Check Point has issued a crucial advisory urging organizations to bolster their VPN security in response to a surge in malicious activities targeting remote-access VPN environments.
The company has observed an uptick in attackers exploiting these systems to infiltrate enterprise networks, underscoring the importance of enhanced security measures.
Attacks on the rise
Over recent months, malicious groups have shown increased interest in using remote-access VPN environments as entry points into enterprises. These attackers aim to access critical enterprise assets and user data, searching for vulnerabilities to establish persistence within key systems. Check Point has noted several instances where VPN solutions, including those from various cybersecurity vendors, have been compromised.
By May 24, 2024, Check Point identified a number of unauthorized login attempts targeting old VPN local accounts that used password-only authentication. This method, while once standard, is now considered insecure due to the rise in sophisticated cyber threats.
In response to these threats, Check Point mobilized specialized teams from Incident Response, Research, Technical Services, and Product divisions to investigate and address unauthorized access attempts. Leveraging customer notifications and internal analysis, these teams identified several potential customers who experienced similar unauthorized access attempts within a 24-hour period.
Security recommendations
To mitigate these threats and enhance VPN security, Check Point's bulletin recommends the following steps:
- Assess if local accounts are present, determine their usage, and disable those that aren't used.
- For necessary local accounts that use password-only authentication, add an extra layer of security, such as certificates, to strengthen protection.
- Deploy Check Point's recently released solution on Security Gateways to automatically block unauthorized access attempts via local accounts using password-only authentication.
- Regularly monitor and configure settings to ensure optimal security of VPN environments.
- Identify and evaluate the usage of local accounts within your network. Disable any that are unnecessary.
- Implement multi-factor authentication for local accounts, moving beyond password-only methods.
- Utilize Check Point's latest security solution to prevent unauthorized access attempts.
- Regularly review and adjust VPN configurations to enhance security.
For detailed guidance and further assistance, customers are encouraged to contact Check Point's technical support or their local Check Point representative.
This latest advisory from Check Point comes on the heels of a similar warning issued by Cisco Talos in April 2024, highlighting a significant rise in brute-force attacks targeting VPNs, SSH services, and web application authentication interfaces.
The Cisco Talos report noted that these attacks primarily originate from TOR exit nodes and other anonymizing proxies, and targeted VPN services from prominent vendors such as Cisco Secure Firewall, Check Point, Fortinet, and SonicWall. Both advisories underscore the escalating threats against remote-access solutions and emphasize the urgent need for robust security measures to protect enterprise networks.
Post update 5/29: Check Point identified a vulnerability related to the malicious activity described above, tracked as CVE-2024-24919. More information on its impact and mitigation recommendations can be found in this security bulletin.
Tokyo Police Arrest Man for Creating Ransomware Using AI
Leave a Reply