SonicWall Releases Urgent Security Notice About Actively Targeted EOL Devices

  • SonicWall warns about ransomware actors targeting EOL SRA and SMA devices.
  • The company advises all administrators to update to the latest available firmware version.
  • Devices that are no longer supported and didn’t receive a fixing patch should be replaced by new ones.

SonicWall, the California-based network security and network appliance company, has released an urgent security notice to inform its customers about a newly arisen danger of using unpatched EOL (end of life) SRA (Secure Remote Access) and SMA (Secure Mobile Access) devices. According to the notice, SonicWall has been made aware of threat actors actively targeting these devices, so hackers are already at it. Unfortunately, ransomware actors using stolen credentials are also mentioned in the report, so patching these devices should be considered an emergency.

The affected products, legacy SRA and SMA devices, are those that run firmware 8.x, so updating to 9.x or 10.x should resolve the problem. If that’s impossible, disconnect the appliance immediately until a patching plan has been developed. Additionally, resetting all passwords and enabling MFA (multi-factor authentication) where possible should be a standard practice to follow.

The actively targeted products are the following:

  • SRA 4600/1600 (EOL 2019)
  • SRA 4200/1200 (EOL 2016)
  • SSL-VPN 200/2000/400 (EOL 2013/2014)
  • SMA 400/200/100 (Limited Retirement Status)

Obviously, since some of these devices have reached EOL over five years ago, there’s no available update to firmware 9.x for them, so the only solution would be to replace them with newer devices. SonicWall isn’t abandoning that special category of users, though, and will provide a complimentary virtual SMA 500v until October 31, 2021, which should give clients enough time for a smooth transition.

John Mancini, Data Scientist at Vectra, tells us:

Teams are being asked to continue to use legacy solutions while deploying new infrastructure to support enterprise growth. Ransomware groups are aware of these challenges and identifying exploitable targets in unpatched or no-longer supported infrastructure that can be reused to orchestrate repeatable attacks. When an attacker group is able to identify one vulnerability that is reproducible and easy to exploit, they will look to leverage that exploit opportunistically everywhere they can.

Back in January, SonicWall had a security lapse as highly sophisticated actors managed to infiltrate its internal systems using zero-days against its products. Although the company released patches to prevent this from happening again, a series of subsequent hacking incidents that followed in the next months spread fear that ransomware actors had found a way to bypass the fixes. This latest notice could be a continuation of the same problem that started months ago.

Latest
How to Watch Shetland Season 7 Online From Anywhere
Shetland is back to answer all of the questions that left us hanging at the end of the last series, and you...
Real Madrid Vs Eintracht Frankfurt Live Stream: How to Watch UEFA Super Cup Final Online From Anywhere
The new soccer season is upon us, which means it is time for the UEFA Super Cup Final. Played between the previous...
How to Watch I Am Groot Online On Disney Plus
Marvel's I Am Groot is almost here, which means Marvel fans need to add one more show to their watchlist this summer. We...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]