Articles Ransomware attacks SonicWall devices more and more

Ransomware attacks SonicWall devices more and more

-

Back in April this year, Mandiant noted that hackers are increasingly using SonicWall devices to infiltrate corporate networks and deploy ransomware. Now the CrowdStrike researchers have come to exactly the same conclusions .

Similar attacks began in 2019-2020 and typically affected enterprise-grade network equipment from Citrix, F5, Pulse Secure, Fortinet, and Palo Alto Networks. This is because corporate VPNs and network gateways have proven to be a convenient entry point into corporate networks for encryption operators.

However, the products of the manufacturers listed above were quickly updated, and attackers had to look for new vectors for their attacks. One of the suitable options turned out to be SonicWall devices, namely the vulnerability in SonicWall SRA VPN using the 2019 exploit ( CVE-2019-7481 ), as well as SonicWall SMA network gateways, where hackers exploit a bug fixed in February of this year ( CVE-2021- 20016 ).

According to Mandiant, the payloads in these attacks were usually ransomware, including HelloKitty, FiveHands, and DarkSide.

In turn, the Crowdstrike researchers write that they observed successful attacks using the 2019 bug even on devices with already patched firmware version 9.0.0.5. That is, the attackers seem to have found a way to bypass the patches released by SonicWall two years ago.

Experts reassure that SonicWall SRA VPN owners can use firmware versions 10.x that are compatible with older devices. These patches were released by SonicWall in February this year, after the CVE-2021-20016 vulnerability was used to attack the company itself.

CrowdStrike has once again urged companies to install patches in a timely manner, or at least use two-factor authentication on SonicWall systems. Researchers generally believe that the best protection option is to replace old SRA VPN equipment with new devices that are supported and receive patches on a more regular basis.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you