San Andreas Regional Center Sends Notices of a Data Breach to Beneficiaries
Published on August 26, 2021
SonicWall Releases Urgent Security Notice About Actively Targeted EOL Devices
Published on July 15, 2021
- SonicWall warns about ransomware actors targeting EOL SRA and SMA devices.
- The company advises all administrators to update to the latest available firmware version.
- Devices that are no longer supported and didn’t receive a fixing patch should be replaced by new ones.
SonicWall, the California-based network security and network appliance company, has released an urgent security notice to inform its customers about a newly arisen danger of using unpatched EOL (end of life) SRA (Secure Remote Access) and SMA (Secure Mobile Access) devices. According to the notice, SonicWall has been made aware of threat actors actively targeting these devices, so hackers are already at it. Unfortunately, ransomware actors using stolen credentials are also mentioned in the report, so patching these devices should be considered an emergency.
The affected products, legacy SRA and SMA devices, are those that run firmware 8.x, so updating to 9.x or 10.x should resolve the problem. If that’s impossible, disconnect the appliance immediately until a patching plan has been developed. Additionally, resetting all passwords and enabling MFA (multi-factor authentication) where possible should be a standard practice to follow.
The actively targeted products are the following:
- SRA 4600/1600 (EOL 2019)
- SRA 4200/1200 (EOL 2016)
- SSL-VPN 200/2000/400 (EOL 2013/2014)
- SMA 400/200/100 (Limited Retirement Status)
Obviously, since some of these devices have reached EOL over five years ago, there’s no available update to firmware 9.x for them, so the only solution would be to replace them with newer devices. SonicWall isn’t abandoning that special category of users, though, and will provide a complimentary virtual SMA 500v until October 31, 2021, which should give clients enough time for a smooth transition.
John Mancini, Data Scientist at Vectra, tells us:
Back in January, SonicWall had a security lapse as highly sophisticated actors managed to infiltrate its internal systems using zero-days against its products. Although the company released patches to prevent this from happening again, a series of subsequent hacking incidents that followed in the next months spread fear that ransomware actors had found a way to bypass the fixes. This latest notice could be a continuation of the same problem that started months ago.
