Another cybersecurity company suffered a cyber attack. After Microsoft, FireEye, Malwarebytes and CrowdStrike, the victim this time was SonicWall, a giant of American origin specializing in firewall appliances for corporate use. With the information released to date, however, it is not possible to confirm that the incident is related to the campaign that reached SolarWinds customers.
“We believe it is important to be transparent with our customers, partners and the cybersecurity community about ongoing attacks against companies and government agencies. SonicWall identified a coordinated attack on its internal systems by highly sophisticated malicious agents that exploited probable zero day vulnerabilities in secure remote access products, ”said the company.
At first, SonicWall stated that two product lines would be affected: the NetExtender VPN client (build 10.x) and the Secure Mobile Access (SMA) platform running on SMA 200, SMA 210, SMA 400, SMA 410 appliances (physical ) and SMA 500v (virtual). Posteriorly, the brand reassured its customers by saying that primary investigations ensured that the VPN, its firewalls and its access points were not affected.
The company is still investigating, however, any vulnerabilities in the SMA 100 series; until the audits are completed, the guideline is for users to enable multi-factor authentication on devices and restrict access to IP addresses on a whitelist.
It is worth remembering that, due to the social isolation caused by the pandemic of the new coronavirus (SARS-CoV2), firewalls and VPNs have become more popular than ever, being simple and relatively inexpensive solutions to ensure secure remote access for employees who were forced to work from home. Recently, flaws in Zyxel and SaferVPN appliances have also been identified.
Source: TechRadar
See the original post at: https://thehack.com.br/sonicwall-e-vitima-de-ataque-cibernetico-e-investiga-brechas-em-seus-firewalls/?rand=48873