In a startling revelation, software company Check Point has raised alarms over hackers targeting Remote Access VPN devices to infiltrate enterprise networks. This discovery aligns with recent findings by cyber insurance firm At-Bay, which reported that 58% of ransomware attacks in 2023 originated from compromised remote access tools.
Check Point’s advisory, published on May 27, was prompted by suspicious login attempts on old VPN accounts using weak password-only authentication. These attacks aim to exploit remote access tools to uncover enterprise assets and user vulnerabilities, allowing hackers to establish persistent access to critical systems.
To counteract this threat, Check Point has introduced a solution that blocks unauthorized access attempts by disabling insecure local accounts on its customers’ VPNs. Additionally, the company advises enterprises to review and deactivate unused local accounts and to enhance security by implementing multi-factor authentication (MFA) for active accounts.
For instance, imagine a company’s VPN as a heavily guarded gate to a city. If some old keys (passwords) are weak or unused, they become easy targets for thieves (hackers). Check Point’s solution is like adding a high-tech lock that rejects old keys while also suggesting that the city (enterprise) checks and updates its security measures (local accounts and MFA).
Following these recommendations and implementing Check Point’s preventive solutions, enterprises can safeguard their systems from sophisticated hackers who are trying to invade their networks and systems.
