The cybersecurity firm SonicWall has confirmed that it was hacked after unknown hackers exploited 0-day flaws in its VPN product.
SonicWall has been in news for vulnerabilities in the past but this time, the cybersecurity firm that offers network, email, cloud, access, and end-point security solutions, became the target of ‘sophisticated threat actors’ who hacked the company’s internal systems.
SonicWall Internal Systems Hacked
Interestingly, the company has acknowledged that hackers exploited zero-day vulnerabilities in its secure remote access products to compromise the systems.
SonicWall referred to the incident as a “coordinated attack” in its brief a security alert released on Friday. It revealed that impacted products include:
“NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls,” and “Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.”
The NetExtender VPN client version is used to connect to Secure Mobile Access 100 series appliances and SonicWall firewalls.
SMA Appliances had Zero-Days
Reportedly, SonicWall was hit by ransomware, and hackers managed to steal customer data and forced all the company’s internal systems to shut down on Tuesday. The hackers notified the networking device maker that they stole its source code from its GitLab repository after the breach.
However, it is worth noting that SonicWall hasn’t disclosed any information about the type of ransomware used to compromise its systems or the data that may have been compromised.
SonicWall recommends that organizations SMA 100 Series appliances or NetExtender 10.x must use a firewall only to let SSL-VON connections to the SMA appliances from authentic and whitelisted IPs, or else they should directly configure whitelist access on the SMA.
Firewalls accessing NetExtender VPN client with SSL-VPN should disable access to the firewall or restrict access to allow admins and users through a verified whitelist for public IPs.
The company urged that users must enable multi-factor authentication (MFA) on all SonicWall products and accounts.