SonicWall Internal Systems Breached Through Vulnerabilities in its Own Products
SonicWall has published an urgent security notice noting that it its "engineering teams continue their investigation into probable zero-day vulnerabilities with SMA 100 series products." SonicWall's internal systems were breached through zero-day vulnerabilities in its own remote access products.
This is a 0-Day exploit of the SonicWall SMA 100 series of appliances, not their NetExtender VPN as previously thought. Until a patch is released, make sure you have 2FA enabled on your SMA 100s; enable End Point Control to verify devices prior to connection; and consider using Geo-IP/botnet filtering to block access from countries you shouldn't see access from as well as limiting times accounts can login. While good mitigations, these actions need careful considerations when you have users who travel internationally, or work from multiple time zones.
Yet another incident that fits into the larger "supply chain" attack theme. This may be more severe than the SolarWinds issue as it may affect a lot more users. I hope SonicWall caught the attack quickly and were able to limit impact. At last year's SANS keynote panel at RSA, I talked about the issues with vulnerable perimeter devices. While companies are dissolving perimeters quickly, we still rely on VPNs and Firewalls and just assume (perhaps incorrectly) these devices to work.
Read more in
The Hacker News: Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
Infosecurity Magazine: SonicWall Probes Attack Using Zero-Days in Own Products
Bleeping Computer: SonicWall firewall maker hacked using zero-day in its VPN device
Gov Infosecurity: SonicWall Investigating Zero-Day Attacks Against Its Products