The firewall/cybersecurity firm SonicWall has confirmed that it was hacked after unknown hackers exploited 0-day flaws in its VPN product.

SonicWall has been in the news for vulnerabilities in the past but this time, the cybersecurity firm that offers network, email, cloud, access, and end-point security solutions, became the target of ‘sophisticated threat actors’ who hacked the company’s internal systems.

Interestingly, the company has acknowledged that hackers exploited zero-day vulnerabilities in its secure remote access products to compromise the systems. SonicWall referred to the incident as a “coordinated attack” in its brief security alert released on Friday. It revealed that impacted products include:

“NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls,” and “Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance.”

The NetExtender VPN client version is used to connect to Secure Mobile Access 100 series appliances and SonicWall firewalls. With so many people working from home and potentially using these firewalls and VPN apps, this is undoubtedly a critical vulnerability.

Reportedly, SonicWall was hit by ransomware, and hackers managed to steal customer data and forced all the company’s internal systems to shut down last Tuesday. The hackers notified the networking device maker that they stole its source code from its GitLab repository after the breach

It’s worth noting that so far, SonicWall hasn’t disclosed any information about the type of ransomware used to compromise its systems or the data that may have been compromised. This is not a good thing.

Preventive Measures
SonicWall recommends that organizations using Secure Mobile Access (SMA) 100 Series appliances or NetExtender 10.x must use a firewall only to let SSL-VPN connections to the SMA appliances from authentic and whitelisted IPs, or else they should directly configure whitelist access on the SMA.

Firewalls accessing NetExtender VPN client with SSL-VPN should disable access to the firewall or restrict access to allow admins and users through a verified whitelist for public IPs.

The company urged that users must enable multi-factor authentication (MFA) on all SonicWall products and accounts. This story is still evolving.
https://thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html

SonicWall firewall adoption has dropped since 2012 when Dell bought the company and quickly sold it off again in 2016. Since the 2016 sale to a private equity firm, the company has not rebounded well with less than 4% of the global firewall market today.