Attackers Target Check Point VPNs to Access Corporate Networks

Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place.

Nate Nelson, Contributing Writer, Dark Reading

May 30, 2024

2 Min Read
Security vulnerability
(Credit: Brain light / Alamy Stock Photo)

A vulnerability in Check Point virtual private network (VPN) products could potentially leak information to malicious actors.

In recent months, Check Point researchers have observed an increase in attackers using remote access VPNs as a golden ticket for initial network access. Multiple cybersecurity vendors' solutions have been compromised, according to a March 27 blog post, which prompted them to look into their own.

On May 28, they discovered an information disclosure vulnerability affecting its security gateways with remote or mobile access enabled. The issue has been labeled CVE-2024-24919.

Thus far, there have only been a handful of cases of attackers attempting to exploit CVE-2024-24919 in the wild. However, "while there have been only a few attempts globally, it's enough to recognize a trend and, more importantly, a straightforward [cause] to ensure it's unsuccessful," Check Point chief of staff Gil Messing told Dark Reading on Tuesday.

Check Point is urging all customers with mobile-enabled VPNs to install a newly released hotfix. Customers who only use VPNs site-to-site are also advised to install the fix.

Threats to Remote Access VPNs

Remote access VPNs are a bit different than the VPNs most people are used to. Where regular ones route an individual's Internet traffic through shared servers in order to conceal their Internet activity, remote access VPNs are used to provide specific individuals with secure access to specific networks. They're useful, for instance, in providing remote workers access to their employer's internal resources.

They're also useful for malicious purposes. Rather than having to, say, exploit a publicly facing server, or a zero-day vulnerability, a hacker could use a remote access VPN for clean, unfettered access to an organization's IT environment. From there, they could begin establishing persistence, probing for vulnerabilities, and much more. How, though, do they get access to that VPN connection in the first place?

Read the rest of this article on Dark Reading.

Related articles:

About the Author

Nate Nelson, Contributing Writer, Dark Reading

Nate Nelson, Contributing Writer, Dark Reading

Nate Nelson is a contributing writer at Dark Reading. Read all his articles here.

See more from Nate Nelson, Contributing Writer, Dark Reading
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events