Check Point: Security vulnerability was not only exploited at CDU

The zero-day gap that was used to attack the CDU's IT infrastructure has not yet been plugged for many users. In addition to the CDU's IT, other users were successfully attacked. The number of potential victims of the vulnerability is considerable. "According to current knowledge of the BSI and the BfV, up to 1800 IT systems across all industries and sectors in Germany that use network security products from the provider Check Point were vulnerable to a serious vulnerability", explained the Federal Office for Information Security (BSI) at the request of heise online. The gap was actively exploited: "Among other things, it was possible to read out access data and gain access to affected devices and networks via VPN."

The BSI is once again urging all users of Check Point products to check whether their systems are up-to-date and whether third parties have gained access to them recently. Although Check Point Security will be providing patches for the security gateways from the end of May. Both BSI and Check Point assume that some users have not yet taken sufficient measures, even several days after the vulnerability became known.

Users who do not use two-factor authentication on Check Point's security gateway products, but rely solely on a password/user combination, remain ($LB4602182:potential victims)$ without patches or changes to their security setup. According to security researchers, the number of observed attacks on the now known vulnerability increased massively after the vulnerability became known.

KRITIS operators also successfully attacked

In addition to the CDU, operators of critical infrastructure in the transportation and healthcare sectors are also said to have been successfully attacked, according to security circles. The IT security products from Israeli manufacturer Check Point are used by many companies for external access; these include operators of critical infrastructure, but also public bodies such as authorities and research institutes. In Germany, users include the Federal Maritime and Hydrographic Agency (BSH), the Hanover public transport operator ÜSTRA and the district government of Lower Franconia in Bavaria.

A security expert quoted by Mitteldeutscher Rundfunk (MDR) also found 85 vulnerable systems in Germany on his initiative, and special search engines show the widespread use. According to a spokesperson, Check Point itself assumes that more than half of all users known to the company have applied the available patches, either by auto-update or manually.

Ministry of the Interior sees "very professional actor" behind attack on CDU

In the case of the specific attack on the CDU, the originator has still not been narrowed down. The official attribution of the perpetrators of comparable attacks has dragged on for years in some cases. Nevertheless, the Federal Ministry of the Interior expects professionals to be at work: "However, the nature of the approach indicates a very professional actor," explained a spokeswoman for the ministry at the request of heise online.

The CDU itself is still struggling to become operational. For example, according to media reports, the central membership database has been taken offline as a precautionary measure. This means that party branches such as state and district associations no longer have access to it, as confirmed by heise online from party circles. In addition, the finance department of the party headquarters under treasurer Julia Klöckner is currently not fully operational, Bild reported.

(anw)