SonicWall, the California-based network security and network appliance company, has released an urgent security notice to inform its customers about a newly arisen danger of using unpatched EOL (end of life) SRA (Secure Remote Access) and SMA (Secure Mobile Access) devices. According to the notice, SonicWall has been made aware of threat actors actively targeting these devices, so hackers are already at it. Unfortunately, ransomware actors using stolen credentials are also mentioned in the report, so patching these devices should be considered an emergency.
The affected products, legacy SRA and SMA devices, are those that run firmware 8.x, so updating to 9.x or 10.x should resolve the problem. If that’s impossible, disconnect the appliance immediately until a patching plan has been developed. Additionally, resetting all passwords and enabling MFA (multi-factor authentication) where possible should be a standard practice to follow.
The actively targeted products are the following:
Obviously, since some of these devices have reached EOL over five years ago, there’s no available update to firmware 9.x for them, so the only solution would be to replace them with newer devices. SonicWall isn’t abandoning that special category of users, though, and will provide a complimentary virtual SMA 500v until October 31, 2021, which should give clients enough time for a smooth transition.
John Mancini, Data Scientist at Vectra, tells us:
Back in January, SonicWall had a security lapse as highly sophisticated actors managed to infiltrate its internal systems using zero-days against its products. Although the company released patches to prevent this from happening again, a series of subsequent hacking incidents that followed in the next months spread fear that ransomware actors had found a way to bypass the fixes. This latest notice could be a continuation of the same problem that started months ago.