Since the patch has already been released to fix these issues, organizations running one of the affected appliances should ensure that they have the most up to date version installed. It is not uncommon for attackers to leverage vulnerabilities that have available patches to target victims that did not apply the security patches. Whenever a new patch comes out, it should be tested and implemented as soon as possible. Some of the attacks that were seen were also using the password spraying method to find victims that still had the default credentials in use. It is never recommended to continue use of default credentials after initial setup. The attacks seen did not appear to be the work of a large, coordinated attack and are most likely threat actors that are opportunistic and looking for companies that are not utilizing security best practices to keep themselves or their organizations safe.

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access