A zero-day vulnerability that was being used to target Check Point’s Remote Access VPN equipment prompted the company to release an emergency patch.
All Check Point networks are connected with Remote Access VPNs through VPN clients, which were designed to attempt to compromise corporate networks.
The business shared tips on how administrators can safeguard their devices along with a warning on Monday of an increase in threats targeting VPN devices. It was then discovered that hackers were taking use of a zero-day vulnerability to cause the issue.
The corporation claimed at the time that it had seen several attempts that, upon analysis, revealed a consistent pattern.
The business stated in a blog post that “the vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled.”
The organization produced a remote access validation script that may be used to examine findings and take necessary action, as well as a FAQ website with further details on the vulnerability.
The second business to advise customers about potential assaults on VPN devices is Check Point. Widespread credential brute-forcing attacks that target VPN and SSH services on Cisco, Check Point, Sonic Wall, Fortinet, and Ubiquiti devices were also mentioned earlier by Cisco.
Attacks from TOR exit nodes, which are intended to anonymize user access to a network and enable private web browsing while boosting network security, are said to have launched the campaign around March 18. The attack effort was discovered to be circumventing blocks with a variety of anonymisation tools and proxies, according to a Bleeping Computer report.