It has been reported that security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials” that are exploiting security holes in current models and those running legacy firmware. Targeted are the company’s Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) secure VPN appliances with both unpatched and end-of-life (EoL) 8.x firmware. In a Thursday security notice, the company reported that researchers at Mandiant identified “threat actors actively targeting” three SMA 100 models and nine older SRA-series secure VPN products no longer supported by SonicWall.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Andy Norton
Andy Norton , European Cyber Risk Officer
InfoSec Expert
July 16, 2021 4:02 pm

<p>The immediate requirement for SonicWall customers is now to profile their asset estate for SMA and SRA 100 devices and to take appropriate isolation action until the patch can be applied or the devices can be retired from service. The Cybersecurity Infrastructure Agency, CISA, under the new \"StopRansomware\" campaign has just announced guidance to stop two bad practises that aid the spread of ransomware. The first of which highlights that the use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies. This SonicWall announcement ticks the CISA box for 75% of the models that are under attack.</p>

Last edited 11 months ago by Andy Norton
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x