Cybersecurity firm Check Point says attackers are exploiting zero-day vulnerabilities in corporate VPN products to break into its customers' corporate networks.
The technology manufacturer has not yet revealed who was responsible for the cyberattack or how many of its customers are affected by intrusions related to this vulnerability. Security researchers say this vulnerability is “very easy” to exploit.
In a blog post this week, Check Point said a vulnerability in the Quantum network security device could allow a remote attacker to obtain sensitive credentials from an affected device, which could give the attacker access to the victim's wider network. Check Point said attackers began exploiting the bug around April 30. A zero-day bug is when the vendor does not have time to fix the bug before it is exploited.
The company urged customers to install a patch to fix the flaw.
According to its website, Check Point has over 100,000 customers. A Check Point spokesperson did not respond to a request for comment asking how many customers were affected by the attack.
Check Point is the latest security company in recent months to disclose security vulnerabilities in its security products, technology designed to protect companies from cyberattacks and digital intrusions.
These network security devices sit at the edge of a company's network and act as digital gatekeepers that allow users in and out, but in some cases they tend to contain security flaws that can easily bypass security defenses and compromise customer networks. .
Several other companies and security vendors, including Ivanti, ConnectWise and Palo Alto Networks, have rushed in recent months to fix flaws in their enterprise-grade security products that malicious attackers have exploited to compromise customer networks and steal data. All of the bugs in question are inherently high severity, because they are very easy to exploit.
In the case of Check Point's vulnerability, security research firm watchTowr Labs said in its analysis of the vulnerability that the bug was “very easy” to exploit once discovered.
The bug, described by watchTowr Labs as a path traversal vulnerability, means an attacker could remotely trick an affected Check Point device into returning files that should be protected and unrestricted, such as passwords for root access. The device's operating system level.
“This is much more powerful than the vendor recommendations imply,” said Aliz Hammond, a researcher at watchTowr Labs.
The U.S. cybersecurity agency CISA said it had added the Checkpoint vulnerability to its public catalog of known exploit vulnerabilities. The government cyber agency said in a brief statement that the vulnerabilities in question are frequently used by malicious cyber actors and that these kinds of flaws pose a “serious risk to federal enterprises.”
