SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Check Point VPNs Targeted to Hack Enterprise Networks

Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks. 

Cybersecurity firm Check Point is advising customers to review their VPN configurations to ensure that they cannot be abused by threat actors for initial access to enterprise networks.

Check Point says it has seen VPNs from various cybersecurity vendors being targeted by threat actors. 

The company has been monitoring attempts to gain access to customers’ VPNs and identified “a small number of login attempts” that leveraged old VPN local accounts with password-only authentication. The attacks do not appear to involve the exploitation of a software vulnerability.

“We have assembled special teams of Incident Response, Research, Technical Services and Products professionals which thoroughly explored those and any other potential related attempts,” the company said in an alert on Monday.

“Relying on these customer notifications and Check Point’s analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts,” it added. 

Check Point has instructed customers not to rely on password-only authentication for remotely accessing their networks. 

Advertisement. Scroll to continue reading.

The vendor has advised organizations to review the use of local accounts and disable them if not needed. If they are needed, authentication should be made more secure, for instance, by adding an additional layer of authentication on top of passwords, such as certificates. 

Check Point VPN users should deploy the product on security gateways to prevent unauthorized access through password-only authentication.

The company has provided a script that enables users to easily discover local accounts with password-only authentication, as well as a hotfix to block local accounts from authenticating with only a password.

Check Point has also provided general recommendations for improving an organization’s VPN security posture, and outlined instructions for investigating suspicious activity. 

Related: New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System

Related: Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Related: Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

Stephen Garcia has been named Chief Information Security Officer at BreachRx.

Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.

Chaim Mazal has been named Chief Information Security Officer at GitLab.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.