SonicWall Warns Of ‘Imminent Ransomware Campaign’

BACKGROUND:

Yesterday, cybersecurity firm SonicWall sent an urgent warning to users of some of their legacy products about an ‘imminent ransomware campaign using stolen credentials’ and told some users to disconnect products immediately. 

Experts Comments

July 16, 2021
Jeff Costlow
CISO
ExtraHop

The SonicWall exploit came to light back in April, but now the unpatched firmware has created a new critical threat against legacy devices in what Sonicwall is calling an “imminent ransomware campaign.” In an exploit that could have been avoided, organizations need to immediately understand what software and devices might be affected and identify whether there are any vulnerable legacy devices in their environment. This can be remarkably challenging because many organizations struggle to

.....Read More

The SonicWall exploit came to light back in April, but now the unpatched firmware has created a new critical threat against legacy devices in what Sonicwall is calling an “imminent ransomware campaign.” In an exploit that could have been avoided, organizations need to immediately understand what software and devices might be affected and identify whether there are any vulnerable legacy devices in their environment. This can be remarkably challenging because many organizations struggle to maintain an up-to-date inventory of devices in their environment, let alone detect software types and versions that devices are running and which need to be addressed. 

In this case, the legacy SSL VPN devices which have been discontinued are still in operation with known vulnerabilities. These devices are easily found on the internet and cannot be patched because they are out of service. Most likely, they cannot be disabled by the business because they support a business-critical objective. Attackers are capitalizing on these facts. While according to ExtraHop threat research data, only .06% of devices are potentially impacted by this threat, it only takes one entry point for attackers to land and pivot within an organization. The faster an organization can identify the vulnerable devices, and whether they were compromised, the better the chances of avoiding irrecoverable damage. 

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.