Ransomware Campaign Poses a Threat to EOL 8.x Firmware: SonicWall Security Notification Released
New SonicWall Security Notification Points Out to a Ransomware Risk that Targets Secure Mobile Access (SMA) 100 Series and Secure Remote Access (SRA) Devices.
Ransomware risk is at every corner. Now a new SonicWall security notification announced on the company’s website informs users about an imminent threat of ransomware risk. This targets the Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices. These products are unpatched and run the EOL (end-of-life) 8.x firmware. What’s the goal? Credential theft.
SonicWall Security Notification Points Out to EOL SMA 100 and SRA
Secure Mobile Access 100 (SMA) is basically an end-to-end solution that makes the access to company resources found on cloud or hybrid-data centers more secure, letting users work from wherever they want while being secured.
Through Secure Remote Access, users can remotely have access to network resources that are restricted.
What Is the Reason for the SonicWall Security Notification?
A vulnerability that can be found at the End of Life (EOL) 8.x firmware that runs on Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices, classified now as CVE-2019-7481 is responsible for the new ransomware risk exposed by the SonicWall security notification. Crowdstrike also reported this vulnerability in June, when CVE-2019-7481 affected Secure Remote Access (SRA) 4600 devices.
The goal of the ransomware campaign is to steal user’s credentials and encrypt data.
The good news is that this campaign does not have an impact on SMA 1000 series products.
What Advises the SonicWall Security Notification Companies to Do?
Companies that use these types of devices should take immediate action. SonicWall posted some mitigation measures depending on the SRA and SMA versions.
Thus, for SRA 4600/1600 (EOL 2019), SRA 4200/1200 (EOL 2016) and SSL-VPN 200/2000/400 (EOL 2013/2014) enterprises should perform password reset and urgent disconnection.
For SSL-VPN 200/2000/400 (EOL 2013/2014) enterprises are required to enable MFA, perform the password reset, and update as soon as possible to 10.2.0.7-34 or 126.96.36.199.
Thus, the popular and more effective indicated mitigation measures are: making sure you have your product up-to-date and also reset credentials that are related to SRA and SMA appliances.
In a declaration to Bleeping Computer, Sonicwall mentioned:
Even though the footprint of impacted or unpatched devices is relatively small, SonicWall continues to strongly advise organizations to patch supported devices or decommission security appliances that are no longer supported, especially as it receives updated intelligence about emerging threats. The continued use of unpatched firmware or end-of-life devices, regardless of vendor, is an active security risk.
It’s not the first time SMA 100 appliances are threatened by cyberattack risks. Back in April, hackers took advantage of a zero-day bug present in these devices. They deployed the FiveHands Ransomware on the North American and European networks. This also targeted the internal systems of SonicWall back in January and pointed out a vulnerability tracked as CVE-2021-20016.
Also, SonicWall mentions:
The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk. To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we’re providing a complimentary virtual SMA 500v until October 31, 2021.