SonicWall, another security company victim of a sophisticated attack
SonicWall, another security company victim of a sophisticated attack Security vendor SonicWall has announced that it has been the victim of a sophisticated cyber attack on its systems, just the latest in a worrying sequence against companies in the security sector. Security solution provider SonicWall is the latest victim of a sophisticated cyber attack, the company revealed the incident last Friday. According to SonicWall experts, the company’s systems were targeted by a coordinated attack, according to early revelations from an initial investigation, the attackers exploited zero-day vulnerabilities in their company’s VPN solutions, such as NetExtender. Client VPN version 10.x and Secure Mobile Access (SMA). A zero-day flaw is a vulnerability not publicly known at the time of the attack, a circumstance that provides the attacker with an important advantage and a high probability of success. In most cases investigated in the literature, attackers capable of exploiting zero-day vulnerabilities have high capabilities, often we are faced with advanced and persistent attackers, also known as APTs, who operate on behalf of governments. According to the site The Hacker News which first reported the news, SonicWall’s internal systems were not available since last Tuesday, also according to the popular cybersecurity portal, the attackers would have had access to the source code hosted on the company’s GitLab repository. . The latter claim, if confirmed, could have serious repercussions for customers as attackers could analyze the code to find flaws that allow them to bypass the company’s security measures installed at its customers. SonicWall immediately launched an investigation into the incident and announced that it will provide further updates as more information emerges from the investigation. Below is the list of impacted products: NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical devices and the SMA 500v virtual appliance. SonicWall has issued an urgent security alert for the presence of flaws in NetExtender VPN Client 10.X products, and SMA 100 products, and has also provided customers with a series of recommendations to protect themselves from attacks that exploit the very vulnerabilities it took. aims in recent attacks. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities found in certain secure remote access products. The products concerned are: NetExtender VPN client version 10.x (released in 2020) used to connect to SMA 100 series appliances and SonicWall firewalls Secure Mobile Access (SMA) version 10.x running on physical devices SMA 200, SMA 210, SMA 400, SMA 410 and the SMA 500v virtual appliance The NetExtender VPN client and SMA 100 series oriented to SMEs are used to provide employees / users with remote access to internal resources. The SMA 1000 series is not subject to this vulnerability and uses clients other than NetExtender. ” states the urgent safety notice published by the safety provider. FOR THE SMA 100 SERIES, the supplier recommends using a firewall to only allow SSL-VPN connections to the SMA appliance from known / whitelisted IPs or to configure access to the whitelist directly on the SMA itself. FOR FIREWALL WITH SSL-VPN ACCESS VIA NETEXTENDER VPN CLIENT, the security company recommends organizations using VERSION 10.X to disable NetExtender access to firewalls or restrict access to users and administrators via an authorization list / whitelist for their public IPs. SonicWall also recommends enabling multi-factor authentication on all SONICWALL SMA, Firewall and MYSONICWALL accounts. This incident could potentially have a significant impact on multiple organizations using the above products. The attack on SonicWall is only the latest incident to hit a cybersecurity provider. A few days ago, the anti-malware solutions company MalwareBytes revealed that it was hit by the same attackers who, by compromising the supply chain in SolarWinds software, infected companies around the world, including several US government agencies.
Ultimo aggiornamento il 25 Gennaio 2021 alle 11:39