Cybersecurity firm Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to infiltrate its customers’ corporate networks.
The tech maker has yet to say who is responsible for the cyberattacks or how many of its customers are affected by hacks linked to the vulnerability, which security researchers say is “extremely easy” to exploit.
In a blog post this week, Check Point said the vulnerability in Quantum network security devices allows a remote attacker to obtain sensitive credentials from an affected device, which can give attackers access to the victim’s wider network. Check Point said attackers began exploiting the flaw around April 30. A zero-day bug is when a vendor does not have time to fix the bug before it is exploited.
The company urged customers to install patches to repair the defect.
Check Point has more than 100,000 customers, according to its website. A Check Point representative did not return a request for comment asking how many of its customers are affected by the exploit.
Check Point is the latest security company in recent months to disclose a security vulnerability in its security products, the very technologies designed to protect companies from cyberattacks and digital intrusions.
These network security devices sit at the edge of a company’s network and serve as digital gatekeepers for which users are allowed in, but they tend to contain security flaws that in some cases can easily bypass their security defenses and lead to compromise of the client’s network.
Several other business and security vendors, including Ivanti, ConnectWise and Palo Alto Networks, have rushed in recent months to fix flaws in their enterprise-grade security products that malicious attackers have exploited to undermine customer networks to steal data. All of these bugs are high severity in nature, largely due to how easy they were to exploit.
In the case of the Check Point vulnerability, security research firm watchTowr Labs reported on it vulnerability analysis that the bug was “extremely easy” to exploit once it was discovered.
The flaw, which watchTowr Labs described as a path vulnerability, means it’s possible for an attacker to remotely trick an affected Check Point device into returning files that should be protected and off-limits, such as passwords to access root- operating system level of the device.
“This is much more powerful than the vendor advice seems to imply,” said WatchTowr Labs researcher Aliz Hammond.
The US cybersecurity agency CISA has announced that it has added the Check Point vulnerability to its public list of known exploit vulnerabilities. In brief remarks, the government cyber agency said the vulnerability in question is frequently exploited by malicious cyber actors and that these types of flaws pose “significant risks to federal business.”
