Ransomware attack targeting unpatched EOL SonicWall SMA 100 VPN appliance
Networking equipment maker SonicWall is alerting customers for an imminent ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The SonicWall giving the warning more than a month after reports the remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481). This vulnerability can be exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide.
According to SonicWall, the attacks target a known vulnerability patched in newer versions of firmware, and they do not impact SMA 1000 series products.
Impact of SRA:-
The impacts of a ransomware attack to your company could include the following: temporary, and possibly permanent, loss of your company’s data possibly a complete shutdown of your company’s operations. financial loss as a result of revenue generating operations being shut down.
Remote access solutions could leave you vulnerable. If you don’t have proper security solutions in place, remote connections could act as a gateway for cybercriminals to access your devices and data. Hackers could use remote desktop protocol (RDP) to remotely access.
Recommendations:-
Organizations using the SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances.
- SRA 4600/1600 (EOL 2019)
- Disconnect immediately
- Reset passwords
- SRA 4200/1200 (EOL 2016)
- Disconnect immediately
- Reset passwords
- SSL-VPN 200/2000/400 (EOL 2013/2014)
- Disconnect immediately
- Reset passwords
- SMA 400/200 (Still Supported, in Limited Retirement Mode)
- Update to 2.0.7-34 or 9.0.0.10 immediately
- Reset passwords
- Enable MFA
And those who are not using firmware 8.x they can will also update latest version of firmware to mitigate vulnerabilities discovered in early 2021
- SMA 210/410/500v (Actively Supported)
- Firmware x should immediately update to 9.0.0.10-28sv or later
- Firmware x should immediately update to 10.2.0.7-34sv or later