SonicWall Internal Systems Hacked.
The company has acknowledged that hackers exploited zero-day vulnerabilities in its secure remote access products to compromise the systems. Company has briefed it a coordinated attack
“NetExtender VPN client version 10.x utilized to connect to SMA 100 series appliances and SonicWall firewalls,” and “Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.”
SonicWall was hit by ransomware, and hackers managed to steal customer data and forced all the company’s internal systems to shut down on Tuesday. The hackers notified the networking device maker that they stole its source code from its GitLab repository after the breach. But it’s not disclosed like a Ransomware attack
SonicWall recommends that organizations SMA 100 Series appliances or NetExtender 10.x must use a firewall only to let SSL-VON connections to the SMA appliances from authentic and whitelisted IPs, or else they should directly configure whitelist access on the SMA.
Firewalls accessing NetExtender VPN client with SSL-VPN should disable access to the firewall or restrict access to allow admins and users through a verified whitelist for public IPs.
Also urged that users must enable multi-factor authentication (MFA) on all SonicWall products and accounts.