SonicWall Warns of Active Attacks Against VPN Appliances
SonicWall has issued an urgent security notice warning of active attacks “targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware.”
These vulnerabilities have been known for months, and have been exploited for months. You will need to decommission these devices or if possible upgrade them to a 9.x or 10.x firmware. Upgrades will likely require a valid subscription. Remember that many security devices will work only if you continue to pay subscription fees.
Attackers will always focus their efforts on our blind spots. As endpoint protection has evolved dramatically in recent years to provide greater visibility to the desktop, we’ve seen an increase in attacks against security appliances, such as firewalls and VPN concentrators, where endpoint security products can’t be installed. This attack is focused on an SMB product line, but enterprise products from Cisco, Juniper, F5, Palo Alto Networks, and Citrix have had similar issues within the last year. Earlier this week, Microsoft reported attacks against SolarWinds Serv-U product being launched from compromised home routers. So, this serves as a great reminder that “appliances” should be included your regular patch and vulnerability management program, and organizations should consider the risk and impact if an employee’s home routers is compromised, as well.
VPNs are still the predominant remote access to the corporate network and remain a critical boundary protection device. As such, you need to keep them secured, patched and current. While implementing MFA, verifying the security and patching them with nominal disruption is tricky enough; you need to add lifecycle replacement to your list. That means you’re going to have to identify and implement the replacement early enough to have the users cut over before the old solution goes out of support. Then you need to retire the old one, as in dispose of it, to avoid the temptation to fall back to an unsupported, no longer secure solution.
Read more in
Bleeping Computer: SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances