{"id":101792,"date":"2021-01-27T14:00:00","date_gmt":"2021-01-27T14:00:00","guid":{"rendered":"https:\/\/icrowdnewswire.com\/?p=2819320"},"modified":"2021-01-27T14:00:00","modified_gmt":"2021-01-27T14:00:00","slug":"breaking-sonicwall-vpn-products-hacked-using-zero-day-vulnerability","status":"publish","type":"post","link":"http:\/\/ipsnews.net\/business\/2021\/01\/27\/breaking-sonicwall-vpn-products-hacked-using-zero-day-vulnerability\/","title":{"rendered":"Breaking: SonicWall VPN Products Hacked Using Zero-Day Vulnerability"},"content":{"rendered":"

iCrowdNewswire <\/strong>  Jan 27, 2021  9:00 AM ET<\/span><\/p>\n

In an urgent notice released on the evening of January 22nd, network security company SonicWall divulged a breach in their NetExtender VPN client and SMB-oriented SMA (Secure Mobile Access) 100 product.<\/p>\n

This is a product typically employed by users who need to access internal resources safely from satellite locations. It\u2019s important to note that this attack did not affect other SonicWall products \u2014 in particular, the similar Secure Mobile Access 1000 series.<\/p>\n

What Happened?<\/h2>\n

According to industry experts who followed the story closely, it was initially hard to discern exactly what had occurred. Though SonicWall was adamant about being \u201ctransparent,\u201d Paul Bush, Principal Consultant at OneSource Technology, Inc.<\/a>, said they first learned of the issue \u201con a Facebook post that was shared by someone in the industry [and linked] to a vague article by SonicWall \u2026 The initial details were a little vague \u2026 We chose to disable SSL-VPN remote access for all of our clients that use it.\u201d<\/p>\n

Basically, what happened was a breach of the company\u2019s internal networks by what SonicWall called \u201chighly sophisticated threat actors\u201d who exploited a zero-day vulnerability.<\/p>\n

SonicWall themselves had actually learned of the breach from a contact at SC Media, who had received an anonymous tip of the incident.<\/p>\n

If you\u2019re unfamiliar with zero-day vulnerabilities, these are essentially flaws in security software that don\u2019t have a fix because the vendor doesn\u2019t know they exist.<\/p>\n

What Does This Mean for Businesses Using SonicWall?<\/h2>\n

We spoke to several industry experts about the breach. SonicWall is doing everything they can to fix the issue and repair any collateral damage for themselves and their clients. However, a hack like this is naturally alarming for businesses everywhere who put their faith in network security companies like SonicWall.<\/p>\n

Nick Allo at SemTech IT Solutions<\/a> noted the lack of multiple layers of authentication with SonicWall: \u201cFor reasons like this, we continue to advise our clients to add multiple layers of authentication and minimize risk on a zero-trust basis. We require a 2FA also to access VPN connections and with Sophos the agent on the device talks to the firewall. Unfortunately, [this is] something that SonicWall does not have.\u201d<\/p>\n

Don Baham, President at Kraft Technology Group, LLC<\/a>, noted two significant flaws in the way SonicWall was engineered and used: First, the lack of 2FA\/MFA enforcement, and \u201csecond, it appears IT administrators have configured SonicWALL VPN appliances to allow administration over the public Internet, again with only a username and password protecting the session.\u201d<\/p>\n

Ilan Sredni of Palindrome Consulting, Inc.<\/a> was not surprised by the attack: \u201cOnce again, another security product provider gets hacked. It seems like we are discussing the inevitable and therefore lets us know that all of these tools, no matter how much they are tested, are vulnerable \u2026 Because of situations like these, it is imperative that multiple layers of security end notifications are implemented in any environment, and that no one solution can be trusted.\u201d<\/p>\n

Michael Anderson, President & CEO at 365 Technologies Inc<\/a>. had a similar takeaway: \u201cThe recent exploits at SonicWall and Solar Winds demonstrate that even that approach may not be enough as these tools are also vulnerable. They are also proof that even large, sophisticated, and well-resourced firms can be compromised \u2026 MSPs will need to ensure they have a layered defense in place across their clients to protect against single control failures.\u201d<\/p>\n

What\u2019s Being Done<\/h2>\n

SonicWall has been updating their initial Friday night notice frequently.<\/p>\n

According to Guy Baroan, President of Baroan Technologies<\/a>, \u201cSonicwall has updated their information [and have] confirmed that at this time, NO ACTION IS REQUIRED FOR THE FOLLOWING:<\/p>\n