Network equipment maker SonicWall is alerting customers to an “imminent” ransomware campaign targeting its Secure Mobile Access (SMA) 100 and Secure Remote Access (SRA) products running unpatched, end-of-life 8.x firmware.
The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances (CVE-2019-7481) are exploited as an initial access vector for ransomware attacks aimed at penetrating corporate networks around the world.
“SonicWall has been made aware of threats actively targeting the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched, end-of-life (EOL) 8.x firmware in an impending ransomware campaign using stolen credentials, “the company mentionned. “The exploitation targets a known vulnerability which has been addressed in newer firmware versions.”
The SMA 1000 series products are unaffected by the flaw, SonicWall noted, urging companies to take immediate action by updating their firmware when necessary, enabling multi-factor authentication, or disconnecting devices that have. exceeded end of life status and cannot be updated to firmware 9.x.
“Affected end-of-life devices with firmware 8.x have exceeded temporary mitigation measures. Continued use of that firmware or end-of-life devices is an active security risk,” the company warned. As an added mitigation, SonicWall also recommends that customers reset all passwords associated with the SMA or SRA device, as well as any other device or system that may use the same credentials.
Development too Brands the Fourth time SonicWall devices have become a lucrative attack vector, with threat actors exploiting previously undisclosed loopholes to remove malware and dig deeper into targeted networks, making it the latest issue the company has been facing. faced in recent months.
In April, FireEye Mandiant revealed that a hacking group identified as UNC2447 was using a zero-day flaw in SonicWall VPN appliances (CVE-2021-20016) before it was patched by the company to deploy a new strain. ransomware called FIVEHANDS. on the networks of North American and European entities.