Just because the infamous REvil ransomware gang suddenly disappeared this week does not mean it's time to relax on the cybersecurity front.
SonicWall has just issued an urgent security notice detailing "critical risk" to some unpatched vulnerabilities on a couple of its products.
Here is the company's description of the current vulnerability:
"Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials.
The exploitation targets a known vulnerability that has been patched in newer versions of firmware."
The company notes that its SMA 1000 series products are not affected and that customers with SRA and/or SMA 100 series with 9.x and 10.x firmware should continue to follow best security practices.
Mitigation techniques for SonicWall vulnerability
SonicWall warns that organizations who fail to take appropriate action are "at imminent risk of a targeted ransomware attack."
Here are SonicWall's recommended mitigations:
The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk.
To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we're providing a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained.
- This unlimited user SMA 500v will be pre-registered for customers with 8.X firmware whose devices do not support Firmware 9.x or 10.x. The SMA 500v will show up in the mysonicwall.com account under the name 'SMA_SRA8X_Migration_500v'
- This SMA500v will come without phone support. Therefore, please refer questions to the SonicWall communities thread found on the SonicWall Community SMA Thread
- For guidance, please reference the following deployment guides:
SonicWall also says that customers should reset all credentials associated with an SMA or SRA device and other devices using the same credentials.
Security experts weigh in on SonicWall ransomware threat
This current situation with SonicWall has sparked some discussion among security professionals on how easy something like this can happen, and why the threat is so very real.
Alec Alvarado, Threat Intelligence Team Lead at Digital Shadows, said this regarding the situation:
"This example highlights how ransomware actors continue to identify the path of least resistance. The targeting of end-of-life (EoL) products is a proven and effective technique for extortion actors.
Examples include the targeting of Accellion's FTA, which was on its way out at the point of exploitation but resulted in a significant fallout after the Cl0p ransomware group obtained data belonging to Accellion's customers through a vulnerability.
Furthermore, the targeting of EoL products serves as a reminder of the importance of maintaining accountability of technologies both old and new.
Threat actors are not interested in reinventing the wheel through an elaborate vulnerability, and why would they be when they can accomplish their goals through easier means."
AJ King, CISO at BreachQuest, shared his thoughts:
"These events continue to highlight the need for lifecycle management, patch management, and privileged access management.
None of these processes are sexy. They're monotonous, never ending tasks that are fundamental to a security program. They take spend on technology, on people and vendors to implement and maintain, and are not quick fixes.
Companies that have the foresight to spend wisely versus on the next gen, AI driven, machine learning capable blinky box are the ones that will weather the storm. Firms that are too cheap or arrogant will find themselves paying a ransom, and then still having to spend the money to fix that which they ignored in the first place."
For more detailed and technical information, read SonicWall's urgent security notice.
