Stratos Ally

Zero-Day Vulnerability Exploited in Check Point VPN Attacks Since April

Picture of StratosAlly

StratosAlly

Zero-Day Vulnerability Exploited in Check Point VPN Attacks Since April

In a significant discovery, Check Point has identified a string of cyberattacks exploiting a zero-day vulnerability in its VPN systems, which have been active since April 30. Initially, the cybersecurity firm observed unauthorized access attempts through outdated VPN accounts secured only by passwords. What was first thought to be simple brute force attacks turned out, upon deeper investigation, to involve a more dangerous threat: a zero-day vulnerability designated as CVE-2024-24919.

This vulnerability enables attackers to gather information on network security gateways connected via remote access VPN or mobile access. Specifically, it affects Check Point’s Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark products. The flaw allows malicious actors to enumerate and extract password hashes for all local accounts, posing significant risks.

Mnemonic, a threat intelligence firm, has observed these attacks in client environments. The exploit does not require user interaction or privileges, making it particularly dangerous. Attackers can extract password hashes from legacy local users with weak passwords, potentially gaining deeper access to enterprise networks.

Consider an office building with a high-tech security system. Initially, it was thought that intruders were merely trying to guess the door code. However, it was discovered that they had found a way to remotely access the security panel, revealing door codes for all rooms. This analogy mirrors how threat actors exploited CVE-2024-24919 to infiltrate networks and navigate laterally, potentially causing extensive harm.

Check Point’s hotfix addressed the immediate threat by disabling password-only logins, but the firm continues to analyze the full implications. This incident clearly demonstrates that companies must invest in advanced, multi-factor authentication mechanisms and apply stringent security measures to protect against constantly evolving cyber threats.

more Related articles