[BreachExchange] SonicWall: 'Imminent' Ransomware Attack Targets Older Products
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Thu Jul 15 11:05:46 EDT 2021
https://www.darkreading.com/attacks-breaches/sonicwall-imminent-ransomware-attack-targets-older-products/d/d-id/1341533?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
The attack exploits a known vulnerability that was fixed in new versions of
firmware released this year.
SonicWall is alerting users to an "imminent" ransomware attack targeting
Secure Mobile Access (SMA) 100 series and the older Secure Remote Access
(SRA) series running unpatched and end-of-life (EOL) 8.x firmware.
The campaign is using stolen credentials, the company reports, and the
exploitation targets a known vulnerability that has been patched in newer
versions of the firmware. Businesses using a range of EOL SMA and/or SRA
devices running firmware 8.x should update their firmware or disconnect
their devices, as per guidance SonicWall outlines in an advisory.
As an additional mitigation, SonicWall advises organizations using SMA or
SRA devices to reset all credentials associated with them, as well as for
any other devices and systems that use the same credentials.
"Organizations that fail to take appropriate actions to mitigate these
vulnerabilities on their SRA and SMA 100 series products are at imminent
risk of a targeted ransomware attack," SonicWall wrote in an alert.
Affected EOL devices with 8.x firmware are past temporary mitigations, the
company says, and continuing to use this firmware or EOL devices is "an
active security risk."
Customers using SMA 1000 series products are not affected by the attack,
and those with SRA and/or SMA 100 series running 9.x and 10.x firmware are
advised to continue following best practices such as updating to the newest
SMA firmware or SRA firmware, and enabling multifactor authentication.
Read SonicWall's full alert for more details.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210715/8bae5154/attachment.html>
More information about the BreachExchange
mailing list