The Hacker NewsTHN:81F8A577F12DD54CE019C36458B14B52Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Networking equipment maker SonicWall is alerting customers of an “imminent” ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide.
“SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials,” the company said. “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”
SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesses to take immediate action by either updating their firmware wherever applicable, turning on multi-factor authentication, or disconnecting the appliances that are past end-of-life status and cannot be updated to 9.x firmware.
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk,” the company cautioned. As additional mitigation, SonicWall is also recommending customers reset all passwords associated with the SMA or SRA device, as well as any other devices or systems that may be using the same credentials.
The development also marks the fourth time SonicWall devices have emerged as a lucrative attack vector, with threat actors exploiting previously undisclosed flaws to drop malware and dig deeper into the targeted networks, making it the latest issue the company has grappled with in recent months.
In April, FireEye Mandiant disclosed that a hacking group tracked as UNC2447 was using a then-zero-day flaw in SonicWall VPN appliances (CVE-2021-20016) prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS on the networks of North American and European entities.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P