Check Point Quantum Security Gateways Information Disclosure Attack
Watch Video
Check Point Quantum Security Gateways Information Disclosure Attack Video
Actively Targeted in the Wild
Attackers exploit a zero-day vulnerability affecting Check Point Security Gateways to gain remote access. The vulnerability can allow attackers to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades. Learn More »
Common Vulnerabilities and Exposures
Background
The vulnerability CVE-2024-24919 allows an unauthenticated remote attacker to read the contents of an arbitrary file located on the affected appliance, including disclosing the password hashes for local accounts. Weak passwords can be compromised, leading to further misuse and potential lateral movement within the network. Check Point mentioned in the advisory that the exploitation attempts were seen as early as April 7, 2024.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
FortiGuard recommends users to apply the emergency hotfix provided and follow instructions as mentioned on the vendor’s advisory. All the known IoCs involved in the campaign are blocked by Web Filtering and IOC service. FortiGuard Labs is continously monitoring the situation and as new information becomes available this report will be updated accordingly.
-
June 05, 2024: Check Point Quantum Security Gateways Attack sequence added to the Outbreak Alert
-
May 30, 2024: CISA added CVE-2024-24919 to its Known Exploited Catalog (KEV) list
https://www.cisa.gov/known-exploited-vulnerabilities-catalog -
May 30, 2024: FortiGuard Labs released IPS protection for CVE-2024-24919
https://www.fortiguard.com/encyclopedia/ips/55956 -
May 30, 2024: FortiGuard Labs released a Threat Signal
https://www.fortiguard.com/threat-signal-report/5464/ -
May 30, 2024: Check Point has released a hotfix for CVE-2024-24919 and extra measures that should be taken to mitigate the risks.
https://support.checkpoint.com/results/sk/sk182336 -
May 28, 2024: Check Point issued an advisory, warning that threat actors are actively targeting their Remote Access VPN devices in an ongoing campaign to infiltrate enterprise networks.
https://support.checkpoint.com/results/sk/sk182337
Attack Sequence
Actions taken by cyber attacker or a malicious entity to compromise a target system or network.
Attack Sequence
Attack Sequence Video
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
IPS
-
Web App Security
-
IoT/IIoT Virtual Patch
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Playbook
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
-
Attack Surface Monitoring (Inside & Outside)
Lure
Decoy VM
IPS Detects and blocks attack attempts leveraging the vulnerability
IoT/IIoT Virtual Patch
Outbreak Detection
Threat Hunting
Playbook
Automated Response Services that can automaticlly respond to this outbreak.
Assisted Response Services Experts to assist you with analysis, containment and response activities.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targeted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
IOC Indicator List
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.