Threat actors have set their sights on Check Point’s Remote Access VPN devices, engaging in a persistent campaign to infiltrate enterprise networks, the company warns. Exploiting old local accounts with insecure passwords, attackers aim to breach corporate defenses through vulnerable VPN access points. Check Point emphasizes the critical need for secure authentication methods and urges customers to update their authentication mechanisms promptly or remove vulnerable accounts altogether to mitigate the risk of unauthorized access.
This ongoing campaign underscores the broader trend of cyber threats targeting VPN infrastructure, with Check Point being the latest in a string of companies to issue warnings about such attacks. Cisco, in a similar vein, issued a caution about widespread credential brute-forcing assaults targeting VPN and SSH services across various devices. These coordinated efforts, employing tactics like TOR exit nodes and anonymization tools, highlight the sophisticated nature of contemporary cyber threats and the importance of robust security measures.
Notably, Check Point’s advisory comes amidst a backdrop of escalating cyber-espionage activities globally, with state-backed hacking groups exploiting vulnerabilities in network infrastructure. The UAT4356 hacking group, also known as STORM-1849, has leveraged zero-day vulnerabilities in Cisco firewalls since November 2023, demonstrating the persistent threat posed by advanced adversaries. These developments underscore the critical need for organizations to remain vigilant, fortify their cybersecurity defenses, and promptly address any vulnerabilities to safeguard against potential breaches and espionage attempts.
In response to the escalating threat landscape, Check Point has released a Security Gateway hotfix to bolster defenses against unauthorized VPN access attempts. This hotfix blocks all local accounts from authenticating with passwords, enhancing the security posture of Check Point’s Remote Access VPN. Additionally, the company offers guidance to customers on strengthening their VPN security measures and responding effectively to potential intrusion attempts, providing crucial resources to bolster cyber resilience in the face of evolving threats.
