incident Response, Research, Technical Services and Products professionals which thoroughly exploited those and any other potential related attempts.” It was this effort, said Check Point, which led to the identification of a handful of other affected customers. 

VPNs vulnerable to exploitation

VPNs are proving increasingly attractive targets for threat actors. According to Zscaler’s 2024 TheatLabz VPN Risk Report, some 56% of organisations said theirs had been targeted by cybercriminals, with another 78% saying that they planned to implement zero trust strategies in the next year. The top threats arising from the successful exploitation of VPNs, the cybersecurity firm continued, were ransomware, malicious infections and DDoS attacks. 

“Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities,” said Deepen Desai, CSO at Zscaler. “It is essential to transition to a Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and Firewalls, enforces consistent security controls with TLS inspection, and limits the blast radius with segmentation & deception, thereby preventing damaging breaches.”

Read more: Zscaler calls investigators in amid breach speculation

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.