Ransomware attacks have become sophisticated and continue to affect the cybersecurity community. The constant development of security defenses has become imperative for organizations amidst evolving attack vectors. Addressing unpatched flaws and monitoring security alerts in the systems can help mitigate the risks. Recently, security solutions provider SonicWall issued an emergency notice warning its customers of a ransomware campaign exploiting unpatched vulnerabilities in Secure Mobile Access (SMA) 100 series, Secure Remote Access (SRA) products, and end-of-life 8.x firmware.
SonicWall stated that attackers leveraged stolen credentials to exploit the known vulnerabilities; however, they have been fixed in the newer versions of firmware. The company urged its customers to update the vulnerable SMA and SRA devices as early as possible due to the risk of potential ransomware attacks.
As an immediate security measure, SonicWall asked enterprises using the vulnerable end-of-life SMA and SRA devices running firmware 8.x to either update or disconnect the services. The vulnerable products include:
- SRA 4600/1600 (EOL 2019)
- SRA 4200/1200 (EOL 2016)
- SSL-VPN 200/2000/400 (EOL 2013/2014)
- SMA 400/200
- SMA 210/410/500v
“The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk. Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall warned.
SonicWall also recommended users reset all passwords linked to SMA and SRA systems and enable multifactor authentication as an additional security measure.
Unpatched Bugs – An Imminent Threat
In a similar emergency directive, the Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to address a zero-day vulnerability in Windows Print Spooler, which is being exploited in the wild.
We issued Emergency Directive (ED) 21-04 in response to a Microsoft Windows print spooler service vulnerability that is being exploited in the wild. Read our recommended mitigation steps to help protect your networks: https://t.co/JwZuNguJgQ pic.twitter.com/kwmBFPa8sh
— Cybersecurity and Infrastructure Security Agency (@CISAgov) July 14, 2021
CISA issued the alert after Microsoft raised a red flag about the flaw, dubbed PrintNightmare. The remote code execution (RCE) flaw CVE-2021-34527 could allow a remote hacker to disrupt the Windows Print Spooler operations. Read More Here…