Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Check Point confirms VPN services targeted by hackers

A padlock resting on a keyboard.

Hackers are trying to wiggle their way into corporate networks through poorly protected Check Point Remote Access VPN devices, the company has confirmed in a security advisory.

Check Point Remote Access VPN software allows for secure remote access to corporate networks. Employees and authorized users can connect to their organization's network securely over the internet, accessing internal resources, applications, and data, from different devices such as smartphones or laptops, in the same way as if they were physically within the corporate network. 

All Check Point network firewalls come with Remote Access, which can be configured as a client-to-site VPN, or set up as an SSL VPN Portal.

Understanding the trend 

Now, hackers are going after old accounts that are only protected with passwords, to try and get easy access. While, luckily, there haven’t been too many attempts so far, they do represent a trend that needs to be cut short, the researchers said. Also luckily, the remedy is quite simple to implement. 

"We have recently witnessed compromised VPN solutions, including various cyber security vendors," the company's security advisory noted. "In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method."

"We've seen 3 such attempts, and later when we further analyzed it with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So - a few attempts globally all in all but enough to understand a trend and especially- a quite straightforward way to ensure it’s unsuccessful," a Check Point spokesperson told BleepingComputer.

Organizations looking to remain secure should check for vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades. T

hey should also change user authentication methods to something more secure, or alternatively - delete vulnerable local accounts from the Security Management Server database.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.