Sonicwall investigates possible attacks on firewalls
Various security researchers are warning of attacks on Sonicwall firewalls. However, much is still unclear at present.
(Image: Sashkin/Shutterstock.com)
The IT company Sonicwall is currently investigating possible attacks on its Gen 7 series firewalls. Several security researchers have independently warned of this. According to the company, irregularities have also been documented internally. Attackers may currently be exploiting a zero-day vulnerability. This is a vulnerability for which there is not yet a security update.
Background information
Sonicwall has now commented on the reports from security researchers, including Huntress. In the possible attacks, attackers are said to be targeting Gen 7 firewalls with the SSL VPN function enabled.
In their report, the security researchers from Huntress state that attackers bypass multi-factor authentication (MFA) by exploiting a zero-day vulnerability and thus push ransomware onto systems. They report that attackers take over domain controllers after successful attacks. The researchers recommend disabling the VPN service, which is obviously the gateway, or making it accessible only to certain IP addresses.
Videos by heise
Secure instances
Even if much is still unclear at present and Sonicwall has not yet confirmed anything concrete, the IT company also recommends temporarily deactivating the VPN service or strictly filtering access. Customers should also activate the security features Botnet Protection, MFA, and Geo-IP Filtering. In addition, admins should immediately remove accounts they do not recognize.
Sonicwall explains that they work with security researchers and share new findings with customers immediately. They also assure that they will deliver an update immediately in the event of a security vulnerability. The investigations are currently still ongoing.
(des)
