Network device firm SonicWall has this week advised customers of a ransomware campaign on some of its legacy firmware.
SonicWall sent an urgent notice to its customers alerting of a ransomware campaign using stolen credentials, and requested all customers using several series of their products to disconnect them from the network imminently.
Jeff Costlow, chief information security officer at ExtraHop, says the exploit could have been avoided.
“The SonicWall exploit came to light back in April, but now the unpatched firmware has created a new critical threat against legacy devices in what Sonicwall is calling an imminent ransomware campaign,” he says.
“In an exploit that could have been avoided, organisations need to immediately understand what software and devices might be affected and identify whether there are any vulnerable legacy devices in their environment.
“This can be remarkably challenging because many organisations struggle to maintain an up-to-date inventory of devices in their environment, let alone detect software types and versions that devices are running and which need to be addressed,” Costlow says.
“In this case, the legacy SSL VPN devices which have been discontinued are still in operation with known vulnerabilities. These devices are easily found on the internet and cannot be patched because they are out of service,” he explains.
“Most likely, they cannot be disabled by the business because they support a business-critical objective. Attackers are capitalising on these facts,” Costlow says
“While according to ExtraHop threat research data, only .06% of devices are potentially impacted by this threat, it only takes one entry point for attackers to land and pivot within an organisation,” he says.
“The faster an organisation can identify the vulnerable devices, and whether they were compromised, the better the chances of avoiding irrecoverable damage.”
Ian Raper, managing director Australia and New Zealand at Check Point Software Technologies, says the imminent attack aligns with a recent trend of ransomware attacks around the globe.
“It shows us again that the cybercrime actors behind these ransomware attacks are very agile, always looking for new tricks and techniques that will allow them to do their malicious deeds,” he says.
“It is still unclear which ransomware group is involved at the moment,” says Raper.
“The attackers have exploited an old patched vulnerability in SonicWall devices, and customers who haven’t updated their devices or were using an End-Of-Life product not applicable for updates are currently at risk for being attacked as well.”