The software company Check Point warns that hackers are targeting remote access VPN devices to gain access to the corporate network.

The discovery comes shortly after At-Bay, a cyber insurance company, published a study that found that in 2023, 58% of ransomware attacks had remote access tools as penetration points.

In an advisory published on 5/27, the software company explained that a cyber attack was discovered after "a small number" of login attempts were flagged. These login attempts were aimed at older local VPN accounts that use insecure password-only authentication. 

The company also said it had recently witnessed VPNs being compromised, including cybersecurity providers.

Check Point said in its recommendations that hackers are targeting remote access tools to "find relevant corporate assets and users and seek vulnerabilities to gain the persistence of key corporate assets."

The company has released a solution that automatically prevents unauthorized access by local accounts with password-only authentication to customers' VPNs. The solution aims to address these unauthorized login attempts and prevent them from occurring in the future.

To improve their security, Check Point recommends that customers check their local accounts to see if they have them, whether they are used, and who is using them. If the user has a local account that they are not using, Check Point says it is best to disable them. 

Check Point also proposes adding another layer of authentication, such as certificates, to local accounts that customers use but are currently using password-only authentication. Finally, they urged customers to deploy prevention solutions across their security gateways.

Note that these vulnerabilities only apply to remote access VPNs and not to consumer products that are covered primarily on pages like tom's Guide.