The Download
Checkpoint, a vendor of firewalls and secure remote access, issued an advisory that they are observing attacks against Checkpoint VPNs using old local admin credentials and password guessing attacks. This advisory continues a prominent trend in remote hacking through VPNs. Fortinet, Palo Alto Networks, Cisco, and Ivanti all have had to address vulnerabilities in their VPN products that left gaping holes in their customers networks.
What You Can Do
Checkpoint has released a hotfix that disables local admin accounts from authenticating with password only. But you can also delete those accounts to prevent this particular attack. Remote VPNs are a quick and dirty way to get access onto targeted networks. Even in the absence of vulnerabilities, password spraying attacks have been successful in gaining access. You should scan for vulnerabilities to ensure your software is properly patched, but also enforce multi-factor authentication.
To Learn More: