On January 22, 2021 SonicWall alerted its customers of possible exploits against some of their devices stating, “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
The reach of the possible 0-day was unknown at the time, but as the investigation was carried out it was discovered that customers using Secure Mobile Access 100 series devices needed to take action to protect their networks.
So, on January 25th, the company updated their customers and informed them that using their NetExtender VPN product with the Secure Mobile Access 100 Series device was safe. But, they cautioned that organizations using Secure Mobile Access 100 series products should take the following measures.
- Enable two-factor authentication on Secure Mobile Access 100 devices
- Enable geo-IP/botnet filtering and blocking countries that do not require access
- Enable and configure End Point Control to verify user devices before they establish a connection to the Secure Mobile Access 100 device
- Restrict access to the portal by enabling scheduled logins and log offs
SonicWall says that it saw an increase in attacks against governments and those businesses that support critical infrastructure and security controls for governments. We all know that with more employees working remotely, organizations are at a heightened risk. If you run a SonicWall device as part of your network infrastructure, keep an eye out for updates that are likely soon to come.
More information can be found on SNWLID-2021-0001.