Cybersecurity firm Check Point has announced that attackers are exploiting a zero-day vulnerability in its enterprise VPN products to infiltrate customers' corporate networks.
The company has not yet revealed who is responsible for the cyberattack or how many customers were affected by the intrusion, which was linked to a vulnerability that security researchers said was “extremely easy” to exploit.
Check Point said in a blog post this week that a vulnerability in its Quantum network security devices could allow remote attackers to obtain sensitive credentials from affected devices and gain access to a victim's entire network. Check Point said attackers began exploiting the bug around April 30. A zero-day bug is one that is exploited before a vendor has time to fix it.
The company urged customers to install a patch to fix the flaw.
Check Point has more than 100,000 customers, according to its website. A Check Point spokesman did not respond to a request for comment on how many customers were affected in the attack.
Check Point is the latest security company in recent months to disclose security vulnerabilities in its security products, technology designed to protect businesses from cyber attacks and digital intrusions.
These network security devices sit on the edge of a company's network and act as digital gatekeepers for user access, but they tend to contain security flaws and, in some cases, can easily circumvent security defenses and compromise customer networks.
Several other enterprise and security vendors, including Ivanti, ConnectWise, and Palo Alto Networks, have in recent months rushed to patch flaws in their enterprise-grade security products that were exploited by malicious actors to compromise customer networks and steal data. All of the bugs in question were high severity in nature because they were easy to exploit.
In the case of the Check Point vulnerability, security research firm WatchTower Labs said in its analysis that the bug would be “extremely easy” to exploit once it was discovered.
The bug, which watchTowr Labs described as a path traversal vulnerability, means that an attacker could remotely trick affected Check Point devices into returning files that should be protected and inaccessible, such as passwords to access the device's root-level operating system.
“This is much stronger than the vendor's recommendations suggest,” said Aliz Hammond, a researcher at watchTowr Labs.
The U.S. cybersecurity agency CISA said it had added the Check Point vulnerability to its public catalog of known exploited vulnerabilities. In a brief statement, the government cyber agency said the vulnerability in question is frequently exploited by malicious cyber actors and that these types of flaws pose “significant risks to federal agencies.”