May 28, 2024 at 05:33AM
Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and hotfix for detection and prevention.
Based on the meeting notes:
– Check Point is advising customers to review their VPN configurations to prevent abuse by threat actors for initial access to enterprise networks.
– They have seen VPNs from various cybersecurity vendors being targeted and have identified login attempts leveraging old VPN local accounts with password-only authentication.
– Check Point has assembled special teams to thoroughly explore potential threats and have advised organizations not to rely on password-only authentication for remote network access.
– They have instructed organizations to review the use of local accounts and either disable them if not needed or make authentication more secure for needed accounts.
– Check Point VPN users are advised to deploy the product on security gateways to prevent unauthorized access through password-only authentication.
– Check Point has provided a script and hotfix to discover and block local accounts with password-only authentication, as well as general recommendations for improving VPN security posture and instructions for investigating suspicious activity.
Let me know if you need any further details or have any other requests.