The NCC Group, a UK-based cybersecurity firm, stated that over the weekend they detected active exploitation of a zero-day vulnerability in SonicWall networking devices. SonicWall is a cybersecurity provider that announced on January 23rd of this year that it was the victim of a computer intrusion related to a vulnerability in its own products. Details about the nature of the vulnerability have been kept out of the public eye to prevent other threat actors from studying the zero-day and launching their attacks. The January 23rd breach impacted the Secure Mobile Access (SMA) gateway, a type of networking device that is used inside government and enterprise networks to provide access to resources in internal networks to remote employees. SonicWall listed their SMA 100 Series devices as impacted by the vulnerability, and the attack that NCC Group researchers observed in the wild appears to be targeting the same devices. NCC Group notified SonicWall of their findings. SonicWall has not returned a request for comments to confirm if the vulnerability is the same as the one used in the January 23rd breach or a new one.
Analyst Notes
The team at NCC is recommending that SonicWall device owners restrict which IP addresses can access their management interface of SonicWall devices to only the IP addresses of essential personnel. Multi-factor authentication (MFA) should also be enabled on all SonicWall device accounts. Another method to help secure remote access is to only allow access through virtual private networks (VPN).
Source Article: https://www.zdnet.com/article/sonicwall-zero-day-exploited-in-the-wild/
