Cybersecurity firm Check Point has warned that it has observed an increase in the targeting of remote-access VPN environments by threat actors. Over the past few months, there has been a noticeable rise in malicious groups leveraging VPNs from various cybersecurity vendors as entry points into enterprise networks.
The company said it detected a small number of login attempts using old VPN local-accounts relying on password-only authentication method.
“By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,” the company said, adding that it “assembled special teams of Incident Response, Research, Technical Services and Products professionals which thoroughly explored those and any other potential related attempts. Relying on these customers notifications and Check Point’s analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts.”
Check Point has advised customers not to rely on password-only authentication for remotely accessing their networks. To bolster the security of VPN setups, Check Point recommends that users audit local accounts, disable unused accounts, and enhance authentication methods.