The software company Check Point warns that hackers are targeting remote access VPN devices to gain access to the corporate network

The discovery comes shortly after At-Bay, a cyber insurance company, published a study that found that in 2023, 58% of ransomware attacks had remote access tools as penetration points

In an advisory published on 5/27, the software company explained that a cyber attack was discovered after "a small number" of login attempts were flagged These login attempts were aimed at older local VPN accounts that use insecure password-only authentication 

The company also said it had recently witnessed VPNs being compromised, including cybersecurity providers

Check Point said in its recommendations that hackers are targeting remote access tools to "find relevant corporate assets and users and seek vulnerabilities to gain the persistence of key corporate assets"

The company has released a solution that automatically prevents unauthorized access by local accounts with password-only authentication to customers' VPNs The solution aims to address these unauthorized login attempts and prevent them from occurring in the future

To improve their security, Check Point recommends that customers check their local accounts to see if they have them, whether they are used, and who is using them If the user has a local account that they are not using, Check Point says it is best to disable them 

Check Point also proposes adding another layer of authentication, such as certificates, to local accounts that customers use but are currently using password-only authentication Finally, they urged customers to deploy prevention solutions across their security gateways

Note that these vulnerabilities only apply to remote access VPNs and not to consumer products that are covered primarily on pages like tom's Guide