Cybersecurity agency Test Level has urged prospects to assessment their VPN configurations to forestall potential exploitation by risk actors searching for preliminary entry to enterprise networks.
Writing in a safety advisory on Monday, the corporate reported that VPNs from numerous cybersecurity distributors have been more and more focused.
Specifically, Test Level has noticed makes an attempt to breach its prospects’ VPNs, figuring out a small variety of login makes an attempt on Could 24 2024, utilizing outdated VPN native accounts with password-only authentication. These assaults didn’t exploit a software program vulnerability however as an alternative leveraged weaker authentication strategies.
Test Level reportedly responded by mobilizing specialised groups to analyze these incidents.
“In gentle of those occasions, we have now been monitoring makes an attempt to achieve unauthorized entry to VPNs of Test Level’s prospects,” the corporate wrote. “Counting on these buyer notifications and Test Level’s evaluation, the groups discovered inside 24 hours a number of potential prospects who had been topic to comparable makes an attempt.”
The advisory additionally highlighted the inadequacy of password-only authentication for securing distant entry to sure kinds of networks.
“Password-only authentication is taken into account an unfavorable methodology to make sure the best ranges of safety, and we advocate to not depend on this when logging-in to community infrastructure,” reads the advisory.
To defend in opposition to comparable assaults, Test Level really useful that organizations reassess their use of native accounts, advising them to disable pointless accounts. For important accounts, they recommend enhancing safety by including one other layer of authentication, reminiscent of certificates, to complement passwords.
To help their prospects, Test Level has additionally launched an answer designed to routinely stop unauthorized entry through native accounts utilizing password-only authentication. This resolution may be deployed on safety gateways to strengthen defenses in opposition to all these assaults.
“This may routinely stop unauthorized entry to your VPNs by native accounts with a password-only authentication methodology,” the corporate defined.
Learn extra on multi-factor authentication: Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Marketing campaign
