Hackers Breach Networks via Check Point VPNs

Checkpoint, a recognized name in the field of cybersecurity, has raised concern. They have identified and witnessed bad actors directing their focus towards Remote Access VPN devices. Such gadgets can be likened to hidden routes leading into corporate networks. They are specifically designed for use by employees as means to gain access to company resources from any location. And this is the cherry on top: hackers are employing old, abandoned accounts that solely require a password for access. The security arrangement seems quite careless, doesn’t it?

Now, Check Point is not simply watching. They are advising their clients to enhance security by moving away from weak password-only logins and incorporating a certificate. “Imagine it as similar to putting a deadbolt on your door,” I say, seeking to illustrate the extra security feature.

But wait, there’s more.

Check Point created a hot fix, it’s similar to a VPN superhero cape that stops any old account from getting in with just password.

And it’s not only Check Point who gets hit. Cisco had a similar experience. One month prior to the announcement from Check Point, Cisco was also dealing with a hacker problem of their own. They were fighting against brute-force attacks, which are when hackers attempt all possible passwords to gain access to VPN and SSH services.

These attacks are not merely sporadic. They come from various places, concealed under layers of anonymity such as TOR exit points that make them difficult to track. Cisco is not the only one getting hit; SonicWall, Fortinet, and Ubiquiti are also under fire.

Lastly, these hidden methods are applied by a team called UAT4356 or STORM-1849. They use such tactics for spying on government networks around the world.