Attackers Are Probing Check Point Remote Access VPN Devices
-
Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets and users, and gain persistence in enterprise environments. In mid-April 2024, Cisco Talos warned about a global increase in brute-force attacks against VPN services, web application authentication interfaces and SSH services. The devices targeted in these attacks were those by Cisco, Check Point, Fortinet and Sonicwall (VPNs), as well as by MiktroTik, Draytek, and Ubiquiti. The attempts were coming from IP addresses associated with proxy services, and were trying out combinations of most likely usernames and common passwords, such as “Passw0rd”, “qwerty”, “test123”, etc. Check Point now says that they have also recently witnessed compromised VPN solutions, including those by various cyber security vendors.
ที่มาแหล่งข่าว
https://www.helpnetsecurity.com/2024/05/28/attackers-target-check-point-vpn/
