In recent developments, an alleged cyberattack targeting the renowned Israeli cybersecurity firm Check Point has gained substantial attention. The hacker, identified as “CoreInjection,” has taken to BreachForums to announce possession of “highly sensitive” data purportedly stolen from Check Point. The stolen data, which supposedly includes internal network maps, user credentials, and proprietary source code, is being offered for a hefty ransom of five Bitcoins, roughly equivalent to $413,000. However, this claim has not been left uncontested, as Check Point’s spokesperson, Gil Messing, has downplayed the severity of the situation, describing it as an “old, known, and very pinpointed event” that affects only specific organizations. This statement aims to reassure the public that the event does not impact Check Point’s customers’ systems or its security architecture.
Details of the Alleged Cyberattack
The alarming claims made by CoreInjection suggest a significant breach within Check Point’s internal systems. According to the hacker’s post on BreachForums, the captured data contains critical elements of Check Point’s proprietary information, which could be invaluable to malicious entities. Screen captures that CoreInjection shared appear to depict data from Check Point’s cloud-based Infinity Portal. While these images were intended to bolster the hacker’s claims, Messing has dismissed them as misleading. He clarified that the screen captures might show a list of customer names and product logos, but they do not compromise any critical security details.
The timing of this cyberattack claim has also raised questions, as it follows a leadership change at Check Point, with Nadav Zafrir taking over as CEO from the company’s co-founder Gil Shwed just a few months ago. Check Point had recently acquired Cyberint Technologies, a company specializing in combating threats such as stolen credentials and social media impersonation. Cyberint’s CEO Yochai Corem noted that over 90% of organizations face threats related to stolen credentials and social media impersonation, underscoring the pertinence of this acquisition.
Response to the Cyberattack Claim
In the wake of the hacker’s claims, there has been a mixed response from the cybersecurity community and BreachForums users alike. While some users on BreachForums have requested more concrete proof from CoreInjection, suspecting the claims might be overstated, others have shown caution. Gil Messing from Check Point has sought to mitigate these concerns by emphasizing that a thorough investigation had already been conducted months earlier. He assured that this investigation revealed no risks to customers or employees, suggesting that the current claims are merely a reiteration of a past, well-contained incident.
Nonetheless, not everyone is convinced by Check Point’s reassurances. Along Gal, co-founder of the cybercrime monitoring firm Hudson Rock, has lent significant weight to the validity of CoreInjection’s claims. His support introduces an element of doubt about the total veracity of Check Point’s assertions. This stance creates a division within the community as experts and stakeholders attempt to gauge the real extent and impact of the supposed breach.
Implications and Future Considerations
CoreInjection’s alarming claims suggest a major breach in Check Point’s internal systems. According to their post on BreachForums, the data captured includes key parts of Check Point’s proprietary information, potentially invaluable to malicious groups. The hacker shared screen captures of data from Check Point’s cloud-based Infinity Portal to support their claims. However, Messing dismissed these images as misleading, clarifying they might show customer names and product logos but do not reveal any critical security details.
The timing of this cyberattack claim is notable, coming after a leadership change at Check Point, with Nadav Zafrir recently taking over as CEO from co-founder Gil Shwed. Recently, Check Point acquired Cyberint Technologies, a company focused on combating threats like stolen credentials and social media impersonation. Cyberint’s CEO, Yochai Corem, pointed out that over 90% of organizations face threats related to stolen credentials and social media impersonation, highlighting the significance of this acquisition.