Security

SonicWall Releases Urgent Security Notice About Actively Targeted EOL Devices

By Bill Toulas / July 15, 2021

SonicWall, the California-based network security and network appliance company, has released an urgent security notice to inform its customers about a newly arisen danger of using unpatched EOL (end of life) SRA (Secure Remote Access) and SMA (Secure Mobile Access) devices. According to the notice, SonicWall has been made aware of threat actors actively targeting these devices, so hackers are already at it. Unfortunately, ransomware actors using stolen credentials are also mentioned in the report, so patching these devices should be considered an emergency.

The affected products, legacy SRA and SMA devices, are those that run firmware 8.x, so updating to 9.x or 10.x should resolve the problem. If that’s impossible, disconnect the appliance immediately until a patching plan has been developed. Additionally, resetting all passwords and enabling MFA (multi-factor authentication) where possible should be a standard practice to follow.

The actively targeted products are the following:

Obviously, since some of these devices have reached EOL over five years ago, there’s no available update to firmware 9.x for them, so the only solution would be to replace them with newer devices. SonicWall isn’t abandoning that special category of users, though, and will provide a complimentary virtual SMA 500v until October 31, 2021, which should give clients enough time for a smooth transition.

John Mancini, Data Scientist at Vectra, tells us:

Teams are being asked to continue to use legacy solutions while deploying new infrastructure to support enterprise growth. Ransomware groups are aware of these challenges and identifying exploitable targets in unpatched or no-longer supported infrastructure that can be reused to orchestrate repeatable attacks. When an attacker group is able to identify one vulnerability that is reproducible and easy to exploit, they will look to leverage that exploit opportunistically everywhere they can.

Back in January, SonicWall had a security lapse as highly sophisticated actors managed to infiltrate its internal systems using zero-days against its products. Although the company released patches to prevent this from happening again, a series of subsequent hacking incidents that followed in the next months spread fear that ransomware actors had found a way to bypass the fixes. This latest notice could be a continuation of the same problem that started months ago.

More on Security

Add a Comment
Related Posts

Stockdale Radiology Is Circulating Notices About a Data Breach


April 7, 2020

San Andreas Regional Center Sends Notices of a Data Breach to Beneficiaries


August 26, 2021

Small-Scale But Dangerous Ransomware Attacks Target MySQL Servers


May 25, 2019

“ELEXON” Announced Security Incident but Crucial Services Remain Up


May 15, 2020

Vulnerable Fortigate VPN Servers Now Targeted by the ‘Cring’ Ransomware


April 8, 2021

Cisco Releases a PyLocky Ransomware Decryptor for Free


January 11, 2019

© TechNadu 2024. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari